ALTEON-SSL-VPN-MIB DEFINITIONS ::= BEGIN

IMPORTS
    NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-IDENTITY, OBJECT-TYPE,
    Counter32, Gauge32, Integer32, IpAddress
	FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, DisplayString, DateAndTime, RowStatus, TimeInterval,
    RowPointer
	FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    sslOffload
	FROM ALTEON-ROOT-MIB
    isdEventTime
	FROM ALTEON-ISD-PLATFORM-MIB
    ;

alteonSSLVPNModule MODULE-IDENTITY
    LAST-UPDATED "0404231000Z"
    ORGANIZATION    "Nortel Networks"
    CONTACT-INFO
	"Contact:  Nortel Support
	
          E-mail: support@nortelnetworks.com"
    DESCRIPTION
	"MIB Module for object and notification definitions for
	the SSL-VPN."

    REVISION     "0404231000Z"
    DESCRIPTION
	"The initial revision of MIB module ALTEON-SSL-VPN-MIB."
    ::= { sslOffload 3 }

--
-- MIB Structure
--

alteonSSLVPNMIB OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"Toplevel ID of Alteon SSL-VPN MIB."
    ::= { alteonSSLVPNModule 1 }

vpnObjs OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"Object definitions for the Alteon SSL VPN MIB."
    ::= { alteonSSLVPNMIB 1 }

vpnGlobals OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"A collection of global objects in the system."
    ::= { vpnObjs 1 }

vpnLicense OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"A collection of objects to monitor the VPN licenses in
	the system."
    ::= { vpnObjs 2 }

vpnAuth OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"A collection of objects to configure and monitor the
        VPN authentication in the system."
    ::= { vpnObjs 3 }

vpnPerf OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"A collection of objects to monitor the performance and
        operation of the VPNs in the system."
    ::= { vpnObjs 4 }

vpnEvent OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"A collection of objects for monitoring events in
	the system."
    ::= { vpnObjs 5 }


alteonSSLVPNNotifs OBJECT-IDENTITY
    STATUS      current
    DESCRIPTION
	"Notification definitions for the Alteon SSL VPN MIB."
    ::= { alteonSSLVPNMIB 2 }

--
-- Textual Conventions
--


--
-- Object definitions
--

-- VPN Group

vpnTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF VpnEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A table of the vpns defined in the system."
    ::= { vpnGlobals 1 }

vpnEntry OBJECT-TYPE
    SYNTAX      VpnEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"Currently, all objects are read-only due to security reasons."
    INDEX { vpnIndex }
::= { vpnTable 1 }

VpnEntry ::= SEQUENCE {
    vpnIndex                Integer32 (1..2147483647),
    vpnSslServer            RowPointer
    }

vpnIndex OBJECT-TYPE
    SYNTAX      Integer32 (1.. 2147483647)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A unique index for this VPN."
    ::= { vpnEntry 1 }

vpnSslServer OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Pointer into the sslServerTable.  Points to the ssl server which
	implements the SSL VPN portal. (the pointer will be to
	sslServerName which is the first accessible object in sslServerTable)."
    ::= { vpnEntry 2 }


-- VPN Licenses



maxSslUsers OBJECT-TYPE
    SYNTAX      Integer32 (0..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The maximum number of simultaneous logged in SSL users allowed
	by the license."
    ::= { vpnLicense 1 }

maxIpsecUsers OBJECT-TYPE
    SYNTAX      Integer32 (0..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The maximum number of simultaneous logged in Ipsec users allowed
	by the license."
    ::= { vpnLicense 2 }

vpnLicenseTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF VpnLicenseEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A table with the licenses for the VPNs."
    ::= { vpnLicense 3 }

vpnLicenseEntry OBJECT-TYPE
    SYNTAX      VpnLicenseEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	""
    AUGMENTS { vpnEntry }
::= { vpnLicenseTable 1 }

VpnLicenseEntry ::= SEQUENCE {
    vpnMaxSslUsers            Integer32 (0..2147483647),
    vpnMaxIpsecUsers          Integer32 (0..2147483647)
    }

vpnMaxSslUsers OBJECT-TYPE
    SYNTAX      Integer32(0..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The maximum number of simultaneous logged in SSL users allowed
	by the license for this VPN.

