idnits 2.17.1 draft-ietf-behave-nat-mib-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 767: '... ifIndex MUST have the same ma...' RFC 2119 keyword, line 3439: '... RECOMMENDED. Instead, it is RECOMM...' -- The draft header indicates that this document obsoletes RFC4008, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 15, 2012) is 4272 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2663 ** Downref: Normative reference to an Informational RFC: RFC 3022 -- Obsolete informational reference (is this intentional?): RFC 4008 (Obsoleted by RFC 7658) Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Perreault 3 Internet-Draft Viagenie 4 Obsoletes: 4008 (if approved) T. Tsou 5 Intended status: Standards Track Huawei Technologies (USA) 6 Expires: February 16, 2013 S. Sivakumar 7 Cisco Systems 8 August 15, 2012 10 Additional Managed Objects for Network Address Translators (NAT) 11 draft-ietf-behave-nat-mib-03 13 Abstract 15 This memo defines a portion of the Management Information Base (MIB) 16 for devices implementing Network Address Translator (NAT) function. 17 This MIB module may be used for monitoring of a device capable of NAT 18 function. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on February 16, 2013. 37 Copyright Notice 39 Copyright (c) 2012 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. The Internet-Standard Management Framework . . . . . . . . . . 3 56 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 58 3.2. New Features . . . . . . . . . . . . . . . . . . . . . . . 4 59 3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . . 5 60 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 72 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 73 63 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 73 64 7.1. Normative References . . . . . . . . . . . . . . . . . . . 73 65 7.2. Informative References . . . . . . . . . . . . . . . . . . 74 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 74 68 1. Introduction 70 This memo defines a portion of the Management Information Base (MIB) 71 for devices implementing NAT function. This MIB module may be used 72 for monitoring of a device capable of NAT function. Using it for 73 configuration is deprecated. NAT types and their characteristics are 74 defined in [RFC2663]. Traditional NAT function, in particular is 75 defined in [RFC3022]. This MIB does not address the firewall 76 functions and must not be used for configuring or monitoring these. 77 Section 2 provides references to the SNMP management framework, which 78 was used as the basis for the MIB module definition. Section 3 79 provides an overview of the MIB features. Lastly, Section 4 has the 80 complete NAT MIB definition. 82 2. The Internet-Standard Management Framework 84 For a detailed overview of the documents that describe the current 85 Internet-Standard Management Framework, please refer to section 7 of 86 [RFC3410]. 88 Managed objects are accessed via a virtual information store, termed 89 the Management Information Base or MIB. MIB objects are generally 90 accessed through the Simple Network Management Protocol (SNMP). 92 Objects in the MIB are defined using the mechanisms defined in the 93 Structure of Management Information (SMI). This memo specifies a MIB 94 module that is compliant to the SMIv2, which is described in 95 [RFC2578], [RFC2579] and [RFC2580]. 97 3. Overview 99 3.1. Deprecated Features 101 All objects defined in [RFC4008] have been marked with "STATUS 102 deprecated" for the following reasons: 104 Writability: Experience with NAT has shown that implementations vary 105 tremendously. The NAT algorithms and data structures have little 106 in common across devices, and this results in wildly incompatible 107 configuration parameters. Therefore, few implementations were 108 ever able to claim full compliance. 110 Lesson learned: the MIB should be read-only as much as possible. 112 Exposing configuration parameters: Even in read-only mode, many 113 configuration parameters were exposed by [RFC4008] (e.g. 114 timeouts). Since implementations vary wildly in their sets of 115 configuration parameters, few implementations could claim even 116 basic compliance. 118 Lesson learned: the NAT MIB's purpose is not to expose 119 configuration parameters. 121 Interfaces: Objects from [RFC4008] tie NAT state with interfaces 122 (e.g. the interface table, the way map entries are grouped by 123 interface). Many NAT implementations either never keep track of 124 the interface or associate a mapping to a set of interfaces. 125 Since interfaces are at the core of [RFC4008], many NAT devices 126 were unable to have a proper implementation. 128 Lesson learned: NAT is a logical function that may be independent 129 of interfaces. Do not tie NAT state with interfaces. 131 NAT service types: [RFC4008] used four categories of NAT service: 132 basicNat, napt, bidirectionalNat, twiceNat. These are ill-defined 133 and many implementations either use different categories or do not 134 use categories at all. 136 Lesson learned: do not try to categorize NAT types. 138 Limited transport protocol set: The set of transport protocols was 139 defined as: other, icmp, udp, tcp. Furthermore, the numeric 140 values corresponding to those labels were arbitrary, without 141 relation to the actual standard protocol numbers. This meant that 142 NAT implementations were limited to those protocols and were 143 unable to expose information about DCCP, SCTP, etc. 145 Lesson learned: use standard transport protocol numbers. 147 3.2. New Features 149 New features in this module are as follows: 151 Counters: Many new counters are introduced. Most of them are 152 available in two variants: global and per-transport protocol. 154 Limits: A few limits on the quantity of state data stored by the NAT 155 device. Some of them can trigger notifications. 157 Address+Port Pools: Pools of external addresses and ports are often 158 used in enterprise and ISP settings. Pools are listed in a table, 159 each with its range of addresses and ports. It is possible to 160 inspect each pool's usage, to set limits, and to receive 161 notifications when thresholds are crossed. 163 Address Mappings: NATs that have an "IP address pooling" behavior of 164 "Paired" [RFC4787] maintain a mapping from internal address to 165 external address. This module allows inspection of this mapping 166 table. 168 Mapping table indexed by external 3-tuple: It is often necessary to 169 determine the internal address that is mapped to a given external 170 address and port. This MIB provides this table with an index to 171 accomplish this efficiently, without having to iterate over all 172 mappings. 174 Realms: See Section 3.3. 176 RFC 4787 terminology: Mapping table entries indicate the mapping 177 behavior, the filtering behavior, and the address pooling behavior 178 that were used to create the mapping. 180 3.3. Realms 182 Current NAT devices commonly allow the internal and external parts of 183 a mapping to come from different realms. The meaning of "realm" is 184 implementation-dependent. On some implementations it can be 185 equivalent to the name of a VPN Routing and Forwarding table (VRF). 186 On others it is simply the numeric index of a virtual routing table. 187 Note that this usage of "realm" is completely different from the one 188 in [RFC4008]. 190 This MIB allows the realm to be indicated where it makes sense. The 191 format is an SnmpAdminString. On platforms that identify realms with 192 integers, the string representation of the integer is used instead. 193 The empty string has special meaning: it refers to the default realm. 195 Note that many MIBs implicitly support realms in one form or another 196 by using SNMPv3 contexts. See for example the OSPFv2 MIB [RFC4750]. 197 This method cannot be used for the NAT MIB because mapppings can 198 belong to two realms simultaneously: the internal part can be in one 199 realm while the external part is in another. In such cases the NAT 200 function acts like a "wormhole" between two realms. Using contexts 201 would implicitly impose the restriction that all objects would have 202 to belong to the same realm. 204 4. Definitions 206 This MIB module IMPORTs objects from [RFC2578], [RFC2579], and 207 [RFC4001]. 209 NAT-MIB DEFINITIONS ::= BEGIN 211 IMPORTS 212 MODULE-IDENTITY, 213 OBJECT-TYPE, 214 Integer32, 215 Unsigned32, 216 Gauge32, 217 Counter64, 218 TimeTicks, 219 mib-2, 220 NOTIFICATION-TYPE 221 FROM SNMPv2-SMI 222 TEXTUAL-CONVENTION, 223 StorageType, 224 RowStatus 225 FROM SNMPv2-TC 226 MODULE-COMPLIANCE, 227 NOTIFICATION-GROUP, 228 OBJECT-GROUP 229 FROM SNMPv2-CONF 230 ifIndex, 231 ifCounterDiscontinuityGroup 232 FROM IF-MIB 233 SnmpAdminString 234 FROM SNMP-FRAMEWORK-MIB 235 InetAddressType, 236 InetAddress, 237 InetPortNumber 238 FROM INET-ADDRESS-MIB; 240 natMIB MODULE-IDENTITY 241 LAST-UPDATED "200001010000Z" 242 ORGANIZATION "TBD" 243 CONTACT-INFO "TBD" 244 DESCRIPTION 245 "This MIB module defines the generic managed objects 246 for NAT." 247 REVISION "200503210000Z" -- 21th March 2005 248 DESCRIPTION 249 "Initial version, published as RFC 4008." 250 REVISION "200001010000Z" 251 DESCRIPTION 252 "Dummy version. RFC Editor must replace this." 253 ::= { mib-2 123 } 255 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } 257 NatProtocolType ::= TEXTUAL-CONVENTION 258 STATUS deprecated 259 DESCRIPTION 260 "A list of protocols that support the network 261 address translation. Inclusion of the values is 262 not intended to imply that those protocols 263 need to be supported. Any change in this 264 TEXTUAL-CONVENTION should also be reflected in 265 the definition of NatProtocolMap, which is a 266 BITS representation of this." 267 SYNTAX INTEGER { 268 none (1), -- not specified 269 other (2), -- none of the following 270 icmp (3), 271 udp (4), 272 tcp (5) 273 } 275 NatProtocolMap ::= TEXTUAL-CONVENTION 276 STATUS deprecated 277 DESCRIPTION 278 "A bitmap of protocol identifiers that support 279 the network address translation. Any change 280 in this TEXTUAL-CONVENTION should also be 281 reflected in the definition of NatProtocolType." 282 SYNTAX BITS { 283 other (0), 284 icmp (1), 285 udp (2), 286 tcp (3) 287 } 289 NatAddrMapId ::= TEXTUAL-CONVENTION 290 DISPLAY-HINT "d" 291 STATUS deprecated 292 DESCRIPTION 293 "A unique id that is assigned to each address map 294 by a NAT enabled device." 295 SYNTAX Unsigned32 (1..4294967295) 297 NatBindIdOrZero ::= TEXTUAL-CONVENTION 298 DISPLAY-HINT "d" 299 STATUS deprecated 300 DESCRIPTION 301 "A unique id that is assigned to each bind by 302 a NAT enabled device. The bind id will be zero 303 in the case of a Symmetric NAT." 304 SYNTAX Unsigned32 (0..4294967295) 306 NatBindId ::= TEXTUAL-CONVENTION 307 DISPLAY-HINT "d" 308 STATUS deprecated 309 DESCRIPTION 310 "A unique id that is assigned to each bind by 311 a NAT enabled device." 312 SYNTAX Unsigned32 (1..4294967295) 314 NatSessionId ::= TEXTUAL-CONVENTION 315 DISPLAY-HINT "d" 316 STATUS deprecated 317 DESCRIPTION 318 "A unique id that is assigned to each session by 319 a NAT enabled device." 320 SYNTAX Unsigned32 (1..4294967295) 322 NatBindMode ::= TEXTUAL-CONVENTION 323 STATUS deprecated 324 DESCRIPTION 325 "An indication of whether the bind is 326 an address bind or an address port bind." 327 SYNTAX INTEGER { 328 addressBind (1), 329 addressPortBind (2) 330 } 332 NatAssociationType ::= TEXTUAL-CONVENTION 333 STATUS deprecated 334 DESCRIPTION 335 "An indication of whether the association is 336 static or dynamic." 337 SYNTAX INTEGER { 338 static (1), 339 dynamic (2) 340 } 342 NatTranslationEntity ::= TEXTUAL-CONVENTION 343 STATUS deprecated 344 DESCRIPTION 345 "An indication of a) the direction of a session for 346 which an address map entry, address bind or port 347 bind is applicable, and b) the entity (source or 348 destination) within the session that is subject to 349 translation." 350 SYNTAX BITS { 351 inboundSrcEndPoint (0), 352 outboundDstEndPoint(1), 353 inboundDstEndPoint (2), 354 outboundSrcEndPoint(3) 355 } 357 ProtocolNumber ::= TEXTUAL-CONVENTION 358 DISPLAY-HINT "d" 359 STATUS current 360 DESCRIPTION 361 "A transport protocol number, from the 'protocol-numbers' IANA 362 registry." 363 SYNTAX Unsigned32 (0..255) 365 NatPoolId ::= TEXTUAL-CONVENTION 366 DISPLAY-HINT "d" 367 STATUS current 368 DESCRIPTION 369 "A unique ID that is assigned to each pool." 370 SYNTAX Unsigned32 (1..4294967295) 372 NatBehaviorType ::= TEXTUAL-CONVENTION 373 STATUS current 374 DESCRIPTION 375 "Behavior type as described in [RFC4787] sections 4.1 and 5." 376 SYNTAX INTEGER { 377 endpointIndependent (0), 378 addressDependent (1), 379 addressAndPortDependent (2) 380 } 382 NatPoolingType ::= TEXTUAL-CONVENTION 383 STATUS current 384 DESCRIPTION 385 "Pooling type as described in [RFC4787] sections 4.1." 386 SYNTAX INTEGER { 387 arbitrary (0), 388 paired (1) 389 } 391 -- 392 -- Default Values for the Bind and NAT Protocol Timers 393 -- 394 natDefTimeouts OBJECT IDENTIFIER ::= { natMIBObjects 1 } 396 natNotifCtrl OBJECT IDENTIFIER ::= { natMIBObjects 2 } 398 -- 399 -- Address Bind and Port Bind related NAT configuration 400 -- 402 natBindDefIdleTimeout OBJECT-TYPE 403 SYNTAX Unsigned32 (0..4294967295) 404 UNITS "seconds" 405 MAX-ACCESS read-write 406 STATUS deprecated 407 DESCRIPTION 408 "The default Bind (Address Bind or Port Bind) idle 409 timeout parameter. 411 If the agent is capable of storing non-volatile 412 configuration, then the value of this object must be 413 restored after a re-initialization of the management 414 system." 415 DEFVAL { 0 } 416 ::= { natDefTimeouts 1 } 418 -- 419 -- UDP related NAT configuration 420 -- 422 natUdpDefIdleTimeout OBJECT-TYPE 423 SYNTAX Unsigned32 (1..4294967295) 424 UNITS "seconds" 425 MAX-ACCESS read-write 426 STATUS deprecated 427 DESCRIPTION 428 "The default UDP idle timeout parameter. 430 If the agent is capable of storing non-volatile 431 configuration, then the value of this object must be 432 restored after a re-initialization of the management 433 system." 434 DEFVAL { 300 } 435 ::= { natDefTimeouts 2 } 437 -- 438 -- ICMP related NAT configuration 439 -- 441 natIcmpDefIdleTimeout OBJECT-TYPE 442 SYNTAX Unsigned32 (1..4294967295) 443 UNITS "seconds" 444 MAX-ACCESS read-write 445 STATUS deprecated 446 DESCRIPTION 447 "The default ICMP idle timeout parameter. 