idnits 2.17.1 draft-ietf-nat-natmib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 3 instances of lines with control characters in the document. ** The abstract seems to contain references ([17]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 254 has weird spacing: '...O needs a cou...' == Line 851 has weird spacing: '...pecific natCo...' == Line 2263 has weird spacing: '...ce, the suppo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 2001) is 8199 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '19' is defined on line 2350, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2571 (ref. '1') (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '4') ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '8') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '9') ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (ref. '11') (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (ref. '12') (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (ref. '13') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (ref. '14') (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (ref. '15') (Obsoleted by RFC 3415) ** Downref: Normative reference to an Informational RFC: RFC 3022 (ref. '17') ** Downref: Normative reference to an Informational RFC: RFC 2663 (ref. '18') ** Obsolete normative reference: RFC 2851 (ref. '19') (Obsoleted by RFC 3291) Summary: 18 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NAT Working Group R. Raghunarayan 2 INTERNET-DRAFT N. Pai 3 Expires May 2002 Cisco Systems, Inc. 4 R. Rohit 5 World Wide Packets, Inc. 6 C. Wang 7 SmartPipes, Inc. 8 P. Srisuresh 9 Kuokoa Networks, Inc 10 November 2001 12 Definitions of Managed Objects for Network Address Translators (NAT) 14 16 Status of this Memo 18 This document is an Internet-Draft and is in full conformance with 19 all provisions of Section 10 of RFC2026 [16]. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six 27 months and may be updated, replaced, or obsoleted by other 28 documents at any time. It is inappropriate to use Internet-Drafts 29 as reference material or to cite them other than as "work in 30 progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 38 Abstract 40 This memo defines an SMIv2 Management Information Base (MIB) for 41 a device implementing traditional NAT [17] function. This may be 42 used for configuration as well as monitoring of a device capable of 43 traditional NAT function. 45 Table of Contents 47 1 Introduction ................................................2 48 2 The Network Management Framework ............................2 49 3 Terminology .................................................3 50 4 Overview ....................................................3 51 5 Extending this MIB ..........................................5 52 6 Definitions .................................................6 53 7 Security Considerations ....................................49 54 8 References .................................................50 55 9 Acknowledgements ...........................................51 56 10 Author's Addresses .........................................52 57 11 Change History .............................................53 59 1. Introduction 61 This memo defines an SMIv2 Management Information Base (MIB) for 62 a device implementing traditional NAT [17] function. This may be 63 used for configuration as well as monitoring of a device capable of 64 traditional NAT function. 66 2. The Network Management Framework 68 The SNMP Management Framework presently consists of five major 69 components: 71 o An overall architecture, described in RFC 2571 [1]. 73 o Mechanisms for describing and naming objects and events for 74 the purpose of management. The first version of this Structure 75 of Management Information (SMI) is called SMIv1 and described 76 in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 77 [4]. The second version, called SMIv2, is described in STD 58, 78 RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7]. 80 o Message protocols for transferring management information. 