ENTERASYS-IPSEC-NOTIFICATION-MIB DEFINITIONS ::= BEGIN

--  enterasys-ipsec-notification-mib.txt

--  This module provides authoritative definitions for Enterasys 
--  Networks' ipSecurity notifications.

--
--  This module will be extended, as needed.

--  Enterasys Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in 
--  connection with the management of Enterasys Networks products.

--  Copyright February, 2011 Enterasys Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32
        FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, DisplayString, TruthValue, DateAndTime
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP
        FROM SNMPv2-CONF
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    InterfaceIndex, ifIndex
        FROM IF-MIB
    etsysModules
        FROM ENTERASYS-MIB-NAMES;

etsysIpSecNotificationMIB MODULE-IDENTITY
    LAST-UPDATED "201102280800Z"  -- Mon Feb 28 08:00 GMT 2011
    ORGANIZATION "Enterasys Networks, Inc"
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  50 Minuteman Rd.
                  Andover, MA 01810-1008
                  USA
         Phone:   +1 978 684 1000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"
   
    DESCRIPTION
        "This MIB module defines a portion of the SNMP MIB under
         the Enterasys Networks enterprise OID pertaining to 
         ipSecurity notifications.

         This MIB was designed to be used for monitoring router  
         events that have occurred in the system related to ipSecurity."

    REVISION    "201102280800Z"  -- Mon Feb 28 08:00 GMT 2011
    DESCRIPTION "The initial version of this MIB module"

    ::= { etsysModules 81 } 

-- -------------------------------------------------------------
-- branches in the ENTERASYS-IPSEC-NOTIFICATION MIB 
-- -------------------------------------------------------------

etsysIpSecNotificationObjects   OBJECT IDENTIFIER 
        ::= { etsysIpSecNotificationMIB 1 }

etsysIpSecConfigBranch          OBJECT IDENTIFIER  
        ::= { etsysIpSecNotificationObjects 0 }

etsysIpSecInformationBranch     OBJECT IDENTIFIER 
        ::= { etsysIpSecNotificationObjects 1 }

etsysIpSecNotificationBranch    OBJECT IDENTIFIER 
        ::= { etsysIpSecNotificationObjects 2 }

-- -------------------------------------------------------------
-- Objects in the etsysIpSecConfigBranch
-- -------------------------------------------------------------

etsysIpSecDiscardedPacketEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If this object is set to true (1) a trap will be sent when
         IPSec discards a packet due to not having a matching SPD
         cache entry." 
    DEFVAL { false } 
    ::= { etsysIpSecConfigBranch 1 }

-- -------------------------------------------------------------
-- Objects in the etsysIpSecInformationBranch
-- -------------------------------------------------------------

etsysIpSecTime OBJECT-TYPE
    SYNTAX      DateAndTime (SIZE(8))
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "The local date and time that the ipSecurity module took the 
         desired action that led to sending the notification."
    ::= { etsysIpSecInformationBranch 1 }

etsysIpSecSPI OBJECT-TYPE
    SYNTAX     Unsigned32    
    MAX-ACCESS accessible-for-notify
    STATUS current
    DESCRIPTION
        "The Security Parameter Index (SPI) if available."
    ::= { etsysIpSecInformationBranch 2 }

etsysIpSecProtocol OBJECT-TYPE
    SYNTAX Unsigned32
    MAX-ACCESS accessible-for-notify
    STATUS current
    DESCRIPTION
        "The IPSec protocol if available."
    ::= { etsysIpSecInformationBranch 3 }

etsysIpSecSourceAddrType OBJECT-TYPE
    SYNTAX InetAddressType
    MAX-ACCESS accessible-for-notify
    STATUS current
    DESCRIPTION
        "The type of Internet Address specified with 
         etsysIpSecSourceAddress."
    ::= { etsysIpSecInformationBranch 4 }