449 If the agent is capable of storing non-volatile 450 configuration, then the value of this object must be 451 restored after a re-initialization of the management 452 system." 453 DEFVAL { 300 } 454 ::= { natDefTimeouts 3 } 456 -- 457 -- Other protocol parameters 458 -- 460 natOtherDefIdleTimeout OBJECT-TYPE 461 SYNTAX Unsigned32 (1..4294967295) 462 UNITS "seconds" 463 MAX-ACCESS read-write 464 STATUS deprecated 465 DESCRIPTION 466 "The default idle timeout parameter for protocols 467 represented by the value other (2) in 468 NatProtocolType. 470 If the agent is capable of storing non-volatile 471 configuration, then the value of this object must be 472 restored after a re-initialization of the management 473 system." 474 DEFVAL { 60 } 475 ::= { natDefTimeouts 4 } 477 -- 478 -- TCP related NAT Timers 479 -- 481 natTcpDefIdleTimeout OBJECT-TYPE 482 SYNTAX Unsigned32 (1..4294967295) 483 UNITS "seconds" 484 MAX-ACCESS read-write 485 STATUS deprecated 486 DESCRIPTION 487 "The default time interval that a NAT session for an 488 established TCP connection is allowed to remain 489 valid without any activity on the TCP connection. 491 If the agent is capable of storing non-volatile 492 configuration, then the value of this object must be 493 restored after a re-initialization of the management 494 system." 495 DEFVAL { 86400 } 496 ::= { natDefTimeouts 5 } 498 natTcpDefNegTimeout OBJECT-TYPE 499 SYNTAX Unsigned32 (1..4294967295) 500 UNITS "seconds" 501 MAX-ACCESS read-write 502 STATUS deprecated 503 DESCRIPTION 504 "The default time interval that a NAT session for a TCP 505 connection that is not in the established state 506 is allowed to remain valid without any activity on 507 the TCP connection. 509 If the agent is capable of storing non-volatile 510 configuration, then the value of this object must be 511 restored after a re-initialization of the management 512 system." 513 DEFVAL { 60 } 514 ::= { natDefTimeouts 6 } 516 natNotifThrottlingInterval OBJECT-TYPE 517 SYNTAX Integer32 (0 | 5..3600) 518 UNITS "seconds" 519 MAX-ACCESS read-write 520 STATUS deprecated 521 DESCRIPTION 522 "This object controls the generation of the 523 natPacketDiscard notification. 525 If this object has a value of zero, then no 526 natPacketDiscard notifications will be transmitted by the 527 agent. 529 If this object has a non-zero value, then the agent must 530 not generate more than one natPacketDiscard 531 'notification-event' in the indicated period, where a 532 'notification-event' is the generation of a single 533 notification PDU type to a list of notification 534 destinations. If additional NAT packets are discarded 535 within the throttling period, then notification-events 536 for these changes must be suppressed by the agent until 537 the current throttling period expires. 539 If natNotifThrottlingInterval notification generation 540 is enabled, the suggested default throttling period is 541 60 seconds, but generation of the natPacketDiscard 542 notification should be disabled by default. 544 If the agent is capable of storing non-volatile 545 configuration, then the value of this object must be 546 restored after a re-initialization of the management 547 system. 549 The actual transmission of notifications is controlled 550 via the MIB modules in RFC 3413." 551 DEFVAL { 0 } 552 ::= { natNotifCtrl 1 } 554 -- 555 -- The NAT Interface Table 556 -- 558 natInterfaceTable OBJECT-TYPE 559 SYNTAX SEQUENCE OF NatInterfaceEntry 560 MAX-ACCESS not-accessible 561 STATUS deprecated 562 DESCRIPTION 563 "This table specifies the attributes for interfaces on a 564 device supporting NAT function." 565 ::= { natMIBObjects 3 } 567 natInterfaceEntry OBJECT-TYPE 568 SYNTAX NatInterfaceEntry 569 MAX-ACCESS not-accessible 570 STATUS deprecated 571 DESCRIPTION 572 "Each entry in the natInterfaceTable holds a set of 573 parameters for an interface, instantiated by 574 ifIndex. Therefore, the interface index must have been 575 assigned, according to the applicable procedures, 576 before it can be meaningfully used. 577 Generally, this means that the interface must exist. 579 When natStorageType is of type nonVolatile, however, 580 this may reflect the configuration for an interface whose 581 ifIndex has been assigned but for which the supporting 582 implementation is not currently present." 583 INDEX { ifIndex } 584 ::= { natInterfaceTable 1 } 586 NatInterfaceEntry ::= SEQUENCE { 587 natInterfaceRealm INTEGER, 588 natInterfaceServiceType BITS, 589 natInterfaceInTranslates Counter64, 590 natInterfaceOutTranslates Counter64, 591 natInterfaceDiscards Counter64, 592 natInterfaceStorageType StorageType, 593 natInterfaceRowStatus RowStatus 594 } 596 natInterfaceRealm OBJECT-TYPE 597 SYNTAX INTEGER { 598 private (1), 599 public (2) 600 } 601 MAX-ACCESS read-create 602 STATUS deprecated 603 DESCRIPTION 604 "This object identifies whether this interface is 605 connected to the private or the public realm." 606 DEFVAL { public } 607 ::= { natInterfaceEntry 1 } 609 natInterfaceServiceType OBJECT-TYPE 610 SYNTAX BITS { 611 basicNat (0), 612 napt (1), 613 bidirectionalNat (2), 614 twiceNat (3) 615 } 616 MAX-ACCESS read-create 617 STATUS deprecated 618 DESCRIPTION 619 "An indication of the direction in which new sessions 620 are permitted and the extent of translation done within 621 the IP and transport headers." 622 ::= { natInterfaceEntry 2 } 624 natInterfaceInTranslates OBJECT-TYPE 625 SYNTAX Counter64 626 MAX-ACCESS read-only 627 STATUS deprecated 628 DESCRIPTION 629 "Number of packets received on this interface that 630 were translated. 631 Discontinuities in the value of this counter can occur at 632 reinitialization of the management system and at other 633 times as indicated by the value of 634 ifCounterDiscontinuityTime on the relevant interface." 636 ::= { natInterfaceEntry 3 } 638 natInterfaceOutTranslates OBJECT-TYPE 639 SYNTAX Counter64 640 MAX-ACCESS read-only 641 STATUS deprecated 642 DESCRIPTION 643 "Number of translated packets that were sent out this 644 interface. 646 Discontinuities in the value of this counter can occur at 647 reinitialization of the management system and at other 648 times as indicated by the value of 649 ifCounterDiscontinuityTime on the relevant interface." 650 ::= { natInterfaceEntry 4 } 652 natInterfaceDiscards OBJECT-TYPE 653 SYNTAX Counter64 654 MAX-ACCESS read-only 655 STATUS deprecated 656 DESCRIPTION 657 "Number of packets that had to be rejected/dropped due to 658 a lack of resources for this interface. 660 Discontinuities in the value of this counter can occur at 661 reinitialization of the management system and at other 662 times as indicated by the value of 663 ifCounterDiscontinuityTime on the relevant interface." 664 ::= { natInterfaceEntry 5 } 666 natInterfaceStorageType OBJECT-TYPE 667 SYNTAX StorageType 668 MAX-ACCESS read-create 669 STATUS deprecated 670 DESCRIPTION 671 "The storage type for this conceptual row. 672 Conceptual rows having the value 'permanent' 673 need not allow write-access to any columnar objects 674 in the row." 675 REFERENCE 676 "Textual Conventions for SMIv2, Section 2." 677 DEFVAL { nonVolatile } 678 ::= { natInterfaceEntry 6 } 680 natInterfaceRowStatus OBJECT-TYPE 681 SYNTAX RowStatus 682 MAX-ACCESS read-create 683 STATUS deprecated 684 DESCRIPTION 685 "The status of this conceptual row. 687 Until instances of all corresponding columns are 688 appropriately configured, the value of the 689 corresponding instance of the natInterfaceRowStatus 690 column is 'notReady'. 692 In particular, a newly created row cannot be made 693 active until the corresponding instance of 694 natInterfaceServiceType has been set. 696 None of the objects in this row may be modified 697 while the value of this object is active(1)." 698 REFERENCE 699 "Textual Conventions for SMIv2, Section 2." 700 ::= { natInterfaceEntry 7 } 702 -- 703 -- The Address Map Table 704 -- 706 natAddrMapTable OBJECT-TYPE 707 SYNTAX SEQUENCE OF NatAddrMapEntry 708 MAX-ACCESS not-accessible 709 STATUS deprecated 710 DESCRIPTION 711 "This table lists address map parameters for NAT." 712 ::= { natMIBObjects 4 } 714 natAddrMapEntry OBJECT-TYPE 715 SYNTAX NatAddrMapEntry 716 MAX-ACCESS not-accessible 717 STATUS deprecated 718 DESCRIPTION 719 "This entry represents an address map to be used for 720 NAT and contributes to the dynamic and/or static 721 address mapping tables of the NAT device." 722 INDEX { ifIndex, natAddrMapIndex } 723 ::= { natAddrMapTable 1 } 725 NatAddrMapEntry ::= SEQUENCE { 726 natAddrMapIndex NatAddrMapId, 727 natAddrMapName SnmpAdminString, 728 natAddrMapEntryType NatAssociationType, 729 natAddrMapTranslationEntity NatTranslationEntity, 730 natAddrMapLocalAddrType InetAddressType, 731 natAddrMapLocalAddrFrom InetAddress, 732 natAddrMapLocalAddrTo InetAddress, 733 natAddrMapLocalPortFrom InetPortNumber, 734 natAddrMapLocalPortTo InetPortNumber, 735 natAddrMapGlobalAddrType InetAddressType, 736 natAddrMapGlobalAddrFrom InetAddress, 737 natAddrMapGlobalAddrTo InetAddress, 738 natAddrMapGlobalPortFrom InetPortNumber, 739 natAddrMapGlobalPortTo InetPortNumber, 740 natAddrMapProtocol NatProtocolMap, 741 natAddrMapInTranslates Counter64, 742 natAddrMapOutTranslates Counter64, 743 natAddrMapDiscards Counter64, 744 natAddrMapAddrUsed Gauge32, 745 natAddrMapStorageType StorageType, 746 natAddrMapRowStatus RowStatus 747 } 749 natAddrMapIndex OBJECT-TYPE 750 SYNTAX NatAddrMapId 751 MAX-ACCESS not-accessible 752 STATUS deprecated 753 DESCRIPTION 754 "Along with ifIndex, this object uniquely 755 identifies an entry in the natAddrMapTable. 756 Address map entries are applied in the order 757 specified by natAddrMapIndex." 758 ::= { natAddrMapEntry 1 } 760 natAddrMapName OBJECT-TYPE 761 SYNTAX SnmpAdminString (SIZE(1..32)) 762 MAX-ACCESS read-create 763 STATUS deprecated 764 DESCRIPTION 765 "Name identifying all map entries in the table associated 766 with the same interface. All map entries with the same 767 ifIndex MUST have the same map name." 768 ::= { natAddrMapEntry 2 } 770 natAddrMapEntryType OBJECT-TYPE 771 SYNTAX NatAssociationType 772 MAX-ACCESS read-create 773 STATUS deprecated 774 DESCRIPTION 775 "This parameter can be used to set up static 776 or dynamic address maps." 777 ::= { natAddrMapEntry 3 } 779 natAddrMapTranslationEntity OBJECT-TYPE 780 SYNTAX NatTranslationEntity 781 MAX-ACCESS read-create 782 STATUS deprecated 783 DESCRIPTION 784 "The end-point entity (source or destination) in 785 inbound or outbound sessions (i.e., first packets) that 786 may be translated by an address map entry. 788 Session direction (inbound or outbound) is 789 derived from the direction of the first packet 790 of a session traversing a NAT interface. 791 NAT address (and Transport-ID) maps may be defined 792 to effect inbound or outbound sessions. 794 Traditionally, address maps for Basic NAT and NAPT are 795 configured on a public interface for outbound sessions, 796 effecting translation of source end-point. The value of 797 this object must be set to outboundSrcEndPoint for 798 those interfaces. 800 Alternately, if address maps for Basic NAT and NAPT were 801 to be configured on a private interface, the desired 802 value for this object for the map entries 803 would be inboundSrcEndPoint (i.e., effecting translation 804 of source end-point for inbound sessions). 806 If TwiceNAT were to be configured on a private interface, 807 the desired value for this object for the map entries 808 would be a bitmask of inboundSrcEndPoint and 809 inboundDstEndPoint." 810 ::= { natAddrMapEntry 4 } 812 natAddrMapLocalAddrType OBJECT-TYPE 813 SYNTAX InetAddressType 814 MAX-ACCESS read-create 815 STATUS deprecated 816 DESCRIPTION 817 "This object specifies the address type used for 818 natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo." 819 ::= { natAddrMapEntry 5 } 821 natAddrMapLocalAddrFrom OBJECT-TYPE 822 SYNTAX InetAddress 823 MAX-ACCESS read-create 824 STATUS deprecated 825 DESCRIPTION 826 "This object specifies the first IP address of the range 827 of IP addresses mapped by this translation entry. The 828 value of this object must be less than or equal to the 829 value of the natAddrMapLocalAddrTo object. 831 The type of this address is determined by the value of 832 the natAddrMapLocalAddrType object." 833 ::= { natAddrMapEntry 6 } 835 natAddrMapLocalAddrTo OBJECT-TYPE 836 SYNTAX InetAddress 837 MAX-ACCESS read-create 838 STATUS deprecated 839 DESCRIPTION 840 "This object specifies the last IP address of the range of 841 IP addresses mapped by this translation entry. If only 842 a single address is being mapped, the value of this object 843 is equal to the value of natAddrMapLocalAddrFrom. For a 844 static NAT, the number of addresses in the range defined 845 by natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo must 846 be equal to the number of addresses in the range defined by 847 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo. 848 The value of this object must be greater than or equal to 849 the value of the natAddrMapLocalAddrFrom object. 851 The type of this address is determined by the value of 852 the natAddrMapLocalAddrType object." 853 ::= { natAddrMapEntry 7 } 855 natAddrMapLocalPortFrom OBJECT-TYPE 856 SYNTAX InetPortNumber 857 MAX-ACCESS read-create 858 STATUS deprecated 859 DESCRIPTION 860 "If this conceptual row describes a Basic NAT address 861 mapping, then the value of this object must be zero. If 862 this conceptual row describes NAPT, then the value of 863 this object specifies the first port number in the range 864 of ports being mapped. 866 The value of this object must be less than or equal to the 867 value of the natAddrMapLocalPortTo object. If the 868 translation specifies a single port, then the value of this 869 object is equal to the value of natAddrMapLocalPortTo." 870 DEFVAL { 0 } 871 ::= { natAddrMapEntry 8 } 873 natAddrMapLocalPortTo OBJECT-TYPE 874 SYNTAX InetPortNumber 875 MAX-ACCESS read-create 876 STATUS deprecated 877 DESCRIPTION 878 "If this conceptual row describes a Basic NAT address 879 mapping, then the value of this object must be zero. If 880 this conceptual row describes NAPT, then the value of 881 this object specifies the last port number in the range 882 of ports being mapped. 