        The value 0 indicates that the VPN does not have it's own limit,
	but instead uses the globally shared limit maxSSlUsers."
    ::= { vpnLicenseEntry 1 }

vpnMaxIpsecUsers OBJECT-TYPE
    SYNTAX      Integer32(0..2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The maximum number of simultaneous logged in Ipsec users allowed
	by the license for this VPN.

        The value 0 indicates that the VPN does not have it's own limit,
	but instead uses the globally shared limit maxIpsecUsers."
    ::= { vpnLicenseEntry 2 }



-- Authentication Group

authServiceTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF AuthServiceEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A table of the authentication services for the VPN."
    ::= { vpnAuth 1 }

authServiceEntry OBJECT-TYPE
    SYNTAX      AuthServiceEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	""
    INDEX { vpnIndex, authServiceIndex }
::= { authServiceTable 1 }

AuthServiceEntry ::= SEQUENCE {
    authServiceIndex        Integer32 (1..2147483647),
    authServiceName         DisplayString,
    authServiceDisplayName  DisplayString,
    authServiceDomainName   DisplayString,
    authServiceType         INTEGER,
    authServiceStatus       RowStatus
    }

authServiceIndex OBJECT-TYPE
    SYNTAX      Integer32 (1.. 2147483647)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A unique index for this authenitcation service."
    ::= { authServiceEntry 1 }

authServiceName OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"A human-readable name of the authenitcation service."
    ::= { authServiceEntry 2 }

authServiceDisplayName OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"This name is presented to the user in a drop-down box when he
	logs in to the portal.  The user can use this name to select which
	authenitcation service to log in to."
    ::= { authServiceEntry 3 }

authServiceDomainName OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	""
    ::= { authServiceEntry 4 }

authServiceType OBJECT-TYPE
    SYNTAX      INTEGER { 
                    local (1),
                    radius (2),
		    ldap (3),
		    ntlm (4),
		    siteminder (5),
		    cert (6),
		    rsa (7)
		    }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The type of this authenitcation service."
    ::= { authServiceEntry 5 }

authServiceStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"The value of this object has no effect on whether
        other objects in this conceptual row can be modified."
    ::= { authServiceEntry 6 }


authOrderTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF AuthOrderEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"The default authentication service fallback order used when a
	a user logs in without selecting a specific authentication service.

	This is a list of authServiceIndexes."
    ::= { vpnAuth 2 }

authOrderEntry OBJECT-TYPE
    SYNTAX      AuthOrderEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	""
    INDEX { vpnIndex, authOrderIndex }
::= { authOrderTable 1 }

AuthOrderEntry ::= SEQUENCE {
    authOrderIndex          Integer32 (1.. 2147483647),
    authOrderServiceIndex   Integer32 (1.. 2147483647)
    }

authOrderIndex OBJECT-TYPE
    SYNTAX      Integer32 (1.. 2147483647)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A unique index into the auth prder list."
    ::= { authOrderEntry 1 }

authOrderServiceIndex OBJECT-TYPE
    SYNTAX      Integer32 (1.. 2147483647)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Index into authServiceTable."
    ::= { authOrderEntry 2 }


authServerTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF AuthServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A list of addresses of the backend authenticaion servers an
	authenticaion service uses."
    ::= { vpnAuth 3 }

authServerEntry OBJECT-TYPE
    SYNTAX      AuthServerEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	""
    INDEX { vpnIndex, authServiceIndex, authServerIndex }
::= { authServerTable 1 }

AuthServerEntry ::= SEQUENCE {
    authServerIndex         Integer32 (1..2147483647),
    authServerIp            IpAddress,
    authServerPort          Integer32 (0..65535)
    }

authServerIndex OBJECT-TYPE
    SYNTAX      Integer32 (1.. 2147483647)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A unique index of the authentication server."
    ::= { authServerEntry 1 }

authServerIp OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Ip address of the authentication server.  For services of type
	local and cert, the authServerIp is 0.0.0.0."
    ::= { authServerEntry 2 }

authServerPort OBJECT-TYPE
    SYNTAX      Integer32 (0..65535)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Port of the authentication server.  For services of type
	local and cert, the authServerPort is 0."
    ::= { authServerEntry 3 }


-- Authentication statistics

authServerStatTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF AuthServerStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"Statistics for each authentication server."
    ::= { vpnPerf 1 }

authServerStatEntry OBJECT-TYPE
    SYNTAX      AuthServerStatEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	""
    AUGMENTS { authServerEntry }
::= { authServerStatTable 1 }