etsysIpSecSourceAddress OBJECT-TYPE
    SYNTAX InetAddress
    MAX-ACCESS accessible-for-notify
    STATUS current
    DESCRIPTION
        "The Internet Address from which the incoming packet was sourced."
    ::= { etsysIpSecInformationBranch 5 }

etsysIpSecDestinationAddrType OBJECT-TYPE
    SYNTAX InetAddressType
    MAX-ACCESS accessible-for-notify
    STATUS current
    DESCRIPTION
        "The type of Internet Address specified with 
         etsysIpSecDestinationAddress."
    ::= { etsysIpSecInformationBranch 6 }

etsysIpSecDestinationAddress OBJECT-TYPE
    SYNTAX InetAddress
    MAX-ACCESS accessible-for-notify
    STATUS current
    DESCRIPTION
        "The Internet Address for which the incoming packet is destined."
    ::= { etsysIpSecInformationBranch 7 }

etsysIpSecSelectorValues OBJECT-TYPE
    SYNTAX SnmpAdminString
    MAX-ACCESS accessible-for-notify
    STATUS current
    DESCRIPTION
        "Other selector values not previously defined in this MIB."
    ::= { etsysIpSecInformationBranch 8 }

-- -------------------------------------------------------------
-- Objects in the etsysIpSecNotificationBranch
-- -------------------------------------------------------------

etsysIpSecDiscardedPacket NOTIFICATION-TYPE
    OBJECTS     {
                  etsysIpSecTime,
                  etsysIpSecSPI,
                  etsysIpSecProtocol,
                  etsysIpSecSourceAddrType,
                  etsysIpSecSourceAddress,
                  etsysIpSecDestinationAddrType,
                  etsysIpSecDestinationAddress,
                  etsysIpSecSelectorValues
                }
    STATUS      current
    DESCRIPTION 
        "Discarded IPSec packet notification. When the device receives an
         IPSec encrypted packet that does not match any SPD cache entry 
         and it is determined that packet should be discarded, the device
         will send this notification with as much information as is
         available."
    ::= { etsysIpSecNotificationBranch 1 }

-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------

etsysIpSecConformance
    OBJECT IDENTIFIER ::= { etsysIpSecNotificationMIB 2 }

etsysIpSecGroups
    OBJECT IDENTIFIER ::= { etsysIpSecConformance 1 }

etsysIpSecCompliances
    OBJECT IDENTIFIER ::= { etsysIpSecConformance 2 }

-- -------------------------------------------------------------
-- Units of conformance
-- -------------------------------------------------------------

etsysIpSecConfigGroup OBJECT-GROUP
    OBJECTS {
              etsysIpSecDiscardedPacketEnabled
            }
    STATUS current
    DESCRIPTION
        "A collection of objects providing basic instrumentation of
         IPSec event notifications."
    ::= { etsysIpSecGroups 1 }

etsysIpSecInformationGroup OBJECT-GROUP
    OBJECTS {
              etsysIpSecTime,
              etsysIpSecSPI,
              etsysIpSecProtocol,
              etsysIpSecSourceAddrType,
              etsysIpSecSourceAddress,
              etsysIpSecDestinationAddrType,
              etsysIpSecDestinationAddress,
              etsysIpSecSelectorValues
            }
    STATUS current
    DESCRIPTION
        "A collection of objects providing IPSec event information."
    ::= { etsysIpSecGroups 2 }

etsysIpSecNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
                    etsysIpSecDiscardedPacket
                  }
    STATUS current
    DESCRIPTION
        "The IPSec event notifications."
    ::= { etsysIpSecGroups 3 }

-- -------------------------------------------------------------
-- Compliance statements
-- -------------------------------------------------------------

etsysIpSecCompliance MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for devices that support Enterasys
         IPSec notifications."

    MODULE
        MANDATORY-GROUPS { 
                           etsysIpSecConfigGroup,
                           etsysIpSecInformationGroup,
                           etsysIpSecNotificationGroup 
                         }

    ::= { etsysIpSecCompliances 1 }

END