884 The value of this object must be greater than or equal to 885 the value of the natAddrMapLocalPortFrom object. If the 886 translation specifies a single port, then the value of this 887 object is equal to the value of natAddrMapLocalPortFrom." 888 DEFVAL { 0 } 889 ::= { natAddrMapEntry 9 } 891 natAddrMapGlobalAddrType OBJECT-TYPE 892 SYNTAX InetAddressType 893 MAX-ACCESS read-create 894 STATUS deprecated 895 DESCRIPTION 896 "This object specifies the address type used for 897 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo." 898 ::= { natAddrMapEntry 10 } 900 natAddrMapGlobalAddrFrom OBJECT-TYPE 901 SYNTAX InetAddress 902 MAX-ACCESS read-create 903 STATUS deprecated 904 DESCRIPTION 905 "This object specifies the first IP address of the range of 906 IP addresses being mapped to. The value of this object 907 must be less than or equal to the value of the 908 natAddrMapGlobalAddrTo object. 910 The type of this address is determined by the value of 911 the natAddrMapGlobalAddrType object." 912 ::= { natAddrMapEntry 11 } 914 natAddrMapGlobalAddrTo OBJECT-TYPE 915 SYNTAX InetAddress 916 MAX-ACCESS read-create 917 STATUS deprecated 918 DESCRIPTION 919 "This object specifies the last IP address of the range of 920 IP addresses being mapped to. If only a single address is 921 being mapped to, the value of this object is equal to the 922 value of natAddrMapGlobalAddrFrom. For a static NAT, the 923 number of addresses in the range defined by 924 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo must be 925 equal to the number of addresses in the range defined by 926 natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo. 927 The value of this object must be greater than or equal to 928 the value of the natAddrMapGlobalAddrFrom object. 930 The type of this address is determined by the value of 931 the natAddrMapGlobalAddrType object." 932 ::= { natAddrMapEntry 12 } 934 natAddrMapGlobalPortFrom OBJECT-TYPE 935 SYNTAX InetPortNumber 936 MAX-ACCESS read-create 937 STATUS deprecated 938 DESCRIPTION 939 "If this conceptual row describes a Basic NAT address 940 mapping, then the value of this object must be zero. If 941 this conceptual row describes NAPT, then the value of 942 this object specifies the first port number in the range 943 of ports being mapped to. 945 The value of this object must be less than or equal to the 946 value of the natAddrMapGlobalPortTo object. If the 947 translation specifies a single port, then the value of this 948 object is equal to the value natAddrMapGlobalPortTo." 949 DEFVAL { 0 } 950 ::= { natAddrMapEntry 13 } 952 natAddrMapGlobalPortTo OBJECT-TYPE 953 SYNTAX InetPortNumber 954 MAX-ACCESS read-create 955 STATUS deprecated 956 DESCRIPTION 957 "If this conceptual row describes a Basic NAT address 958 mapping, then the value of this object must be zero. If 959 this conceptual row describes NAPT, then the value of this 960 object specifies the last port number in the range of 961 ports being mapped to. 963 The value of this object must be greater than or equal to 964 the value of the natAddrMapGlobalPortFrom object. If the 965 translation specifies a single port, then the value of this 966 object is equal to the value of natAddrMapGlobalPortFrom." 967 DEFVAL { 0 } 968 ::= { natAddrMapEntry 14 } 970 natAddrMapProtocol OBJECT-TYPE 971 SYNTAX NatProtocolMap 972 MAX-ACCESS read-create 973 STATUS deprecated 974 DESCRIPTION 975 "This object specifies a bitmap of protocol identifiers." 976 ::= { natAddrMapEntry 15 } 978 natAddrMapInTranslates OBJECT-TYPE 979 SYNTAX Counter64 980 MAX-ACCESS read-only 981 STATUS deprecated 982 DESCRIPTION 983 "The number of inbound packets pertaining to this address 984 map entry that were translated. 986 Discontinuities in the value of this counter can occur at 987 reinitialization of the management system and at other 988 times, as indicated by the value of 989 ifCounterDiscontinuityTime on the relevant interface." 990 ::= { natAddrMapEntry 16 } 992 natAddrMapOutTranslates OBJECT-TYPE 993 SYNTAX Counter64 994 MAX-ACCESS read-only 995 STATUS deprecated 996 DESCRIPTION 997 "The number of outbound packets pertaining to this 998 address map entry that were translated. 1000 Discontinuities in the value of this counter can occur at 1001 reinitialization of the management system and at other 1002 times, as indicated by the value of 1003 ifCounterDiscontinuityTime on the relevant interface." 1004 ::= { natAddrMapEntry 17 } 1006 natAddrMapDiscards OBJECT-TYPE 1007 SYNTAX Counter64 1008 MAX-ACCESS read-only 1009 STATUS deprecated 1010 DESCRIPTION 1011 "The number of packets pertaining to this address map 1012 entry that were dropped due to lack of addresses in the 1013 address pool identified by this address map. The value of 1014 this object must always be zero in case of static 1015 address map. 1017 Discontinuities in the value of this counter can occur at 1018 reinitialization of the management system and at other 1019 times, as indicated by the value of 1020 ifCounterDiscontinuityTime on the relevant interface." 1021 ::= { natAddrMapEntry 18 } 1023 natAddrMapAddrUsed OBJECT-TYPE 1024 SYNTAX Gauge32 1025 MAX-ACCESS read-only 1026 STATUS deprecated 1027 DESCRIPTION 1028 "The number of addresses pertaining to this address map 1029 that are currently being used from the NAT pool. 1030 The value of this object must always be zero in the case 1031 of a static address map." 1032 ::= { natAddrMapEntry 19 } 1034 natAddrMapStorageType OBJECT-TYPE 1035 SYNTAX StorageType 1036 MAX-ACCESS read-create 1037 STATUS deprecated 1038 DESCRIPTION 1039 "The storage type for this conceptual row. 1040 Conceptual rows having the value 'permanent' 1041 need not allow write-access to any columnar objects 1042 in the row." 1043 REFERENCE 1044 "Textual Conventions for SMIv2, Section 2." 1045 DEFVAL { nonVolatile } 1046 ::= { natAddrMapEntry 20 } 1048 natAddrMapRowStatus OBJECT-TYPE 1049 SYNTAX RowStatus 1050 MAX-ACCESS read-create 1051 STATUS deprecated 1052 DESCRIPTION 1053 "The status of this conceptual row. 1055 Until instances of all corresponding columns are 1056 appropriately configured, the value of the 1057 corresponding instance of the natAddrMapRowStatus 1058 column is 'notReady'. 1060 None of the objects in this row may be modified 1061 while the value of this object is active(1)." 1062 REFERENCE 1063 "Textual Conventions for SMIv2, Section 2." 1064 ::= { natAddrMapEntry 21 } 1066 -- 1067 -- Address Bind section 1068 -- 1070 natAddrBindNumberOfEntries OBJECT-TYPE 1071 SYNTAX Gauge32 1072 MAX-ACCESS read-only 1073 STATUS deprecated 1074 DESCRIPTION 1075 "This object maintains a count of the number of entries 1076 that currently exist in the natAddrBindTable." 1077 ::= { natMIBObjects 5 } 1079 -- 1080 -- The NAT Address BIND Table 1081 -- 1083 natAddrBindTable OBJECT-TYPE 1084 SYNTAX SEQUENCE OF NatAddrBindEntry 1085 MAX-ACCESS not-accessible 1086 STATUS deprecated 1087 DESCRIPTION 1088 "This table holds information about the currently 1089 active NAT BINDs." 1090 ::= { natMIBObjects 6 } 1092 natAddrBindEntry OBJECT-TYPE 1093 SYNTAX NatAddrBindEntry 1094 MAX-ACCESS not-accessible 1095 STATUS deprecated 1096 DESCRIPTION 1097 "Each entry in this table holds information about 1098 an active address BIND. These entries are lost 1099 upon agent restart. 1101 This row has indexing which may create variables with 1102 more than 128 subidentifiers. Implementers of this table 1103 must be careful not to create entries that would result 1104 in OIDs which exceed the 128 subidentifier limit. 1105 Otherwise, the information cannot be accessed using 1106 SNMPv1, SNMPv2c or SNMPv3." 1108 INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr } 1109 ::= { natAddrBindTable 1 } 1111 NatAddrBindEntry ::= SEQUENCE { 1112 natAddrBindLocalAddrType InetAddressType, 1113 natAddrBindLocalAddr InetAddress, 1114 natAddrBindGlobalAddrType InetAddressType, 1115 natAddrBindGlobalAddr InetAddress, 1116 natAddrBindId NatBindId, 1117 natAddrBindTranslationEntity NatTranslationEntity, 1118 natAddrBindType NatAssociationType, 1119 natAddrBindMapIndex NatAddrMapId, 1120 natAddrBindSessions Gauge32, 1121 natAddrBindMaxIdleTime TimeTicks, 1122 natAddrBindCurrentIdleTime TimeTicks, 1123 natAddrBindInTranslates Counter64, 1124 natAddrBindOutTranslates Counter64 1125 } 1127 natAddrBindLocalAddrType OBJECT-TYPE 1128 SYNTAX InetAddressType 1129 MAX-ACCESS not-accessible 1130 STATUS deprecated 1131 DESCRIPTION 1132 "This object specifies the address type used for 1133 natAddrBindLocalAddr." 1134 ::= { natAddrBindEntry 1 } 1136 natAddrBindLocalAddr OBJECT-TYPE 1137 SYNTAX InetAddress 1138 MAX-ACCESS not-accessible 1139 STATUS deprecated 1140 DESCRIPTION 1141 "This object represents the private-realm specific network 1142 layer address, which maps to the public-realm address 1143 represented by natAddrBindGlobalAddr. 1145 The type of this address is determined by the value of 1146 the natAddrBindLocalAddrType object." 1147 ::= { natAddrBindEntry 2 } 1149 natAddrBindGlobalAddrType OBJECT-TYPE 1150 SYNTAX InetAddressType 1151 MAX-ACCESS read-only 1152 STATUS deprecated 1153 DESCRIPTION 1154 "This object specifies the address type used for 1155 natAddrBindGlobalAddr." 1156 ::= { natAddrBindEntry 3 } 1158 natAddrBindGlobalAddr OBJECT-TYPE 1159 SYNTAX InetAddress 1160 MAX-ACCESS read-only 1161 STATUS deprecated 1162 DESCRIPTION 1163 "This object represents the public-realm network layer 1164 address that maps to the private-realm network layer 1165 address represented by natAddrBindLocalAddr. 1167 The type of this address is determined by the value of 1168 the natAddrBindGlobalAddrType object." 1169 ::= { natAddrBindEntry 4 } 1171 natAddrBindId OBJECT-TYPE 1172 SYNTAX NatBindId 1173 MAX-ACCESS read-only 1174 STATUS deprecated 1175 DESCRIPTION 1176 "This object represents a bind id that is dynamically 1177 assigned to each bind by a NAT enabled device. Each 1178 bind is represented by a bind id that is 1179 unique across both, the natAddrBindTable and the 1180 natAddrPortBindTable." 1181 ::= { natAddrBindEntry 5 } 1183 natAddrBindTranslationEntity OBJECT-TYPE 1184 SYNTAX NatTranslationEntity 1185 MAX-ACCESS read-only 1186 STATUS deprecated 1187 DESCRIPTION 1188 "This object represents the direction of sessions 1189 for which this bind is applicable and the endpoint entity 1190 (source or destination) within the sessions that is 1191 subject to translation using the BIND. 1193 Orientation of the bind can be a superset of 1194 translationEntity of the address map entry which 1195 forms the basis for this bind. 1197 For example, if the translationEntity of an 1198 address map entry is outboundSrcEndPoint, the 1199 translationEntity of a bind derived from this 1200 map entry may either be outboundSrcEndPoint or 1201 it may be bidirectional (a bitmask of 1202 outboundSrcEndPoint and inboundDstEndPoint)." 1203 ::= { natAddrBindEntry 6 } 1205 natAddrBindType OBJECT-TYPE 1206 SYNTAX NatAssociationType 1207 MAX-ACCESS read-only 1208 STATUS deprecated 1209 DESCRIPTION 1210 "This object indicates whether the bind is static or 1211 dynamic." 1212 ::= { natAddrBindEntry 7 } 1214 natAddrBindMapIndex OBJECT-TYPE 1215 SYNTAX NatAddrMapId 1216 MAX-ACCESS read-only 1217 STATUS deprecated 1218 DESCRIPTION 1219 "This object is a pointer to the natAddrMapTable entry 1220 (and the parameters of that entry) which was used in 1221 creating this BIND. This object, in conjunction with the 1222 ifIndex (which identifies a unique addrMapName) points to 1223 a unique entry in the natAddrMapTable." 1224 ::= { natAddrBindEntry 8 } 1226 natAddrBindSessions OBJECT-TYPE 1227 SYNTAX Gauge32 1228 MAX-ACCESS read-only 1229 STATUS deprecated 1230 DESCRIPTION 1231 "Number of sessions currently using this BIND." 1232 ::= { natAddrBindEntry 9 } 1234 natAddrBindMaxIdleTime OBJECT-TYPE 1235 SYNTAX TimeTicks 1236 MAX-ACCESS read-only 1237 STATUS deprecated 1238 DESCRIPTION 1239 "This object indicates the maximum time for 1240 which this bind can be idle with no sessions 1241 attached to it. 1243 The value of this object is of relevance only for 1244 dynamic NAT." 1245 ::= { natAddrBindEntry 10 } 1247 natAddrBindCurrentIdleTime OBJECT-TYPE 1248 SYNTAX TimeTicks 1249 MAX-ACCESS read-only 1250 STATUS deprecated 1251 DESCRIPTION 1252 "At any given instance, this object indicates the 1253 time that this bind has been idle without any sessions 1254 attached to it. 1256 The value of this object is of relevance only for 1257 dynamic NAT." 1259 ::= { natAddrBindEntry 11 } 1261 natAddrBindInTranslates OBJECT-TYPE 1262 SYNTAX Counter64 1263 MAX-ACCESS read-only 1264 STATUS deprecated 1265 DESCRIPTION 1266 "The number of inbound packets that were successfully 1267 translated by using this bind entry. 1269 Discontinuities in the value of this counter can occur at 1270 reinitialization of the management system and at other 1271 times, as indicated by the value of 1272 ifCounterDiscontinuityTime on the relevant interface." 1273 ::= { natAddrBindEntry 12 } 1275 natAddrBindOutTranslates OBJECT-TYPE 1276 SYNTAX Counter64 1277 MAX-ACCESS read-only 1278 STATUS deprecated 1279 DESCRIPTION 1280 "The number of outbound packets that were successfully 1281 translated using this bind entry. 1283 Discontinuities in the value of this counter can occur at 1284 reinitialization of the management system and at other 1285 times as indicated by the value of 1286 ifCounterDiscontinuityTime on the relevant interface." 1287 ::= { natAddrBindEntry 13 } 1289 -- 1290 -- Address Port Bind section 1291 -- 1293 natAddrPortBindNumberOfEntries OBJECT-TYPE 1294 SYNTAX Gauge32 1295 MAX-ACCESS read-only 1296 STATUS deprecated 1297 DESCRIPTION 1298 "This object maintains a count of the number of entries 1299 that currently exist in the natAddrPortBindTable." 1300 ::= { natMIBObjects 7 } 1302 -- 1303 -- The NAT Address Port Bind Table 1304 -- 1306 natAddrPortBindTable OBJECT-TYPE 1307 SYNTAX SEQUENCE OF NatAddrPortBindEntry 1308 MAX-ACCESS not-accessible 1309 STATUS deprecated 1310 DESCRIPTION 1311 "This table holds information about the currently 1312 active NAPT BINDs." 