81 The first version of the SNMP message protocol is called 82 SNMPv1 and is described in STD 15, RFC 1157 [8]. A second 83 version of the SNMP message protocol, which is not an Internet 84 standards track protocol, is called SNMPv2c and described in 85 RFC 1901 [9] and RFC 1906 [10]. The third version of the 86 message protocol is called SNMPv3 and described in RFC 1906 87 [10], RFC 2572 [11] and RFC 2574 [12]. 89 o Protocol operations for accessing management information. The 90 first set of protocol operations and associated PDU formats is 91 described in STD 15, RFC 1157 [8]. A second set of protocol 92 operations and associated PDU formats is described in RFC 1905 93 [13]. 95 o A set of fundamental applications described in RFC 2573 [14] 96 and the view-based access control mechanism described in RFC 97 2575 [15]. 99 Managed Objects are accessed via virtual information store, termed 100 the Management Information Base or MIB. Objects in the MIB are 101 defined using a subset of Abstract Syntax Notation One (ASN.1) 102 defined in the SMIv2. 104 This memo specifies a MIB module that is compliant to the SMIv2. A 105 MIB conforming to the SMIv1 can be produced through the appropriate 106 translations. The resulting translated MIB must be semantically 107 equivalent, except where objects or events are omitted because no 108 translation is possible (use of Counter64). Some machine readable 109 information in SMIv2 will be converted into textual descriptions in 110 SMIv1 during the translation process. However, this loss of 111 machine readable information is not considered to change the 112 semantics of the MIB. 114 3. Terminology 116 The terminology used throughout this document is mostly as per RFC 117 2663 [18]. 119 The term NAT has been used generically, throughout the document, 120 to represent both NAT and NAPT. In cases, where necessary, NAPT and 121 NAT will be used to mean port translation and address translation 122 respectively, and appropriate usage would be clear from the 123 context. 125 The terms public/private are used throughout the document in the 126 context of networks, while the terms local/global are used when 127 referring to addresses and ports. 129 4. Overview 131 The MIB module has been split into three groups: 133 o the configuration group, 134 o the translation group, and 135 o the statistics group. 137 The configuration group consists of five tables and seven scalars: 139 o the generic configuration table, which specifies among other 140 things the type of NAT to be employed. 141 o the address map table, which is an extension of the 142 generic configuration table, and specifies information required 143 to setup static and dynamic NAT. 144 o the interfaces table, which holds information regarding 145 interfaces on which NAT is enabled. 147 o the protocol specific table, which specifies protocol specific NAT 148 configuration parameters. The table also provides extensibility 149 for the configuration of the newer protocols. 150 As tcp, udp and icmp have Idle Timeout as the common parameter 151 for the configuration, so it has been clubbed with the 152 natConfProtTable. 153 o the tcp nat config table, which specifies tcp related NAT 154 configuration parameters. 155 o the protocol specific five scalars which should be used in 156 absence of the protocol specific configuration tables. 157 o the two scalars are used to monitor address thresholds and 158 generate notifications when the thresholds are crossed. 160 The translation group consists of two scalars and three tables: 162 o the scalars, natAddrBindNumberOfEntries and 163 natAddrPortBindNumberOfEntries, hold the number of entries 164 the currently exist in the Address bind and the Address-Port 165 bind tables respectively. 166 o the Address bind table, which holds the currently active 167 address mappings. 168 o the Address-Port bind table, which holds the currently active 169 transport mappings. 170 o the session table, holds information regarding active NAT 171 sessions. 173 And finally, the statistics group consists of three tables: 175 o the Protocol stats table, which holds NAT statistics on a per 176 protocol basis. 177 o the Address Map stats table, which holds NAT statistics on a 178 per address map basis. 179 o the Interface stats table, which holds NAT statistics on a per 180 interface basis 182 There are also two notifications defined in the MIB: 184 o natAddressUseRising notifies the end user/manager of the address 185 usage exceeding a pre-defined threshold. 