AuthServerStatEntry ::= SEQUENCE {
    authServerAccepted            Counter32,
    authServerRejected            Counter32,
    authServerTimeout             Counter32
    }

authServerAccepted OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Number of times a user has been accepted by this authentication
	server."
    ::= { authServerStatEntry 1 }

authServerRejected OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Number of times a user has been rejected by this authentication
	server."
    ::= { authServerStatEntry 2 }

authServerTimeout OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Number of times an authentication request to this authentication
	server has timed out."
    ::= { authServerStatEntry 3 }


-- VPN users

vpnUsersTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF VpnUsersEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	"A table with statistics for the currently logged in users."
    ::= { vpnPerf 2 }

vpnUsersEntry OBJECT-TYPE
    SYNTAX      VpnUsersEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
	""
    AUGMENTS { vpnEntry }
::= { vpnUsersTable 1 }

VpnUsersEntry ::= SEQUENCE {
    vpnCurrentSslUsers      Gauge32,
    vpnCurrentIpsecUsers    Gauge32,
    vpnSslLoginRejected     Counter32,
    vpnIpsecLoginRejected   Counter32
    }

vpnCurrentSslUsers OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Number of currently logged in SSL users in the VPN."
    ::= { vpnUsersEntry 1 }

vpnCurrentIpsecUsers OBJECT-TYPE
    SYNTAX      Gauge32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Number of currently logged in Ipsec users in the VPN."
    ::= { vpnUsersEntry 2 }

vpnSslLoginRejected OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Number of rejected SSL users in the VPN."
    ::= { vpnUsersEntry 3 }

vpnIpsecLoginRejected OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
	"Number of rejected Ipsec users in the VPN."
    ::= { vpnUsersEntry 4 }

-- Event group

vpnLicenseType OBJECT-TYPE
    SYNTAX      INTEGER {
                    ssl (1),
                    ipsec (2)
		    }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This object specifies which type of license was exhausted."
    ::= { vpnEvent 1 }

--
-- Notification definitions
--

-- Event notifications

vpnLicenseExhausted NOTIFICATION-TYPE
    OBJECTS     { isdEventTime,
                  vpnIndex,
		  vpnLicenseType }
    STATUS      current
    DESCRIPTION
        "This event is sent when the vpn has run out of ssl or ipsec user
	licenses.  A hysteris mechanism is used so that no more than one
	event per hour is sent for one vpn.

        If the vpnIndex is 0, it means that the globally shared license was
	exhausted."
    ::= { alteonSSLVPNNotifs 1 }


--
-- Conformance information
--

vpnMIBConformance  OBJECT IDENTIFIER ::= { alteonSSLVPNModule 2 }

vpnMIBCompliances  OBJECT IDENTIFIER ::= { vpnMIBConformance 1 }
vpnMIBGroups       OBJECT IDENTIFIER ::= { vpnMIBConformance 2 }

-- Compliance statements
vpnBasicCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
	"The compliance statement for SNMP entities which
	implement this MIB module."
    MODULE  -- this module
    MANDATORY-GROUPS { vpnBasicGroup,
                       vpnEventGroup }

    ::= { vpnMIBCompliances 1 }

vpnBasicGroup OBJECT-GROUP
    OBJECTS { vpnSslServer,
              vpnIpsecLoginRejected,
	      vpnSslLoginRejected,
	      vpnCurrentIpsecUsers,
	      vpnCurrentSslUsers,
	      authServerTimeout,
	      authServerRejected,
	      authServerAccepted,
	      authServerPort,
	      authServerIp,
	      authOrderServiceIndex,
	      authServiceStatus,
	      authServiceType,
	      authServiceDomainName,
	      authServiceDisplayName,
	      authServiceName,
	      maxIpsecUsers,
	      maxSslUsers,
	      vpnMaxSslUsers,
	      vpnMaxIpsecUsers,
	      vpnLicenseType }
    STATUS  current
    DESCRIPTION
	"A collection of objects providing basic instrumentation
	of an SSL VPN device."
    ::= { vpnMIBGroups  1 }

vpnEventGroup NOTIFICATION-GROUP
    NOTIFICATIONS { vpnLicenseExhausted }
    STATUS current
    DESCRIPTION
        "Event notifications."
    ::= { vpnMIBGroups 2 }

END