1313 ::= { natMIBObjects 8 } 1315 natAddrPortBindEntry OBJECT-TYPE 1316 SYNTAX NatAddrPortBindEntry 1317 MAX-ACCESS not-accessible 1318 STATUS deprecated 1319 DESCRIPTION 1320 "Each entry in the this table holds information 1321 about a NAPT bind that is currently active. 1322 These entries are lost upon agent restart. 1324 This row has indexing which may create variables with 1325 more than 128 subidentifiers. Implementers of this table 1326 must be careful not to create entries which would result 1327 in OIDs that exceed the 128 subidentifier limit. 1328 Otherwise, the information cannot be accessed using 1329 SNMPv1, SNMPv2c or SNMPv3." 1330 INDEX { ifIndex, natAddrPortBindLocalAddrType, 1331 natAddrPortBindLocalAddr, natAddrPortBindLocalPort, 1332 natAddrPortBindProtocol } 1333 ::= { natAddrPortBindTable 1 } 1335 NatAddrPortBindEntry ::= SEQUENCE { 1336 natAddrPortBindLocalAddrType InetAddressType, 1337 natAddrPortBindLocalAddr InetAddress, 1338 natAddrPortBindLocalPort InetPortNumber, 1339 natAddrPortBindProtocol NatProtocolType, 1340 natAddrPortBindGlobalAddrType InetAddressType, 1341 natAddrPortBindGlobalAddr InetAddress, 1342 natAddrPortBindGlobalPort InetPortNumber, 1343 natAddrPortBindId NatBindId, 1344 natAddrPortBindTranslationEntity NatTranslationEntity, 1345 natAddrPortBindType NatAssociationType, 1346 natAddrPortBindMapIndex NatAddrMapId, 1347 natAddrPortBindSessions Gauge32, 1348 natAddrPortBindMaxIdleTime TimeTicks, 1349 natAddrPortBindCurrentIdleTime TimeTicks, 1350 natAddrPortBindInTranslates Counter64, 1351 natAddrPortBindOutTranslates Counter64 1352 } 1354 natAddrPortBindLocalAddrType OBJECT-TYPE 1355 SYNTAX InetAddressType 1356 MAX-ACCESS not-accessible 1357 STATUS deprecated 1358 DESCRIPTION 1359 "This object specifies the address type used for 1360 natAddrPortBindLocalAddr." 1361 ::= { natAddrPortBindEntry 1 } 1363 natAddrPortBindLocalAddr OBJECT-TYPE 1364 SYNTAX InetAddress 1365 MAX-ACCESS not-accessible 1366 STATUS deprecated 1367 DESCRIPTION 1368 "This object represents the private-realm specific network 1369 layer address which, in conjunction with 1370 natAddrPortBindLocalPort, maps to the public-realm 1371 network layer address and transport id represented by 1372 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort 1373 respectively. 1375 The type of this address is determined by the value of 1376 the natAddrPortBindLocalAddrType object." 1377 ::= { natAddrPortBindEntry 2 } 1379 natAddrPortBindLocalPort OBJECT-TYPE 1380 SYNTAX InetPortNumber 1381 MAX-ACCESS not-accessible 1382 STATUS deprecated 1383 DESCRIPTION 1384 "For a protocol value TCP or UDP, this object represents 1385 the private-realm specific port number. On the other 1386 hand, for ICMP a bind is created only for query/response 1387 type ICMP messages such as ICMP echo, Timestamp, and 1388 Information request messages, and this object represents 1389 the private-realm specific identifier in the ICMP 1390 message, as defined in RFC 792 for ICMPv4 and in RFC 1391 2463 for ICMPv6. 1393 This object, together with natAddrPortBindProtocol, 1394 natAddrPortBindLocalAddrType, and natAddrPortBindLocalAddr, 1395 constitutes a session endpoint in the private realm. A 1396 bind entry binds a private realm specific endpoint to a 1397 public realm specific endpoint, as represented by the 1398 tuple of (natAddrPortBindGlobalPort, 1399 natAddrPortBindProtocol, natAddrPortBindGlobalAddrType, 1400 and natAddrPortBindGlobalAddr)." 1401 ::= { natAddrPortBindEntry 3 } 1403 natAddrPortBindProtocol OBJECT-TYPE 1404 SYNTAX NatProtocolType 1405 MAX-ACCESS not-accessible 1406 STATUS deprecated 1407 DESCRIPTION 1408 "This object specifies a protocol identifier. If the 1409 value of this object is none(1), then this bind entry 1410 applies to all IP traffic. Any other value of this object 1411 specifies the class of IP traffic to which this BIND 1412 applies." 1413 ::= { natAddrPortBindEntry 4 } 1415 natAddrPortBindGlobalAddrType OBJECT-TYPE 1416 SYNTAX InetAddressType 1417 MAX-ACCESS read-only 1418 STATUS deprecated 1419 DESCRIPTION 1420 "This object specifies the address type used for 1421 natAddrPortBindGlobalAddr." 1422 ::= { natAddrPortBindEntry 5 } 1424 natAddrPortBindGlobalAddr OBJECT-TYPE 1425 SYNTAX InetAddress 1426 MAX-ACCESS read-only 1427 STATUS deprecated 1428 DESCRIPTION 1429 "This object represents the public-realm specific network 1430 layer address that, in conjunction with 1431 natAddrPortBindGlobalPort, maps to the private-realm 1433 network layer address and transport id represented by 1434 natAddrPortBindLocalAddr and natAddrPortBindLocalPort, 1435 respectively. 1437 The type of this address is determined by the value of 1438 the natAddrPortBindGlobalAddrType object." 1439 ::= { natAddrPortBindEntry 6 } 1441 natAddrPortBindGlobalPort OBJECT-TYPE 1442 SYNTAX InetPortNumber 1443 MAX-ACCESS read-only 1444 STATUS deprecated 1445 DESCRIPTION 1446 "For a protocol value TCP or UDP, this object represents 1447 the public-realm specific port number. On the other 1448 hand, for ICMP a bind is created only for query/response 1449 type ICMP messages such as ICMP echo, Timestamp, and 1450 Information request messages, and this object represents 1451 the public-realm specific identifier in the ICMP message, 1452 as defined in RFC 792 for ICMPv4 and in RFC 2463 for 1453 ICMPv6. 1455 This object, together with natAddrPortBindProtocol, 1456 natAddrPortBindGlobalAddrType, and 1457 natAddrPortBindGlobalAddr, constitutes a session endpoint 1458 in the public realm. A bind entry binds a public realm 1459 specific endpoint to a private realm specific endpoint, 1460 as represented by the tuple of 1461 (natAddrPortBindLocalPort, natAddrPortBindProtocol, 1462 natAddrPortBindLocalAddrType, and 1463 natAddrPortBindLocalAddr)." 1464 ::= { natAddrPortBindEntry 7 } 1466 natAddrPortBindId OBJECT-TYPE 1467 SYNTAX NatBindId 1468 MAX-ACCESS read-only 1469 STATUS deprecated 1470 DESCRIPTION 1471 "This object represents a bind id that is dynamically 1472 assigned to each bind by a NAT enabled device. Each 1473 bind is represented by a unique bind id across both 1474 the natAddrBindTable and the natAddrPortBindTable." 1475 ::= { natAddrPortBindEntry 8 } 1477 natAddrPortBindTranslationEntity OBJECT-TYPE 1478 SYNTAX NatTranslationEntity 1479 MAX-ACCESS read-only 1480 STATUS deprecated 1481 DESCRIPTION 1482 "This object represents the direction of sessions 1483 for which this bind is applicable and the entity 1484 (source or destination) within the sessions that is 1485 subject to translation with the BIND. 1487 Orientation of the bind can be a superset of the 1488 translationEntity of the address map entry that 1489 forms the basis for this bind. 1491 For example, if the translationEntity of an 1492 address map entry is outboundSrcEndPoint, the 1493 translationEntity of a bind derived from this 1494 map entry may either be outboundSrcEndPoint or 1495 may be bidirectional (a bitmask of 1496 outboundSrcEndPoint and inboundDstEndPoint)." 1497 ::= { natAddrPortBindEntry 9 } 1499 natAddrPortBindType OBJECT-TYPE 1500 SYNTAX NatAssociationType 1501 MAX-ACCESS read-only 1502 STATUS deprecated 1503 DESCRIPTION 1504 "This object indicates whether the bind is static or 1505 dynamic." 1506 ::= { natAddrPortBindEntry 10 } 1508 natAddrPortBindMapIndex OBJECT-TYPE 1509 SYNTAX NatAddrMapId 1510 MAX-ACCESS read-only 1511 STATUS deprecated 1512 DESCRIPTION 1513 "This object is a pointer to the natAddrMapTable entry 1514 (and the parameters of that entry) used in 1515 creating this BIND. This object, in conjunction with the 1516 ifIndex (which identifies a unique addrMapName), points 1517 to a unique entry in the natAddrMapTable." 1518 ::= { natAddrPortBindEntry 11 } 1520 natAddrPortBindSessions OBJECT-TYPE 1521 SYNTAX Gauge32 1522 MAX-ACCESS read-only 1523 STATUS deprecated 1524 DESCRIPTION 1525 "Number of sessions currently using this BIND." 1526 ::= { natAddrPortBindEntry 12 } 1528 natAddrPortBindMaxIdleTime OBJECT-TYPE 1529 SYNTAX TimeTicks 1530 MAX-ACCESS read-only 1531 STATUS deprecated 1533 DESCRIPTION 1534 "This object indicates the maximum time for 1535 which this bind can be idle without any sessions 1536 attached to it. 1537 The value of this object is of relevance 1538 only for dynamic NAT." 1539 ::= { natAddrPortBindEntry 13 } 1541 natAddrPortBindCurrentIdleTime OBJECT-TYPE 1542 SYNTAX TimeTicks 1543 MAX-ACCESS read-only 1544 STATUS deprecated 1545 DESCRIPTION 1546 "At any given instance, this object indicates the 1547 time that this bind has been idle without any sessions 1548 attached to it. 1550 The value of this object is of relevance 1551 only for dynamic NAT." 1552 ::= { natAddrPortBindEntry 14 } 1554 natAddrPortBindInTranslates OBJECT-TYPE 1555 SYNTAX Counter64 1556 MAX-ACCESS read-only 1557 STATUS deprecated 1558 DESCRIPTION 1559 "The number of inbound packets that were translated as per 1560 this bind entry. 1562 Discontinuities in the value of this counter can occur at 1563 reinitialization of the management system and at other 1564 times, as indicated by the value of 1565 ifCounterDiscontinuityTime on the relevant interface." 1566 ::= { natAddrPortBindEntry 15 } 1568 natAddrPortBindOutTranslates OBJECT-TYPE 1569 SYNTAX Counter64 1570 MAX-ACCESS read-only 1571 STATUS deprecated 1572 DESCRIPTION 1573 "The number of outbound packets that were translated as per 1574 this bind entry. 1576 Discontinuities in the value of this counter can occur at 1577 reinitialization of the management system and at other 1578 times, as indicated by the value of 1579 ifCounterDiscontinuityTime on the relevant interface." 1580 ::= { natAddrPortBindEntry 16 } 1582 -- 1583 -- The Session Table 1584 -- 1586 natSessionTable OBJECT-TYPE 1587 SYNTAX SEQUENCE OF NatSessionEntry 1588 MAX-ACCESS not-accessible 1589 STATUS deprecated 1590 DESCRIPTION 1591 "The (conceptual) table containing one entry for each 1592 NAT session currently active on this NAT device." 1593 ::= { natMIBObjects 9 } 1595 natSessionEntry OBJECT-TYPE 1596 SYNTAX NatSessionEntry 1597 MAX-ACCESS not-accessible 1598 STATUS deprecated 1599 DESCRIPTION 1600 "An entry (conceptual row) containing information 1601 about an active NAT session on this NAT device. 1602 These entries are lost upon agent restart." 1603 INDEX { ifIndex, natSessionIndex } 1604 ::= { natSessionTable 1 } 1606 NatSessionEntry ::= SEQUENCE { 1607 natSessionIndex NatSessionId, 1608 natSessionPrivateSrcEPBindId NatBindIdOrZero, 1609 natSessionPrivateSrcEPBindMode NatBindMode, 1610 natSessionPrivateDstEPBindId NatBindIdOrZero, 1611 natSessionPrivateDstEPBindMode NatBindMode, 1612 natSessionDirection INTEGER, 1613 natSessionUpTime TimeTicks, 1614 natSessionAddrMapIndex NatAddrMapId, 1615 natSessionProtocolType NatProtocolType, 1616 natSessionPrivateAddrType InetAddressType, 1617 natSessionPrivateSrcAddr InetAddress, 1618 natSessionPrivateSrcPort InetPortNumber, 1619 natSessionPrivateDstAddr InetAddress, 1620 natSessionPrivateDstPort InetPortNumber, 1621 natSessionPublicAddrType InetAddressType, 1622 natSessionPublicSrcAddr InetAddress, 1623 natSessionPublicSrcPort InetPortNumber, 1624 natSessionPublicDstAddr InetAddress, 1625 natSessionPublicDstPort InetPortNumber, 1626 natSessionMaxIdleTime TimeTicks, 1627 natSessionCurrentIdleTime TimeTicks, 1628 natSessionInTranslates Counter64, 1629 natSessionOutTranslates Counter64 1630 } 1632 natSessionIndex OBJECT-TYPE 1633 SYNTAX NatSessionId 1634 MAX-ACCESS not-accessible 1635 STATUS deprecated 1636 DESCRIPTION 1637 "The session ID for this NAT session." 1638 ::= { natSessionEntry 1 } 1640 natSessionPrivateSrcEPBindId OBJECT-TYPE 1641 SYNTAX NatBindIdOrZero 1642 MAX-ACCESS read-only 1643 STATUS deprecated 1644 DESCRIPTION 1645 "The bind id associated between private and public 1646 source end points. In the case of Symmetric-NAT, 1647 this should be set to zero." 1648 ::= { natSessionEntry 2 } 1650 natSessionPrivateSrcEPBindMode OBJECT-TYPE 1651 SYNTAX NatBindMode 1652 MAX-ACCESS read-only 1653 STATUS deprecated 1654 DESCRIPTION 1655 "This object indicates whether the bind indicated 1656 by the object natSessionPrivateSrcEPBindId 1657 is an address bind or an address port bind." 1658 ::= { natSessionEntry 3 } 1660 natSessionPrivateDstEPBindId OBJECT-TYPE 1661 SYNTAX NatBindIdOrZero 1662 MAX-ACCESS read-only 1663 STATUS deprecated 1664 DESCRIPTION 1665 "The bind id associated between private and public 1666 destination end points." 1667 ::= { natSessionEntry 4 } 1669 natSessionPrivateDstEPBindMode OBJECT-TYPE 1670 SYNTAX NatBindMode 1671 MAX-ACCESS read-only 1672 STATUS deprecated 1673 DESCRIPTION 1674 "This object indicates whether the bind indicated 1675 by the object natSessionPrivateDstEPBindId 1676 is an address bind or an address port bind." 1677 ::= { natSessionEntry 5 } 1679 natSessionDirection OBJECT-TYPE 1680 SYNTAX INTEGER { 1681 inbound (1), 1682 outbound (2) 1683 } 1685 MAX-ACCESS read-only 1686 STATUS deprecated 1687 DESCRIPTION 1688 "The direction of this session with respect to the 1689 local network. 'inbound' indicates that this session 1690 was initiated from the public network into the private 1691 network. 'outbound' indicates that this session was 1692 initiated from the private network into the public 1693 network." 1694 ::= { natSessionEntry 6 } 1696 natSessionUpTime OBJECT-TYPE 1697 SYNTAX TimeTicks 1698 MAX-ACCESS read-only 1699 STATUS deprecated 1700 DESCRIPTION 1701 "The up time of this session in one-hundredths of a 1702 second." 1703 ::= { natSessionEntry 7 } 1705 natSessionAddrMapIndex OBJECT-TYPE 1706 SYNTAX NatAddrMapId 1707 MAX-ACCESS read-only 1708 STATUS deprecated 1709 DESCRIPTION 1710 "This object is a pointer to the natAddrMapTable entry 1711 (and the parameters of that entry) used in 1712 creating this session. This object, in conjunction with 1713 the ifIndex (which identifies a unique addrMapName), points 1714 to a unique entry in the natAddrMapTable." 1715 ::= { natSessionEntry 8 } 1717 natSessionProtocolType OBJECT-TYPE 1718 SYNTAX NatProtocolType 1719 MAX-ACCESS read-only 1720 STATUS deprecated 1721 DESCRIPTION 1722 "The protocol type of this session." 