186 o And finally, natPacketDiscard notifies the end user/manager of 187 packets being discarded due to lack of address mappings. 189 5. Extending this MIB 191 The NAT MIB has currently been defined to support only TCP, UDP and 192 ICMP as protocols. There are, though, points in the MIB to hook in 193 support for other protocols in the future. 195 Following is the list of protocol specific information, identified at 196 this point, which could potentially require protocol specific 197 extensions to this mib: 199 o Each protocol could support its set of timers and/or other protocol 200 specific parameters for operation with NAT. 201 o Statistics could be maintained per protocol, and type of 202 statistics could be protocol specific. 204 To support the first requirement, the natConfTable consists of a 205 pointer (natConfProtConfigName) to a protocol configuration table, 206 natConfProtTable. The natConfProtTable consists of a pointer 207 (natConfProtSpecName) into a protocol specific configuration table. 208 The protocol specific configuration table can be used to 209 configure/retrieve protocol specific configuration parameters 210 pertaining to a NAT configuration. The natConfTcpTable, defined in 211 this mib module, is an example of a protocol specific configuration 212 table, which allows varying the TCP negotiation timeout for NAT. 214 To represent the configuration with an example, assume the existence 215 of the following row in the natConfTable, which contains a pointer to 216 a row in the protocol configuration table: 218 natConfName = "My NAT Config" 219 natConfServiceType = "basicNat (1) 220 natConfProtConfigName = "Protocol Config 1" 221 natConfStorageType = nonVolatile (3) 222 natConfStatus = active (1) 224 The following row in natConfProtTable would contain a pointer to a row 225 in the TCP specific configuration table: 227 natConfProtName = "Protocol Config 1" 228 natConfProtType = tcp (5) 229 natConfProtSpecName = "TCP Config 1" 230 natConfProtIdleTimeout = 86400 231 natConfProtRowStatus = active (1) 233 And finally the following row in the TCP specific configuration table 234 would complete the TCP specific configuration: 236 natConfTcpName = "TCP Config 1" 237 natConfTcpNegTimeout = 120 238 natConfTcpRowStatus = active (1) 239 If a new protocol FOO needs to be supported, a new Protocol Specific 240 configuration table could be defined in a FOO-NAT-MIB, with the index 241 of the table being an SnmpAdminString that is referenced via 242 natConfProtSpecName in natConfProtTable. The protocol specific 243 configuration parameters could be defined in this table, and linked to 244 a NAT configuration by the aforementioned mechanism. 246 The natProtocolStatsTable, on the other hand, represents statistics on 247 a per protocol basis, where the protocol is one of those defined in 248 the NATProtocolType textual convention. Only the basic per protocol 249 statistics are represented via the NAT MIB. If any further protocol 250 specific statistics need to be defined, they could be defined in a 251 protocol specific statistics objects/table in the protocol specific 252 mib. 254 For e.g. if a protocol FOO needs a counter which represents the 255 packets rejected due to some event foobar, it would define a protocol 256 specific object fooNatFoobarReject in the FOO-NAT-MIB. 258 6. Definitions 260 NAT-MIB DEFINITIONS ::= BEGIN 262 IMPORTS 263 MODULE-IDENTITY, 264 OBJECT-TYPE, 265 Integer32, 266 Unsigned32, 267 Gauge32, 268 Counter32, 269 TimeTicks, 270 mib-2, 271 NOTIFICATION-TYPE 272 FROM SNMPv2-SMI 273 MODULE-COMPLIANCE, 274 NOTIFICATION-GROUP, 275 OBJECT-GROUP 276 FROM SNMPv2-CONF 277 StorageType, 278 RowStatus 279 FROM SNMPv2-TC 280 InterfaceIndex 281 FROM IF-MIB 282 SnmpAdminString 283 FROM SNMP-FRAMEWORK-MIB 284 InetAddressType, 285 InetAddress 286 FROM INET-ADDRESS-MIB 287 NATProtocolType 288 FROM NAT-TC; 290 natMIB MODULE-IDENTITY 291 LAST-UPDATED "200111090000Z" 292 ORGANIZATION "IETF NAT Working Group" 293 CONTACT-INFO 294 " Rohit 295 World Wide Packets 296 115 North Sullivan Road 297 Veradale, Spokane, WA 99037 298 Phone: +1 509 242 9320 299 Email: Rohit.Rohit@worldwidepackets.com 301 