1723 ::= { natSessionEntry 9 } 1725 natSessionPrivateAddrType OBJECT-TYPE 1726 SYNTAX InetAddressType 1727 MAX-ACCESS read-only 1728 STATUS deprecated 1729 DESCRIPTION 1730 "This object specifies the address type used for 1731 natSessionPrivateSrcAddr and natSessionPrivateDstAddr." 1732 ::= { natSessionEntry 10 } 1734 natSessionPrivateSrcAddr OBJECT-TYPE 1735 SYNTAX InetAddress 1736 MAX-ACCESS read-only 1737 STATUS deprecated 1738 DESCRIPTION 1739 "The source IP address of the session endpoint that 1740 lies in the private network. 1742 The value of this object must be zero only when the 1743 natSessionPrivateSrcEPBindId object has a zero value. 1744 When the value of this object is zero, the NAT session 1745 lookup will match any IP address to this field. 1747 The type of this address is determined by the value of 1748 the natSessionPrivateAddrType object." 1749 ::= { natSessionEntry 11 } 1751 natSessionPrivateSrcPort OBJECT-TYPE 1752 SYNTAX InetPortNumber 1753 MAX-ACCESS read-only 1754 STATUS deprecated 1755 DESCRIPTION 1756 "When the value of protocol is TCP or UDP, this object 1757 represents the source port in the first packet of session 1758 while in private-realm. On the other hand, when the 1759 protocol is ICMP, a NAT session is created only for 1760 query/response type ICMP messages such as ICMP echo, 1761 Timestamp, and Information request messages, and this 1762 object represents the private-realm specific identifier 1763 in the ICMP message, as defined in RFC 792 for ICMPv4 1764 and in RFC 2463 for ICMPv6. 1766 The value of this object must be zero when the 1767 natSessionPrivateSrcEPBindId object has zero value 1768 and value of natSessionPrivateSrcEPBindMode is 1769 addressPortBind(2). In such a case, the NAT session 1770 lookup will match any port number to this field. 1772 The value of this object must be zero when the object 1773 is not a representative field (SrcPort, DstPort, or 1774 ICMP identifier) of the session tuple in either the 1775 public realm or the private realm." 1776 ::= { natSessionEntry 12 } 1778 natSessionPrivateDstAddr OBJECT-TYPE 1779 SYNTAX InetAddress 1780 MAX-ACCESS read-only 1781 STATUS deprecated 1782 DESCRIPTION 1783 "The destination IP address of the session endpoint that 1784 lies in the private network. 1786 The value of this object must be zero when the 1787 natSessionPrivateDstEPBindId object has a zero value. 1788 In such a scenario, the NAT session lookup will match 1789 any IP address to this field. 1791 The type of this address is determined by the value of 1792 the natSessionPrivateAddrType object." 1793 ::= { natSessionEntry 13 } 1795 natSessionPrivateDstPort OBJECT-TYPE 1796 SYNTAX InetPortNumber 1797 MAX-ACCESS read-only 1798 STATUS deprecated 1799 DESCRIPTION 1800 "When the value of protocol is TCP or UDP, this object 1801 represents the destination port in the first packet 1802 of session while in private-realm. On the other hand, 1803 when the protocol is ICMP, this object is not relevant 1804 and should be set to zero. 1806 The value of this object must be zero when the 1807 natSessionPrivateDstEPBindId object has a zero 1808 value and natSessionPrivateDstEPBindMode is set to 1809 addressPortBind(2). In such a case, the NAT session 1810 lookup will match any port number to this field. 1812 The value of this object must be zero when the object 1813 is not a representative field (SrcPort, DstPort, or 1814 ICMP identifier) of the session tuple in either the 1815 public realm or the private realm." 1816 ::= { natSessionEntry 14 } 1818 natSessionPublicAddrType OBJECT-TYPE 1819 SYNTAX InetAddressType 1820 MAX-ACCESS read-only 1821 STATUS deprecated 1822 DESCRIPTION 1823 "This object specifies the address type used for 1824 natSessionPublicSrcAddr and natSessionPublicDstAddr." 1825 ::= { natSessionEntry 15 } 1827 natSessionPublicSrcAddr OBJECT-TYPE 1828 SYNTAX InetAddress 1829 MAX-ACCESS read-only 1830 STATUS deprecated 1831 DESCRIPTION 1832 "The source IP address of the session endpoint that 1833 lies in the public network. 1835 The value of this object must be zero when the 1836 natSessionPrivateSrcEPBindId object has a zero value. 1837 In such a scenario, the NAT session lookup will match 1838 any IP address to this field. 1840 The type of this address is determined by the value of 1841 the natSessionPublicAddrType object." 1842 ::= { natSessionEntry 16 } 1844 natSessionPublicSrcPort OBJECT-TYPE 1845 SYNTAX InetPortNumber 1846 MAX-ACCESS read-only 1847 STATUS deprecated 1848 DESCRIPTION 1849 "When the value of protocol is TCP or UDP, this object 1850 represents the source port in the first packet of 1851 session while in public-realm. On the other hand, when 1852 protocol is ICMP, a NAT session is created only for 1853 query/response type ICMP messages such as ICMP echo, 1854 Timestamp, and Information request messages, and this 1855 object represents the public-realm specific identifier 1856 in the ICMP message, as defined in RFC 792 for ICMPv4 1857 and in RFC 2463 for ICMPv6. 1859 The value of this object must be zero when the 1860 natSessionPrivateSrcEPBindId object has a zero value 1861 and natSessionPrivateSrcEPBindMode is set to 1862 addressPortBind(2). In such a scenario, the NAT 1863 session lookup will match any port number to this 1864 field. 1866 The value of this object must be zero when the object 1867 is not a representative field (SrcPort, DstPort or 1868 ICMP identifier) of the session tuple in either the 1869 public realm or the private realm." 1870 ::= { natSessionEntry 17 } 1872 natSessionPublicDstAddr OBJECT-TYPE 1873 SYNTAX InetAddress 1874 MAX-ACCESS read-only 1875 STATUS deprecated 1876 DESCRIPTION 1877 "The destination IP address of the session endpoint that 1878 lies in the public network. 1880 The value of this object must be non-zero when the 1881 natSessionPrivateDstEPBindId object has a non-zero 1882 value. If the value of this object and the 1883 corresponding natSessionPrivateDstEPBindId object value 1884 is zero, then the NAT session lookup will match any IP 1885 address to this field. 1887 The type of this address is determined by the value of 1888 the natSessionPublicAddrType object." 1889 ::= { natSessionEntry 18 } 1891 natSessionPublicDstPort OBJECT-TYPE 1892 SYNTAX InetPortNumber 1893 MAX-ACCESS read-only 1894 STATUS deprecated 1895 DESCRIPTION 1896 "When the value of protocol is TCP or UDP, this object 1897 represents the destination port in the first packet of 1898 session while in public-realm. On the other hand, when 1899 the protocol is ICMP, this object is not relevant for 1900 translation and should be zero. 1902 The value of this object must be zero when the 1903 natSessionPrivateDstEPBindId object has a zero value 1904 and natSessionPrivateDstEPBindMode is 1905 addressPortBind(2). In such a scenario, the NAT 1906 session lookup will match any port number to this 1907 field. 1909 The value of this object must be zero when the object 1910 is not a representative field (SrcPort, DstPort, or 1911 ICMP identifier) of the session tuple in either the 1912 public realm or the private realm." 1913 ::= { natSessionEntry 19 } 1915 natSessionMaxIdleTime OBJECT-TYPE 1916 SYNTAX TimeTicks 1917 MAX-ACCESS read-only 1918 STATUS deprecated 1919 DESCRIPTION 1920 "The max time for which this session can be idle 1921 without detecting a packet." 1922 ::= { natSessionEntry 20 } 1924 natSessionCurrentIdleTime OBJECT-TYPE 1925 SYNTAX TimeTicks 1926 MAX-ACCESS read-only 1927 STATUS deprecated 1928 DESCRIPTION 1929 "The time since a packet belonging to this session was 1930 last detected." 1932 ::= { natSessionEntry 21 } 1934 natSessionInTranslates OBJECT-TYPE 1935 SYNTAX Counter64 1936 MAX-ACCESS read-only 1937 STATUS deprecated 1938 DESCRIPTION 1939 "The number of inbound packets that were translated for 1940 this session. 1942 Discontinuities in the value of this counter can occur at 1943 reinitialization of the management system and at other 1944 times, as indicated by the value of 1945 ifCounterDiscontinuityTime on the relevant interface." 1946 ::= { natSessionEntry 22 } 1948 natSessionOutTranslates OBJECT-TYPE 1949 SYNTAX Counter64 1950 MAX-ACCESS read-only 1951 STATUS deprecated 1952 DESCRIPTION 1953 "The number of outbound packets that were translated for 1954 this session. 1956 Discontinuities in the value of this counter can occur at 1957 reinitialization of the management system and at other 1958 times, as indicated by the value of 1959 ifCounterDiscontinuityTime on the relevant interface." 1960 ::= { natSessionEntry 23 } 1962 -- 1963 -- The Protocol table 1964 -- 1966 natProtocolTable OBJECT-TYPE 1967 SYNTAX SEQUENCE OF NatProtocolEntry 1968 MAX-ACCESS not-accessible 1969 STATUS deprecated 1970 DESCRIPTION 1971 "The (conceptual) table containing per protocol NAT 1972 statistics." 1973 ::= { natMIBObjects 10 } 1975 natProtocolEntry OBJECT-TYPE 1976 SYNTAX NatProtocolEntry 1977 MAX-ACCESS not-accessible 1978 STATUS deprecated 1979 DESCRIPTION 1980 "An entry (conceptual row) containing NAT statistics 1981 pertaining to a particular protocol." 1982 INDEX { natProtocol } 1983 ::= { natProtocolTable 1 } 1985 NatProtocolEntry ::= SEQUENCE { 1986 natProtocol NatProtocolType, 1987 natProtocolInTranslates Counter64, 1988 natProtocolOutTranslates Counter64, 1989 natProtocolDiscards Counter64 1990 } 1992 natProtocol OBJECT-TYPE 1993 SYNTAX NatProtocolType 1994 MAX-ACCESS not-accessible 1995 STATUS deprecated 1996 DESCRIPTION 1997 "This object represents the protocol pertaining to which 1998 parameters are reported." 1999 ::= { natProtocolEntry 1 } 2001 natProtocolInTranslates OBJECT-TYPE 2002 SYNTAX Counter64 2003 MAX-ACCESS read-only 2004 STATUS deprecated 2005 DESCRIPTION 2006 "The number of inbound packets pertaining to the protocol 2007 identified by natProtocol that underwent NAT. 2009 Discontinuities in the value of this counter can occur at 2010 reinitialization of the management system and at other 2011 times, as indicated by the value of 2012 ifCounterDiscontinuityTime on the relevant interface." 2013 ::= { natProtocolEntry 2 } 2015 natProtocolOutTranslates OBJECT-TYPE 2016 SYNTAX Counter64 2017 MAX-ACCESS read-only 2018 STATUS deprecated 2019 DESCRIPTION 2020 "The number of outbound packets pertaining to the protocol 2021 identified by natProtocol that underwent NAT. 2023 Discontinuities in the value of this counter can occur at 2024 reinitialization of the management system and at other 2025 times, as indicated by the value of 2026 ifCounterDiscontinuityTime on the relevant interface." 2027 ::= { natProtocolEntry 3 } 2029 natProtocolDiscards OBJECT-TYPE 2030 SYNTAX Counter64 2031 MAX-ACCESS read-only 2032 STATUS deprecated 2033 DESCRIPTION 2034 "The number of packets pertaining to the protocol 2035 identified by natProtocol that had to be 2036 rejected/dropped due to lack of resources. These 2037 rejections could be due to session timeout, resource 2038 unavailability, lack of address space, etc. 2040 Discontinuities in the value of this counter can occur at 2041 reinitialization of the management system and at other 2042 times, as indicated by the value of 2043 ifCounterDiscontinuityTime on the relevant interface." 2044 ::= { natProtocolEntry 4 } 2046 -- 2047 -- Notifications section 2048 -- 2050 natMIBNotifications OBJECT IDENTIFIER ::= { natMIB 0 } 2052 -- 2053 -- Notifications 2054 -- 2056 natPacketDiscard NOTIFICATION-TYPE 2057 OBJECTS { ifIndex } 2058 STATUS deprecated 2059 DESCRIPTION 2060 "This notification is generated when IP packets are 2061 discarded by the NAT function; e.g., due to lack of 2062 mapping space when NAT is out of addresses or ports. 2064 Note that the generation of natPacketDiscard 2065 notifications is throttled by the agent, as specified 2066 by the 'natNotifThrottlingInterval' object." 2067 ::= { natMIBNotifications 1 } 2069 natNotifPoolWatermarkLow NOTIFICATION-TYPE 2070 OBJECTS { natPoolIndex } 2071 STATUS current 2072 DESCRIPTION 2073 "This notification is generated when the specified pool's number 2074 of free addresses becomes lower than or equal to the specified 2075 threshold. The threshold is specified by the 2076 natPoolWatermarkLow object" 2078 ::= { natMIBNotifications 2 } 2080 natNotifPoolWatermarkHigh NOTIFICATION-TYPE 2081 OBJECTS { natPoolIndex } 2082 STATUS current 2083 DESCRIPTION 2084 "This notification is generated when the specified pool's number 2085 of free addresses becomes greater than or equal to the 2086 specified threshold. The threshold is specified by the 2087 natPoolWatermarkHigh object" 2088 ::= { natMIBNotifications 3 } 2090 natNotifMappings NOTIFICATION-TYPE 2091 OBJECTS { natCntMappings } 2092 STATUS current 2093 DESCRIPTION 2094 "This notification is generated when natCntMappings exceeds 2095 the value of natMappingsNotifyThreshold." 2096 ::= { natMIBNotifications 4 } 2098 natNotifAddrMappings NOTIFICATION-TYPE 2099 OBJECTS { natCntAddressMappings } 2100 STATUS current 2101 DESCRIPTION 2102 "This notification is generated when natCntAddressMappings 2103 exceeds the value of natAddrMapNotifyThreshold." 2104 ::= { natMIBNotifications 5 } 2106 -- 2107 -- Conformance information. 2108 -- 2110 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 } 2112 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } 2113 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } 2115 -- 2116 -- Units of conformance 2117 -- 2119 natConfigGroup OBJECT-GROUP 2120 OBJECTS { natInterfaceRealm, 2121 natInterfaceServiceType, 2122 natInterfaceStorageType, 2123 natInterfaceRowStatus, 2124 natAddrMapName, 2125 natAddrMapEntryType, 2126 natAddrMapTranslationEntity, 2127 natAddrMapLocalAddrType, 2128 natAddrMapLocalAddrFrom, 2129 natAddrMapLocalAddrTo, 2130 natAddrMapLocalPortFrom, 2131 natAddrMapLocalPortTo, 2132 natAddrMapGlobalAddrType, 2133 natAddrMapGlobalAddrFrom, 2134 natAddrMapGlobalAddrTo, 2135 natAddrMapGlobalPortFrom, 2136 natAddrMapGlobalPortTo, 2137 natAddrMapProtocol, 2138 natAddrMapStorageType, 2139 natAddrMapRowStatus, 2140 natBindDefIdleTimeout, 2141 natUdpDefIdleTimeout, 2142 natIcmpDefIdleTimeout, 2143 natOtherDefIdleTimeout, 2144 natTcpDefIdleTimeout, 2145 natTcpDefNegTimeout, 2146 natNotifThrottlingInterval } 2147 STATUS deprecated 2148 DESCRIPTION 2149 "A collection of configuration-related information 2150 required to support management of devices supporting 2151 NAT." 2152 ::= { natMIBGroups 1 } 2154 natTranslationGroup OBJECT-GROUP 2155 OBJECTS { natAddrBindNumberOfEntries, 2156 natAddrBindGlobalAddrType, 2157 natAddrBindGlobalAddr, 2158 natAddrBindId, 2159 natAddrBindTranslationEntity, 2160 natAddrBindType, 2161 natAddrBindMapIndex, 2162 natAddrBindSessions, 2163 natAddrBindMaxIdleTime, 2164 natAddrBindCurrentIdleTime, 2165 natAddrBindInTranslates, 2166 natAddrBindOutTranslates, 2167 natAddrPortBindNumberOfEntries, 2168 natAddrPortBindGlobalAddrType, 2169 natAddrPortBindGlobalAddr, 2170 natAddrPortBindGlobalPort, 2171 natAddrPortBindId, 2172 natAddrPortBindTranslationEntity, 2173 natAddrPortBindType, 2174 natAddrPortBindMapIndex, 2175 natAddrPortBindSessions, 2176 natAddrPortBindMaxIdleTime, 2177 natAddrPortBindCurrentIdleTime, 2178 natAddrPortBindInTranslates, 2179 natAddrPortBindOutTranslates, 2180 natSessionPrivateSrcEPBindId, 2181 natSessionPrivateSrcEPBindMode, 2182 natSessionPrivateDstEPBindId, 2183 natSessionPrivateDstEPBindMode, 2184 natSessionDirection, 2185 natSessionUpTime, 2186 natSessionAddrMapIndex, 2187 natSessionProtocolType, 2188 natSessionPrivateAddrType, 2189 natSessionPrivateSrcAddr, 2190 natSessionPrivateSrcPort, 2191 natSessionPrivateDstAddr, 2192 natSessionPrivateDstPort, 2193 natSessionPublicAddrType, 2194 natSessionPublicSrcAddr, 2195 natSessionPublicSrcPort, 2196 natSessionPublicDstAddr, 2197 natSessionPublicDstPort, 2198 natSessionMaxIdleTime, 2199 natSessionCurrentIdleTime, 2200 natSessionInTranslates, 2201 natSessionOutTranslates } 2202 STATUS deprecated 2204 DESCRIPTION 2205 "A collection of BIND-related objects required to support 2206 management of devices supporting NAT." 2207 ::= { natMIBGroups 2 } 2209 natStatsInterfaceGroup OBJECT-GROUP 2210 OBJECTS { natInterfaceInTranslates, 2211 natInterfaceOutTranslates, 2212 natInterfaceDiscards } 2213 STATUS deprecated 2214 DESCRIPTION 2215 "A collection of NAT statistics associated with the 2216 interface on which NAT is configured, to aid 2217 troubleshooting/monitoring of the NAT operation." 2218 ::= { natMIBGroups 3 } 2220 natStatsProtocolGroup OBJECT-GROUP 2221 OBJECTS { natProtocolInTranslates, 2222 natProtocolOutTranslates, 2223 natProtocolDiscards } 2224 STATUS deprecated 2225 DESCRIPTION 2226 "A collection of protocol specific NAT statistics, 2227 to aid troubleshooting/monitoring of NAT operation." 2228 ::= { natMIBGroups 4 } 2230 natStatsAddrMapGroup OBJECT-GROUP 2231 OBJECTS { natAddrMapInTranslates, 2232 natAddrMapOutTranslates, 2233 natAddrMapDiscards, 2234 natAddrMapAddrUsed } 2235 STATUS deprecated 2236 DESCRIPTION 2237 "A collection of address map specific NAT statistics, 2238 to aid troubleshooting/monitoring of NAT operation." 2239 ::= { natMIBGroups 5 } 2241 natMIBNotificationGroup NOTIFICATION-GROUP 2242 NOTIFICATIONS { natPacketDiscard } 2243 STATUS deprecated 2244 DESCRIPTION 2245 "A collection of notifications generated by 2246 devices supporting this MIB." 2247 ::= { natMIBGroups 6 } 2249 natGroupBasicObjects OBJECT-GROUP 2250 OBJECTS { natCntTranslates, 2251 natCntOOP, 2252 natCntResource, 2253 natCntStateMismatch, 2254 natCntQuota, 2255 natCntMappings, 2256 natCntMapCreations, 2257 natCntMapRemovals, 2258 natCntProtocolTranslates, 2259 natCntProtocolOOP, 2260 natCntProtocolResource, 2261 natCntProtocolStateMismatch, 2262 natCntProtocolQuota, 2263 natCntProtocolMappings, 2264 natCntProtocolMapCreations, 2265 natCntProtocolMapRemovals, 2266 natLimitMappings, 2267 natMappingsNotifyThreshold, 2268 natPoolIndex, 2269 natPoolRealm, 2270 natPoolUsage, 2271 natPoolWatermarkLow, 2272 natPoolWatermarkHigh, 2273 natPoolPortMin, 2274 natPoolPortMax, 2275 natPoolRangePoolIndex, 2276 natPoolRangeEnd, 2277 natPoolRangeAllocatedPorts, 2278 natMappingIntRealm, 2279 natMappingIntAddressType, 2280 natMappingIntAddress, 2281 natMappingIntPort, 2282 natMappingPool, 2283 natMappingMapBehavior, 2284 natMappingFilterBehavior, 2285 natMappingAddressPooling } 2286 STATUS current 2287 DESCRIPTION 2288 "Basic counters, limits, and thresholds." 2289 ::= { natMIBGroups 7 } 2291 natGroupAddrMapObjects OBJECT-GROUP 2292 OBJECTS { natCntAddressMappings, 2293 natCntAddrMapCreations, 2294 natCntAddrMapRemovals, 2295 natLimitAddressMappings, 2296 natAddrMapNotifyThreshold, 2297 natMapIntAddrExtRealm, 2298 natMapIntAddrExt } 2299 STATUS current 2300 DESCRIPTION 2301 "Objects that require 'Paired IP address pooling' behavior 2302 [RFC4787]." 2303 ::= { natMIBGroups 8 } 2305 natGroupFragmentObjects OBJECT-GROUP 2306 OBJECTS { natLimitFragments } 2307 STATUS current 2308 DESCRIPTION 2309 "Objects that require 'Receive Fragments Out of Order' behavior 2310 [RFC4787]." 2311 ::= { natMIBGroups 9 } 2313 natGroupBasicNotifications NOTIFICATION-GROUP 2314 NOTIFICATIONS { natNotifPoolWatermarkLow, 2315 natNotifPoolWatermarkHigh, 2316 natNotifMappings } 2317 STATUS current 2318 DESCRIPTION 2319 "Basic notifications." 2320 ::= { natMIBGroups 11 } 2322 natGroupAddrMapNotifications NOTIFICATION-GROUP 2323 NOTIFICATIONS { natNotifAddrMappings } 2324 STATUS current 2325 DESCRIPTION 2326 "Notifications about address mappings." 2327 ::= { natMIBGroups 12 } 2329 -- 2330 -- Compliance statements 2331 -- 2333 natMIBFullCompliance MODULE-COMPLIANCE 2334 STATUS deprecated 2335 DESCRIPTION 2336 "When this MIB is implemented with support for 2337 read-create, then such an implementation can claim 2338 full compliance. Such devices can then be both 2339 monitored and configured with this MIB. 2341 The following index objects cannot be added as OBJECT 2342 clauses but nevertheless have the compliance 2343 requirements: 2344 " 2345 -- OBJECT natAddrBindLocalAddrType 2346 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2347 -- DESCRIPTION 2348 -- "An implementation is required to support 2349 -- global IPv4 and/or IPv6 addresses, depending 2350 -- on its support for IPv4 and IPv6." 2352 -- OBJECT natAddrBindLocalAddr 2353 -- SYNTAX InetAddress (SIZE(4|16)) 2354 -- DESCRIPTION 2355 -- "An implementation is required to support 2356 -- global IPv4 and/or IPv6 addresses, depending 2357 -- on its support for IPv4 and IPv6." 2359 -- OBJECT natAddrPortBindLocalAddrType 2360 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2361 -- DESCRIPTION 2362 -- "An implementation is required to support 2363 -- global IPv4 and/or IPv6 addresses, depending 2364 -- on its support for IPv4 and IPv6." 2365 -- OBJECT natAddrPortBindLocalAddr 2366 -- SYNTAX InetAddress (SIZE(4|16)) 2367 -- DESCRIPTION 2368 -- "An implementation is required to support 2369 -- global IPv4 and/or IPv6 addresses, depending 2370 -- on its support for IPv4 and IPv6." 2372 MODULE IF-MIB -- The interfaces MIB, RFC2863 2373 MANDATORY-GROUPS { 2374 ifCounterDiscontinuityGroup 2375 } 2377 MODULE -- this module 2378 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2379 natStatsInterfaceGroup } 2381 GROUP natStatsProtocolGroup 2382 DESCRIPTION 2383 "This group is optional." 2384 GROUP natStatsAddrMapGroup 2385 DESCRIPTION 2386 "This group is optional." 2387 GROUP natMIBNotificationGroup 2388 DESCRIPTION 2389 "This group is optional." 2391 OBJECT natAddrMapLocalAddrType 2392 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2393 DESCRIPTION 2394 "An implementation is required to support global IPv4 2395 and/or IPv6 addresses, depending on its support 2396 for IPv4 and IPv6." 2398 OBJECT natAddrMapLocalAddrFrom 2399 SYNTAX InetAddress (SIZE(4|16)) 2400 DESCRIPTION 2401 "An implementation is required to support global IPv4 2402 and/or IPv6 addresses, depending on its support 2403 for IPv4 and IPv6." 2405 OBJECT natAddrMapLocalAddrTo 2406 SYNTAX InetAddress (SIZE(4|16)) 2407 DESCRIPTION 2408 "An implementation is required to support global IPv4 2409 and/or IPv6 addresses, depending on its support 2410 for IPv4 and IPv6." 2412 OBJECT natAddrMapGlobalAddrType 2413 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2414 DESCRIPTION 2415 "An implementation is required to support global IPv4 2416 and/or IPv6 addresses, depending on its support 2417 for IPv4 and IPv6." 2419 OBJECT natAddrMapGlobalAddrFrom 2420 SYNTAX InetAddress (SIZE(4|16)) 2421 DESCRIPTION 2422 "An implementation is required to support global IPv4 2423 and/or IPv6 addresses, depending on its support 2424 for IPv4 and IPv6." 2426 OBJECT natAddrMapGlobalAddrTo 2427 SYNTAX InetAddress (SIZE(4|16)) 2428 DESCRIPTION 2429 "An implementation is required to support global IPv4 2430 and/or IPv6 addresses, depending on its support 2431 for IPv4 and IPv6." 2433 OBJECT natAddrBindGlobalAddrType 2434 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2435 DESCRIPTION 2436 "An implementation is required to support global IPv4 2437 and/or IPv6 addresses, depending on its support 2438 for IPv4 and IPv6." 2440 OBJECT natAddrBindGlobalAddr 2441 SYNTAX InetAddress (SIZE(4|16)) 2442 DESCRIPTION 2443 "An implementation is required to support global IPv4 2444 and/or IPv6 addresses, depending on its support 2445 for IPv4 and IPv6." 2447 OBJECT natAddrPortBindGlobalAddrType 2448 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2449 DESCRIPTION 2450 "An implementation is required to support global IPv4 2451 and/or IPv6 addresses, depending on its support 2452 for IPv4 and IPv6." 2454 OBJECT natAddrPortBindGlobalAddr 2455 SYNTAX InetAddress (SIZE(4|16)) 2456 DESCRIPTION 2457 "An implementation is required to support global IPv4 2458 and/or IPv6 addresses, depending on its support 2459 for IPv4 and IPv6." 2461 OBJECT natSessionPrivateAddrType 2462 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2463 DESCRIPTION 2464 "An implementation is required to support global IPv4 2465 and/or IPv6 addresses, depending on its support 2466 for IPv4 and IPv6." 2468 OBJECT natSessionPrivateSrcAddr 2469 SYNTAX InetAddress (SIZE(4|16)) 2470 DESCRIPTION 2471 "An implementation is required to support global IPv4 2472 and/or IPv6 addresses, depending on its support 2473 for IPv4 and IPv6." 2475 OBJECT natSessionPrivateDstAddr 2476 SYNTAX InetAddress (SIZE(4|16)) 2477 DESCRIPTION 2478 "An implementation is required to support global IPv4 2479 and/or IPv6 addresses, depending on its support 2480 for IPv4 and IPv6." 2482 OBJECT natSessionPublicAddrType 2483 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2484 DESCRIPTION 2485 "An implementation is required to support global IPv4 2486 and/or IPv6 addresses, depending on its support 2487 for IPv4 and IPv6." 2489 OBJECT natSessionPublicSrcAddr 2490 SYNTAX InetAddress (SIZE(4|16)) 2491 DESCRIPTION 2492 "An implementation is required to support global IPv4 2493 and/or IPv6 addresses, depending on its support 2494 for IPv4 and IPv6." 2496 OBJECT natSessionPublicDstAddr 2497 SYNTAX InetAddress (SIZE(4|16)) 2498 DESCRIPTION 2499 "An implementation is required to support global IPv4 2500 and/or IPv6 addresses, depending on its support 2501 for IPv4 and IPv6." 2503 ::= { natMIBCompliances 1 } 2505 natMIBReadOnlyCompliance MODULE-COMPLIANCE 2506 STATUS deprecated 2507 DESCRIPTION 2508 "When this MIB is implemented without support for 2509 read-create (i.e., in read-only mode), then such an 2510 implementation can claim read-only compliance. 2511 Such a device can then be monitored but cannot be 2512 configured with this MIB. 2514 The following index objects cannot be added as OBJECT 2515 clauses but nevertheless have the compliance 2516 requirements: 2517 " 2518 -- OBJECT natAddrBindLocalAddrType 2519 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2520 -- DESCRIPTION 2521 -- "An implementation is required to support 2522 -- global IPv4 and/or IPv6 addresses, depending 2523 -- on its support for IPv4 and IPv6." 2525 -- OBJECT natAddrBindLocalAddr 2526 -- SYNTAX InetAddress (SIZE(4|16)) 2528 -- DESCRIPTION 2529 -- "An implementation is required to support 2530 -- global IPv4 and/or IPv6 addresses, depending 2531 -- on its support for IPv4 and IPv6." 2533 -- OBJECT natAddrPortBindLocalAddrType 2534 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2535 -- DESCRIPTION 2536 -- "An implementation is required to support 2537 -- global IPv4 and/or IPv6 addresses, depending 2538 -- on its support for IPv4 and IPv6." 2539 -- OBJECT natAddrPortBindLocalAddr 2540 -- SYNTAX InetAddress (SIZE(4|16)) 2541 -- DESCRIPTION 2542 -- "An implementation is required to support 2543 -- global IPv4 and/or IPv6 addresses, depending 2544 -- on its support for IPv4 and IPv6." 2546 MODULE IF-MIB -- The interfaces MIB, RFC2863 2547 MANDATORY-GROUPS { 2548 ifCounterDiscontinuityGroup 2549 } 2551 MODULE -- this module 2552 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2553 natStatsInterfaceGroup } 2555 GROUP natStatsProtocolGroup 2556 DESCRIPTION 2557 "This group is optional." 2558 GROUP natStatsAddrMapGroup 2559 DESCRIPTION 2560 "This group is optional." 2561 GROUP natMIBNotificationGroup 2562 DESCRIPTION 2563 "This group is optional." 2564 OBJECT natInterfaceRowStatus 2565 SYNTAX RowStatus { active(1) } 2566 MIN-ACCESS read-only 2567 DESCRIPTION 2568 "Write access is not required, and active is the only 2569 status that needs to be supported." 2571 OBJECT natAddrMapLocalAddrType 2572 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2573 MIN-ACCESS read-only 2574 DESCRIPTION 2575 "Write access is not required. An implementation is 2576 required to support global IPv4 and/or IPv6 addresses, 2577 depending on its support for IPv4 and IPv6." 2579 OBJECT natAddrMapLocalAddrFrom 2580 SYNTAX InetAddress (SIZE(4|16)) 2581 MIN-ACCESS read-only 2582 DESCRIPTION 2583 "Write access is not required. An implementation is 2584 required to support global IPv4 and/or IPv6 addresses, 2585 depending on its support for IPv4 and IPv6." 2587 OBJECT natAddrMapLocalAddrTo 2588 SYNTAX InetAddress (SIZE(4|16)) 2589 MIN-ACCESS read-only 2590 DESCRIPTION 2591 "Write access is not required. An implementation is 2592 required to support global IPv4 and/or IPv6 addresses, 2593 depending on its support for IPv4 and IPv6." 2595 OBJECT natAddrMapGlobalAddrType 2596 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2597 MIN-ACCESS read-only 2598 DESCRIPTION 2599 "Write access is not required. An implementation is 2600 required to support global IPv4 and/or IPv6 addresses, 2601 depending on its support for IPv4 and IPv6." 2603 OBJECT natAddrMapGlobalAddrFrom 2604 SYNTAX InetAddress (SIZE(4|16)) 2605 MIN-ACCESS read-only 2606 DESCRIPTION 2607 "Write access is not required. An implementation is 2608 required to support global IPv4 and/or IPv6 addresses, 2609 depending on its support for IPv4 and IPv6." 2611 OBJECT natAddrMapGlobalAddrTo 2612 SYNTAX InetAddress (SIZE(4|16)) 2613 MIN-ACCESS read-only 2614 DESCRIPTION 2615 "Write access is not required. An implementation is 2616 required to support global IPv4 and/or IPv6 addresses, 2617 depending on its support for IPv4 and IPv6." 2619 OBJECT natAddrMapRowStatus 2620 SYNTAX RowStatus { active(1) } 2621 MIN-ACCESS read-only 2622 DESCRIPTION 2623 "Write access is not required, and active is the only 2624 status that needs to be supported." 2626 OBJECT natAddrBindGlobalAddrType 2627 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2628 DESCRIPTION 2629 "An implementation is required to support global IPv4 2630 and/or IPv6 addresses, depending on its support for 2631 IPv4 and IPv6." 2633 OBJECT natAddrBindGlobalAddr 2634 SYNTAX InetAddress (SIZE(4|16)) 2635 DESCRIPTION 2636 "An implementation is required to support global IPv4 2637 and/or IPv6 addresses, depending on its support for 2638 IPv4 and IPv6." 2640 OBJECT natAddrPortBindGlobalAddrType 2641 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2642 DESCRIPTION 2643 "An implementation is required to support global IPv4 2644 and/or IPv6 addresses, depending on its support for 2645 IPv4 and IPv6." 2647 OBJECT natAddrPortBindGlobalAddr 2648 SYNTAX InetAddress (SIZE(4|16)) 2649 DESCRIPTION 2650 "An implementation is required to support global IPv4 2651 and/or IPv6 addresses, depending on its support for 2652 IPv4 and IPv6." 2654 OBJECT natSessionPrivateAddrType 2655 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2656 DESCRIPTION 2657 "An implementation is required to support global IPv4 2658 and/or IPv6 addresses, depending on its support for 2659 IPv4 and IPv6." 2661 OBJECT natSessionPrivateSrcAddr 2662 SYNTAX InetAddress (SIZE(4|16)) 2663 DESCRIPTION 2664 "An implementation is required to support global IPv4 2665 and/or IPv6 addresses, depending on its support for 2666 IPv4 and IPv6." 2668 OBJECT natSessionPrivateDstAddr 2669 SYNTAX InetAddress (SIZE(4|16)) 2670 DESCRIPTION 2671 "An implementation is required to support global IPv4 2672 and/or IPv6 addresses, depending on its support for 2673 IPv4 and IPv6." 2675 OBJECT natSessionPublicAddrType 2676 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2677 DESCRIPTION 2678 "An implementation is required to support global IPv4 2679 and/or IPv6 addresses, depending on its support for 2680 IPv4 and IPv6." 2682 OBJECT natSessionPublicSrcAddr 2683 SYNTAX InetAddress (SIZE(4|16)) 2684 DESCRIPTION 2685 "An implementation is required to support global IPv4 2686 and/or IPv6 addresses, depending on its support for 2687 IPv4 and IPv6." 2689 OBJECT natSessionPublicDstAddr 2690 SYNTAX InetAddress (SIZE(4|16)) 2691 DESCRIPTION 2692 "An implementation is required to support global IPv4 2693 and/or IPv6 addresses, depending on its support for 2694 IPv4 and IPv6." 2696 ::= { natMIBCompliances 2 } 2698 natBasicCompliance MODULE-COMPLIANCE 2699 STATUS current 2700 DESCRIPTION 2701 "Basic compliance with this MIB is attained when the objects 2702 contained in the mandatory groups are implemented." 2703 MODULE -- this module 2704 MANDATORY-GROUPS { natGroupBasicObjects, 2705 natGroupBasicNotifications } 2706 ::= { natMIBCompliances 3 } 2708 natAddrMapCompliance MODULE-COMPLIANCE 2709 STATUS current 2710 DESCRIPTION 2711 "NATs that have 'Paired IP address pooling' behavior [RFC4787] 2712 and implement the objects in this group can claim this level of 2713 compliance." 2714 MODULE -- this module 2715 MANDATORY-GROUPS { natGroupBasicObjects, 2716 natGroupBasicNotifications, 2717 natGroupAddrMapObjects, 2718 natGroupAddrMapNotifications } 2719 ::= { natMIBCompliances 4 } 2721 natFragmentsCompliance MODULE-COMPLIANCE 2722 STATUS current 2723 DESCRIPTION 2724 "NATs that have 'Receive Fragments Out of Order' behavior 2725 [RFC4787] and implement the objects in this group can claim 2726 this level of compliance." 2727 MODULE -- this module 2728 MANDATORY-GROUPS { natGroupBasicObjects, 2729 natGroupBasicNotifications, 2730 natGroupFragmentObjects } 2731 ::= { natMIBCompliances 5 } 2733 -- counters 2735 natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 } 2737 natCntTranslates OBJECT-TYPE 2738 SYNTAX Counter64 2739 MAX-ACCESS read-only 2740 STATUS current 2741 DESCRIPTION 2742 "The number of packets to which NAT has been applied." 2743 ::= { natCounters 1 } 2745 natCntOOP OBJECT-TYPE 2746 SYNTAX Counter64 2747 MAX-ACCESS read-only 2748 STATUS current 2749 DESCRIPTION 2750 "The number of packets to which NAT could not be applied because 2751 no external port was available, excluding quota limitations." 2752 ::= { natCounters 2 } 2754 natCntResource OBJECT-TYPE 2755 SYNTAX Counter64 2756 MAX-ACCESS read-only 2757 STATUS current 2758 DESCRIPTION 2759 "The number of packets to which NAT could not be applied because 2760 of resource constraints (excluding out-of-ports condition)." 2761 ::= { natCounters 3 } 2763 natCntStateMismatch OBJECT-TYPE 2764 SYNTAX Counter64 2765 MAX-ACCESS read-only 2766 STATUS current 2767 DESCRIPTION 2768 "The number of packets to which NAT could not be applied because 2769 of mapping state mismatch. For example, a TCP packet that 2770 matches an existing mapping but is dropped because its flags 2771 are incompatible with the current state of the mapping would 2772 cause this counter to be incremented." 2773 ::= { natCounters 4 } 2775 natCntQuota OBJECT-TYPE 2776 SYNTAX Counter64 2777 MAX-ACCESS read-only 2778 STATUS current 2779 DESCRIPTION 2780 "The number of packets to which NAT could not be applied because 2781 of quota limitations. Quotas include absolute limits as well as 2782 limits on rate of allocation." 2783 ::= { natCounters 5 } 2785 natCntMappings OBJECT-TYPE 2786 SYNTAX Gauge32 2787 MAX-ACCESS read-only 2788 STATUS current 2789 DESCRIPTION 2790 "Number of currently active mappings. 2792 Equal to natCntMapRemovals - natCntMapCreations." 2793 ::= { natCounters 6 } 2795 natCntMapCreations OBJECT-TYPE 2796 SYNTAX Counter64 2797 MAX-ACCESS read-only 2798 STATUS current 2799 DESCRIPTION 2800 "Number of mapping creations. This includes static mappings." 2801 ::= { natCounters 7 } 2803 natCntMapRemovals OBJECT-TYPE 2804 SYNTAX Counter64 2805 MAX-ACCESS read-only 2806 STATUS current 2807 DESCRIPTION 2808 "Number of mapping removals. This includes static mappings." 2809 ::= { natCounters 8 } 2811 natCntAddressMappings OBJECT-TYPE 2812 SYNTAX Gauge32 2813 MAX-ACCESS read-only 2814 STATUS current 2815 DESCRIPTION 2816 "Number of active address mappings. 2818 Equal to natCntAddrMapRemovals - natCntAddrMapCreations." 2819 ::= { natCounters 9 } 2821 natCntAddrMapCreations OBJECT-TYPE 2822 SYNTAX Counter64 2823 MAX-ACCESS read-only 2824 STATUS current 2825 DESCRIPTION 2826 "Number of address mapping creations. This includes static 2827 mappings." 2828 ::= { natCounters 10 } 2830 natCntAddrMapRemovals OBJECT-TYPE 2831 SYNTAX Counter64 2832 MAX-ACCESS read-only 2833 STATUS current 2834 DESCRIPTION 2835 "Number of address mapping removals. This includes static 2836 mappings." 2837 ::= { natCounters 11 } 2839 natCntProtocolTable OBJECT-TYPE 2840 SYNTAX SEQUENCE OF NatCntProtocolEntry 2841 MAX-ACCESS not-accessible 2842 STATUS current 2843 DESCRIPTION 2844 "Table of protocols with per-protocol counters." 2845 ::= { natCounters 128 } 2847 natCntProtocolEntry OBJECT-TYPE 2848 SYNTAX NatCntProtocolEntry 2849 MAX-ACCESS not-accessible 2850 STATUS current 2851 DESCRIPTION 2852 "Per-protocol counters." 2853 INDEX { natCntProtocolNumber } 2854 ::= { natCntProtocolTable 1 } 2856 NatCntProtocolEntry ::= 2857 SEQUENCE { 2858 natCntProtocolNumber ProtocolNumber, 2859 natCntProtocolTranslates Counter64, 2860 natCntProtocolOOP Counter64, 2861 natCntProtocolResource Counter64, 2862 natCntProtocolStateMismatch Counter64, 2863 natCntProtocolQuota Counter64, 2864 natCntProtocolMappings Gauge32, 2865 natCntProtocolMapCreations Counter64, 2866 natCntProtocolMapRemovals Counter64 2867 } 2869 natCntProtocolNumber OBJECT-TYPE 2870 SYNTAX ProtocolNumber 2871 MAX-ACCESS not-accessible 2872 STATUS current 2873 DESCRIPTION 2874 "Counters in this conceptual row apply to packets using the 2875 transport protocol identified by this object's value." 2876 ::= { natCntProtocolEntry 1 } 2878 natCntProtocolTranslates OBJECT-TYPE 2879 SYNTAX Counter64 2880 MAX-ACCESS read-only 2881 STATUS current 2882 DESCRIPTION 2883 "The number of packets to which NAT has been applied." 2884 ::= { natCntProtocolEntry 2 } 2886 natCntProtocolOOP OBJECT-TYPE 2887 SYNTAX Counter64 2888 MAX-ACCESS read-only 2889 STATUS current 2890 DESCRIPTION 2891 "The number of packets to which NAT could not be applied because 2892 no external port was available." 2893 ::= { natCntProtocolEntry 3 } 2895 natCntProtocolResource OBJECT-TYPE 2896 SYNTAX Counter64 2897 MAX-ACCESS read-only 2898 STATUS current 2899 DESCRIPTION 2900 "The number of packets to which NAT could not be applied because 2901 of resource constraints (excluding out-of-ports condition)." 2902 ::= { natCntProtocolEntry 4 } 2904 natCntProtocolStateMismatch OBJECT-TYPE 2905 SYNTAX Counter64 2906 MAX-ACCESS read-only 2907 STATUS current 2908 DESCRIPTION 2909 "The number of packets to which NAT could not be applied because 2910 of state table mismatch. For example, a TCP packet that matches 2911 an existing mapping but is dropped because its flags are 2912 incompatible with the current state of the mapping would cause 2913 this counter to be incremented." 2914 ::= { natCntProtocolEntry 5 } 2916 natCntProtocolQuota OBJECT-TYPE 2917 SYNTAX Counter64 2918 MAX-ACCESS read-only 2919 STATUS current 2920 DESCRIPTION 2921 "The number of packets to which NAT could not be applied because 2922 of exceeded quotas. Quotas include absolute limits as well as 2923 limits on rate of allocation." 2924 ::= { natCntProtocolEntry 6 } 2926 natCntProtocolMappings OBJECT-TYPE 2927 SYNTAX Gauge32 2928 MAX-ACCESS read-only 2929 STATUS current 2930 DESCRIPTION 2931 "Number of active mappings. 2933 Equal to natCntMapRemovals - natCntMapCreations." 2934 ::= { natCntProtocolEntry 7 } 2936 natCntProtocolMapCreations OBJECT-TYPE 2937 SYNTAX Counter64 2938 MAX-ACCESS read-only 2939 STATUS current 2940 DESCRIPTION 2941 "Number of mapping creations. This includes static mappings." 2942 ::= { natCntProtocolEntry 8 } 2944 natCntProtocolMapRemovals OBJECT-TYPE 2945 SYNTAX Counter64 2946 MAX-ACCESS read-only 2947 STATUS current 2948 DESCRIPTION 2949 "Number of mapping removals. This includes statis mappings." 2950 ::= { natCntProtocolEntry 9 } 2952 -- limits 2954 natLimits OBJECT IDENTIFIER ::= { natMIBObjects 12 } 2956 natLimitMappings OBJECT-TYPE 2957 SYNTAX Unsigned32 2958 MAX-ACCESS read-write 2959 STATUS current 2960 DESCRIPTION 2961 "Global limit on the total number of mappings. Zero means 2962 unlimited." 2963 ::= { natLimits 1 } 2965 natMappingsNotifyThreshold OBJECT-TYPE 2966 SYNTAX Unsigned32 2967 MAX-ACCESS read-write 2968 STATUS current 2969 DESCRIPTION 2970 "See natNotifMappings." 2971 ::= { natLimits 2 } 2973 natLimitAddressMappings OBJECT-TYPE 2974 SYNTAX Unsigned32 2975 MAX-ACCESS read-write 2976 STATUS current 2977 DESCRIPTION 2978 "Global limit on the total number of internal-to-external 2979 address mappings. Zero means unlimited. 2981 This limit is only applicable to NATs that have an 'IP address 2982 pooling' behavior of 'Paired' [RFC4787]." 2983 ::= { natLimits 3 } 2985 natAddrMapNotifyThreshold OBJECT-TYPE 2986 SYNTAX Unsigned32 2987 MAX-ACCESS read-write 2988 STATUS current 2989 DESCRIPTION 2990 "See natNotifAddrMappings." 2991 ::= { natLimits 4 } 2993 natLimitFragments OBJECT-TYPE 2994 SYNTAX Unsigned32 2995 MAX-ACCESS read-write 2996 STATUS current 2997 DESCRIPTION 2998 "Global limit on the total number of fragments pending 2999 reassembly. Zero means unlimited. 3001 This limit is only applicable to NATs having 'Receive 3002 Fragments Out of Order' behavior [RFC4787]." 3003 ::= { natLimits 5 } 3005 -- pools 3007 natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 } 3009 natPoolTable OBJECT-TYPE 3010 SYNTAX SEQUENCE OF NatPoolEntry 3011 MAX-ACCESS not-accessible 3012 STATUS current 3013 DESCRIPTION 3014 "Table of pools." 3015 ::= { natPoolObjects 1 } 3017 natPoolEntry OBJECT-TYPE 3018 SYNTAX NatPoolEntry 3019 MAX-ACCESS not-accessible 3020 STATUS current 3021 DESCRIPTION 3022 "Entry in the table of pools." 3023 INDEX { natPoolIndex } 3024 ::= { natPoolTable 1 } 3026 NatPoolEntry ::= 3027 SEQUENCE { 3028 natPoolIndex NatPoolId, 3029 natPoolRealm SnmpAdminString, 3030 natPoolUsage Integer32, 3031 natPoolWatermarkLow Integer32, 3032 natPoolWatermarkHigh Integer32, 3033 natPoolPortMin InetPortNumber, 3034 natPoolPortMax InetPortNumber 3035 } 3037 natPoolIndex OBJECT-TYPE 3038 SYNTAX NatPoolId 3039 MAX-ACCESS read-only 3040 STATUS current 3041 DESCRIPTION 3042 "Index of an address pool." 3043 ::= { natPoolEntry 1 } 3045 natPoolRealm OBJECT-TYPE 3046 SYNTAX SnmpAdminString (SIZE (0..32)) 3047 MAX-ACCESS read-only 3048 STATUS current 3049 DESCRIPTION 3050 "Realm to which this pool's addresses belong." 3051 ::= { natPoolEntry 2 } 3053 natPoolUsage OBJECT-TYPE 3054 SYNTAX Integer32 (0..100) 3055 MAX-ACCESS read-only 3056 STATUS current 3057 DESCRIPTION 3058 "Percentage of the pool's total number of external ports 3059 currently mapped." 3060 ::= { natPoolEntry 3 } 3062 natPoolWatermarkLow OBJECT-TYPE 3063 SYNTAX Integer32 (-1|0..100) 3064 MAX-ACCESS read-create 3065 STATUS current 3066 DESCRIPTION 3067 "Low watermark on a pool's usage, in percentage of the total 3068 number of ports available. If set to -1, the watermark is 3069 disabled. Otherwise when natPoolUsage becomes lower than or 3070 equal to natPoolWatermarkLow, a notification is sent. The 3071 NAT may also start behaving in low usage mode (this is 3072 implementation-defined)." 3073 ::= { natPoolEntry 4 } 3075 natPoolWatermarkHigh OBJECT-TYPE 3076 SYNTAX Integer32 (-1|0..100) 3077 MAX-ACCESS read-create 3078 STATUS current 3079 DESCRIPTION 3080 "High watermark on a pool's usage, in percentage of the total 3081 number of ports available. If set to -1, the watermark is 3082 disabled. Otherwise, when natPoolUsage becomes higher than 3083 or equal to natPoolWatermarkHigh, a notification is sent. 3084 The NAT may also start behaving in high usage mode (this is 3085 implementation-defined)." 3086 ::= { natPoolEntry 5 } 3088 natPoolPortMin OBJECT-TYPE 3089 SYNTAX InetPortNumber 3090 MAX-ACCESS read-create 3091 STATUS current 3092 DESCRIPTION 3093 "Minimal port number to be allocated in this pool." 3094 ::= { natPoolEntry 6 } 3096 natPoolPortMax OBJECT-TYPE 3097 SYNTAX InetPortNumber 3098 MAX-ACCESS read-create 3099 STATUS current 3100 DESCRIPTION 3101 "Maximal port number to be allocated in this pool." 3102 ::= { natPoolEntry 7 } 3104 natPoolRangeTable OBJECT-TYPE 3105 SYNTAX SEQUENCE OF NatPoolRangeEntry 3106 MAX-ACCESS not-accessible 3107 STATUS current 3108 DESCRIPTION 3109 "This table contains address ranges used by pool entries." 3110 ::= { natPoolObjects 2 } 3112 natPoolRangeEntry OBJECT-TYPE 3113 SYNTAX NatPoolRangeEntry 3114 MAX-ACCESS not-accessible 3115 STATUS current 3116 DESCRIPTION 3117 "NAT pool address range." 3118 INDEX { natPoolRangeType, 3119 natPoolRangeBegin } 3120 ::= { natPoolRangeTable 1 } 3122 NatPoolRangeEntry ::= 3123 SEQUENCE { 3124 natPoolRangePoolIndex NatPoolId, 3125 natPoolRangeType InetAddressType, 3126 natPoolRangeBegin InetAddress, 3127 natPoolRangeEnd InetAddress, 3128 natPoolRangeAllocatedPorts Gauge32 3129 } 3131 natPoolRangePoolIndex OBJECT-TYPE 3132 SYNTAX NatPoolId 3133 MAX-ACCESS read-only 3134 STATUS current 3135 DESCRIPTION 3136 "Index of the address pool to which this address range belongs. 3137 See natPoolIndex." 3138 ::= { natPoolRangeEntry 1 } 3140 natPoolRangeType OBJECT-TYPE 3141 SYNTAX InetAddressType 3142 MAX-ACCESS not-accessible 3143 STATUS current 3144 DESCRIPTION 3145 "The address type of natPoolRangeBegin and 3146 natPoolRangeEnd." 3147 ::= { natPoolRangeEntry 2 } 3149 natPoolRangeBegin OBJECT-TYPE 3150 SYNTAX InetAddress (SIZE (4|16)) 3151 MAX-ACCESS not-accessible 3152 STATUS current 3153 DESCRIPTION 3154 "Lowest address included in this range." 3155 ::= { natPoolRangeEntry 3 } 3157 natPoolRangeEnd OBJECT-TYPE 3158 SYNTAX InetAddress (SIZE (4|16)) 3159 MAX-ACCESS read-only 3160 STATUS current 3161 DESCRIPTION 3162 "Highest address included in this range." 3163 ::= { natPoolRangeEntry 4 } 3165 natPoolRangeAllocatedPorts OBJECT-TYPE 3166 SYNTAX Gauge32 3167 MAX-ACCESS read-only 3168 STATUS current 3169 DESCRIPTION 3170 "Number of ports currently allocated on the addresses in this 3171 range." 3172 ::= { natPoolRangeEntry 5 } 3174 -- indexed mapping tables 3175 natMapObjects OBJECT IDENTIFIER ::= { natMIBObjects 14 } 3177 natMapIntAddrTable OBJECT-TYPE 3178 SYNTAX SEQUENCE OF NatMapIntAddrEntry 3179 MAX-ACCESS not-accessible 3180 STATUS current 3181 DESCRIPTION 3182 "Table of mappings from internal to external address. 3184 This table is only applicable to NATs that have an 'IP address 3185 pooling' behavior of 'Paired' [RFC4787]." 3186 ::= { natMapObjects 1 } 3188 natMapIntAddrEntry OBJECT-TYPE 3189 SYNTAX NatMapIntAddrEntry 3190 MAX-ACCESS not-accessible 3191 STATUS current 3192 DESCRIPTION 3193 "Mapping from internal to external address." 3194 INDEX { natMapIntAddrIntRealm, 3195 natMapIntAddrType, 3196 natMapIntAddrInt } 3197 ::= { natMapIntAddrTable 1 } 3199 NatMapIntAddrEntry ::= 3200 SEQUENCE { 3201 natMapIntAddrIntRealm SnmpAdminString, 3202 natMapIntAddrExtRealm SnmpAdminString, 3203 natMapIntAddrType InetAddressType, 3204 natMapIntAddrInt InetAddress, 3205 natMapIntAddrExt InetAddress 3206 } 3208 natMapIntAddrIntRealm OBJECT-TYPE 3209 SYNTAX SnmpAdminString (SIZE(0..32)) 3210 MAX-ACCESS not-accessible 3211 STATUS current 3212 DESCRIPTION 3213 "Realm to which natMapIntAddrInt belongs." 3214 ::= { natMapIntAddrEntry 1 } 3216 natMapIntAddrExtRealm OBJECT-TYPE 3217 SYNTAX SnmpAdminString 3218 MAX-ACCESS read-only 3219 STATUS current 3220 DESCRIPTION 3221 "Realm to which natMapIntAddrExt belongs." 3222 ::= { natMapIntAddrEntry 2 } 3224 natMapIntAddrType OBJECT-TYPE 3225 SYNTAX InetAddressType 3226 MAX-ACCESS not-accessible 3227 STATUS current 3228 DESCRIPTION 3229 "Address type for natMapIntAddrInt and natMapIntAddrExt." 3230 ::= { natMapIntAddrEntry 3 } 3232 natMapIntAddrInt OBJECT-TYPE 3233 SYNTAX InetAddress (SIZE (4|16)) 3234 MAX-ACCESS not-accessible 3235 STATUS current 3236 DESCRIPTION 3237 "Internal address." 3238 ::= { natMapIntAddrEntry 4 } 3240 natMapIntAddrExt OBJECT-TYPE 3241 SYNTAX InetAddress 3242 MAX-ACCESS read-only 3243 STATUS current 3244 DESCRIPTION 3245 "External address." 3246 ::= { natMapIntAddrEntry 5 } 3248 natMappingTable OBJECT-TYPE 3249 SYNTAX SEQUENCE OF NatMappingTableEntry 3250 MAX-ACCESS not-accessible 3251 STATUS current 3252 DESCRIPTION 3253 "Table of mappings indexed by external 3-tuple." 3254 ::= { natMapObjects 2 } 3256 natMappingTableEntry OBJECT-TYPE 3257 SYNTAX NatMappingTableEntry 3258 MAX-ACCESS not-accessible 3259 STATUS current 3260 DESCRIPTION 3261 "A single NAT mapping." 3262 INDEX { natMappingProto, 3263 natMappingExtRealm, 3264 natMappingExtAddressType, 3265 natMappingExtAddress, 3266 natMappingExtPort } 3267 ::= { natMappingTable 1 } 3269 NatMappingTableEntry ::= 3270 SEQUENCE { 3271 natMappingProto ProtocolNumber, 3272 natMappingExtRealm SnmpAdminString, 3273 natMappingExtAddressType InetAddressType, 3274 natMappingExtAddress InetAddress, 3275 natMappingExtPort InetPortNumber, 3276 natMappingIntRealm SnmpAdminString, 3277 natMappingIntAddressType InetAddressType, 3278 natMappingIntAddress InetAddress, 3279 natMappingIntPort InetPortNumber, 3280 natMappingPool NatPoolId, 3281 natMappingMapBehavior NatBehaviorType, 3282 natMappingFilterBehavior NatBehaviorType, 3283 natMappingAddressPooling NatPoolingType 3284 } 3286 natMappingProto OBJECT-TYPE 3287 SYNTAX ProtocolNumber 3288 MAX-ACCESS not-accessible 3289 STATUS current 3290 DESCRIPTION 3291 "The mapping's transport protocol number." 3292 ::= { natMappingTableEntry 1 } 3294 natMappingExtRealm OBJECT-TYPE 3295 SYNTAX SnmpAdminString (SIZE(0..32)) 3296 MAX-ACCESS not-accessible 3297 STATUS current 3298 DESCRIPTION 3299 "The realm to which natMappingExtAddress belongs." 3300 ::= { natMappingTableEntry 2 } 3302 natMappingExtAddressType OBJECT-TYPE 3303 SYNTAX InetAddressType 3304 MAX-ACCESS not-accessible 3305 STATUS current 3306 DESCRIPTION 3307 "Type of the mapping's external address." 3308 ::= { natMappingTableEntry 3 } 3310 natMappingExtAddress OBJECT-TYPE 3311 SYNTAX InetAddress (SIZE (4|16)) 3312 MAX-ACCESS not-accessible 3313 STATUS current 3314 DESCRIPTION 3315 "The mapping's external address. If this is the undefined 3316 address, all external addresses are mapped to the internal 3317 address." 3318 ::= { natMappingTableEntry 4 } 3320 natMappingExtPort OBJECT-TYPE 3321 SYNTAX InetPortNumber 3322 MAX-ACCESS not-accessible 3323 STATUS current 3324 DESCRIPTION 3325 "The mapping's external port number. If this is zero, all 3326 external ports are mapped to the internal port." 3327 ::= { natMappingTableEntry 5 } 3329 natMappingIntRealm OBJECT-TYPE 3330 SYNTAX SnmpAdminString 3331 MAX-ACCESS read-only 3332 STATUS current 3333 DESCRIPTION 3334 "The realm to which natMappingIntAddress belongs." 3335 ::= { natMappingTableEntry 6 } 3337 natMappingIntAddressType OBJECT-TYPE 3338 SYNTAX InetAddressType 3339 MAX-ACCESS read-only 3340 STATUS current 3341 DESCRIPTION 3342 "Type of the mapping's internal address." 3343 ::= { natMappingTableEntry 7 } 3345 natMappingIntAddress OBJECT-TYPE 3346 SYNTAX InetAddress 3347 MAX-ACCESS read-only 3348 STATUS current 3349 DESCRIPTION 3350 "The mapping's internal address. If this is the undefined 3351 address, addresses are not translated." 3352 ::= { natMappingTableEntry 8 } 3354 natMappingIntPort OBJECT-TYPE 3355 SYNTAX InetPortNumber 3356 MAX-ACCESS read-only 3357 STATUS current 3358 DESCRIPTION 3359 "The mapping's internal port number. If this is zero, ports are 3360 not translated." 3361 ::= { natMappingTableEntry 9 } 3363 natMappingPool OBJECT-TYPE 3364 SYNTAX NatPoolId (0|1..4294967295) 3365 MAX-ACCESS read-only 3366 STATUS current 3367 DESCRIPTION 3368 "Index of the pool that contains this mapping's external address 3369 and port. If zero, no pool is associated with this mapping." 3370 ::= { natMappingTableEntry 10 } 3372 natMappingMapBehavior OBJECT-TYPE 3373 SYNTAX NatBehaviorType 3374 MAX-ACCESS read-only 3375 STATUS current 3376 DESCRIPTION 3377 "Mapping behavior as described in [RFC4787] section 4.1." 3378 ::= { natMappingTableEntry 11 } 3380 natMappingFilterBehavior OBJECT-TYPE 3381 SYNTAX NatBehaviorType 3382 MAX-ACCESS read-only 3383 STATUS current 3384 DESCRIPTION 3385 "Filtering behavior as described in [RFC4787] section 5." 3386 ::= { natMappingTableEntry 12 } 3388 natMappingAddressPooling OBJECT-TYPE 3389 SYNTAX NatPoolingType 3390 MAX-ACCESS read-only 3391 STATUS current 3392 DESCRIPTION 3393 "Type of address pooling behavior that was used to create this 3394 mapping." 3395 ::= { natMappingTableEntry 13 } 3397 END 3399 5. Security Considerations 3401 Unauthorized access to the write-able objects could cause a denial of 3402 service and/or widespread network disturbance. Hence, the support 3403 for SET operations in a non-secure environment without proper 3404 protection can have a negative effect on network operations. 3406 At this writing, no security holes have been identified beyond those 3407 that SNMP Security is itself intended to address. These relate 3408 primarily to controlled access to sensitive information and the 3409 ability to configure a device - or which might result from operator 3410 error, which is beyond the scope of any security architecture. 3412 There are a number of managed objects in this MIB that may contain 3413 information that may be sensitive from a business perspective, in 3414 that they may represent NAT state information. Various objects can 3415 reveal the identity of private hosts that are engaged in a session 3416 with external end nodes. A curious outsider could monitor these to 3417 assess the number of private hosts being supported by the NAT device. 3418 Further, a disgruntled former employee of an enterprise could use the 3419 information to break into specific private hosts by intercepting the 3420 existing sessions or originating new sessions into the host. There 3421 are no objects that are sensitive in their own right, such as 3422 passwords or monetary amounts. It may even be important to control 3423 GET access to these objects and possibly to encrypt the values of 3424 these objects when they are sent over the network via SNMP. Not all 3425 versions of SNMP provide features for such a secure environment. 3427 SNMP versions prior to SNMPv3 did not include adequate security. 3428 Even if the network itself is secure (for example by using IPSec), 3429 even then, there is no control as to who on the secure network is 3430 allowed to access and GET/SET (read/change/create/delete) the objects 3431 in this MIB. 3433 It is recommended that the implementers consider the security 3434 features as provided by the SNMPv3 framework (see [RFC3410], section 3435 8), including full support for the SNMPv3 cryptographic mechanisms 3436 (for authentication and privacy). 3438 Further, deployment of SNMP versions prior to SNMPv3 is NOT 3439 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 3440 enable cryptographic security. It is then a customer/operator 3441 responsibility to ensure that the SNMP entity giving access to an 3442 instance of this MIB module is properly configured to give access to 3443 the objects only to those principals (users) that have legitimate 3444 rights to indeed GET or SET (change/create/delete) them. 3446 6. IANA Considerations 3448 IANA has assigned object identifier 123 to the natMIB module, with 3449 prefix iso.org.dod.internet.mgmt.mib-2 in the Network Management 3450 Parameters registry [1]. 3452 7. References 3454 7.1. Normative References 3456 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3457 Schoenwaelder, Ed., "Structure of Management Information 3458 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 3460 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3461 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 3462 STD 58, RFC 2579, April 1999. 3464 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 3465 "Conformance Statements for SMIv2", STD 58, RFC 2580, 3466 April 1999. 3468 [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address 3469 Translator (NAT) Terminology and Considerations", 3470 RFC 2663, August 1999. 3472 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 3473 Address Translator (Traditional NAT)", RFC 3022, 3474 January 2001. 3476 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 3477 Schoenwaelder, "Textual Conventions for Internet Network 3478 Addresses", RFC 4001, February 2005. 3480 [RFC4750] Joyal, D., Galecki, P., Giacalone, S., Coltun, R., and F. 3481 Baker, "OSPF Version 2 Management Information Base", 3482 RFC 4750, December 2006. 3484 [RFC4787] Audet, F. and C. Jennings, "Network Address Translation 3485 (NAT) Behavioral Requirements for Unicast UDP", BCP 127, 3486 RFC 4787, January 2007. 3488 7.2. Informative References 3490 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 3491 "Introduction and Applicability Statements for Internet- 3492 Standard Management Framework", RFC 3410, December 2002. 3494 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and 3495 C. Wang, "Definitions of Managed Objects for Network 3496 Address Translators (NAT)", RFC 4008, March 2005. 3498 URIs 3500 [1] 3502 Authors' Addresses 3504 Simon Perreault 3505 Viagenie 3506 246 Aberdeen 3507 Quebec, QC G1R 2E1 3508 Canada 3510 Phone: +1 418 656 9254 3511 Email: simon.perreault@viagenie.ca 3512 URI: http://viagenie.ca 3514 Tina Tsou 3515 Huawei Technologies (USA) 3516 2330 Central Expressway 3517 Santa Clara, CA 95050 3518 USA 3520 Phone: +1 408 330 4424 3521 Email: tina.tsou.zouting@huawei.com 3523 Senthil Sivakumar 3524 Cisco Systems 3525 7100-8 Kit Creek Road 3526 Research Triangle Park, North Carolina 27709 3527 USA 3529 Phone: +1 919 392 5158 3530 Email: ssenthil@cisco.com