Nalinaksh Pai 302 Cisco Systems, Inc. 303 Prestige Waterford 304 No. 9, Brunton Road 305 Bangalore - 560 025 306 India 307 Phone: +91 80 532 1300 308 Email: npai@cisco.com 310 Rajiv Raghunarayan 311 Cisco Systems, Inc. 312 Prestige Waterford 313 No. 9, Brunton Road 314 Bangalore - 560 025 315 India 316 Phone: +91 80 532 1300 317 Email: rrajiv@cisco.com 319 Cliff Wang 320 SmartPipes Inc. 321 Suite 300, 565 Metro Place South 322 Dublin, OH 43017 323 Phone: +1 614 923 6241 324 Email: CWang@smartpipes.com 326 P. Srisuresh 327 Kuokoa networks 328 2901 Tasman Drive, Suite 202 329 Santa Clara, CA 95054 330 Phone: +1 408 970 0000 331 Email: srisuresh@yahoo.com 332 " 333 DESCRIPTION 334 "This MIB module defines the generic managed objects 335 for NAT." 336 REVISION "200111090000Z" -- 9th Nov. 2001 337 DESCRIPTION 338 "Merged the Static and Dynamic addr Tables. 339 Protocol specific extensibility added." 341 REVISION "200109100000Z" 342 DESCRIPTION 343 "Notifications added." 344 REVISION "200103010000Z" 345 DESCRIPTION 346 "Initial version of this MIB module." 347 ::= { mib-2 xx } -- xx to be assigned by RFC-editor. 349 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } 351 -- 352 -- The Groups 353 -- o natConfig - Pertaining to NAT configuration information 354 -- o natTranslation - Pertaining to the NAT BINDs/sessions. 355 -- o natStatistics - NAT statistics, other than those maintained 356 -- by the Bind and Session tables. 357 -- 359 natConfig OBJECT IDENTIFIER ::= { natMIBObjects 1 } 360 natTranslation OBJECT IDENTIFIER ::= { natMIBObjects 2 } 361 natStatistics OBJECT IDENTIFIER ::= { natMIBObjects 3 } 363 -- 364 -- The Configuration Group 365 -- The NAT Generic Configuration Table 366 -- 368 natConfTable OBJECT-TYPE 369 SYNTAX SEQUENCE OF NatConfEntry 370 MAX-ACCESS not-accessible 371 STATUS current 372 DESCRIPTION 373 "This table specifies the configuration attributes for a 374 device supporting NAT function." 375 ::= { natConfig 1 } 377 natConfEntry OBJECT-TYPE 378 SYNTAX NatConfEntry 379 MAX-ACCESS not-accessible 380 STATUS current 381 DESCRIPTION 382 "Each entry in the natConfTable holds a set of 383 configuration parameters associated with an instance 384 of NAT. Entries in the natConfTable are created and 385 deleted using the natConfStatus object." 386 INDEX { IMPLIED natConfName } 387 ::= { natConfTable 1 } 389 NatConfEntry ::= SEQUENCE { 390 natConfName SnmpAdminString, 391 natConfServiceType INTEGER, 392 natConfProtConfigName SnmpAdminString, 393 natConfStorageType StorageType, 394 natConfStatus RowStatus 395 } 397 natConfName OBJECT-TYPE 398 SYNTAX SnmpAdminString (SIZE(1..32)) 399 MAX-ACCESS not-accessible 400 STATUS current 401 DESCRIPTION 402 "The locally arbitrary, but unique identifier 403 associated with this natConfEntry." 404 ::= { natConfEntry 1 } 406 natConfServiceType OBJECT-TYPE 407 SYNTAX INTEGER { 408 basicNat (1), 409 napt (2), 410 bidirectionalNat (3), 411 twiceNat (4), 412 multihomedNat (5) 413 } 414 MAX-ACCESS read-create 415 STATUS current 416 DESCRIPTION 417 "An indication of the direction in which new sessions 418 are permitted and the extent of translation done within 419 the IP and transport headers." 420 ::= { natConfEntry 2 } 422 natConfProtConfigName OBJECT-TYPE 423 SYNTAX SnmpAdminString (SIZE(0..32)) 424 MAX-ACCESS read-create 425 STATUS current 426 DESCRIPTION 427 "The index pointing to a set of protocol related 428 NAT parameters in natProtConfTable. 430 This object is used to point to protocol specific 431 configuration that can override any default settings." 432 DEFVAL { ''H } 433 ::= { natConfEntry 3 } 435 natConfStorageType OBJECT-TYPE 436 SYNTAX StorageType 437 MAX-ACCESS read-create 438 STATUS current 439 DESCRIPTION 440 "The storage type for this conceptual row." 441 REFERENCE 442 "Textual Conventions for SMIv2, Section 2." 443 DEFVAL { nonVolatile } 444 ::= { natConfEntry 4 } 446 natConfStatus OBJECT-TYPE 447 SYNTAX RowStatus 448 MAX-ACCESS read-create 449 STATUS current 450 DESCRIPTION 451 "The status of this conceptual row." 452 ::= { natConfEntry 5 } 454 -- 455 -- The Address Map Table 456 -- 458 natConfAddrMapTable OBJECT-TYPE 459 SYNTAX SEQUENCE OF NatConfAddrMapEntry 460 MAX-ACCESS not-accessible 461 STATUS current 462 DESCRIPTION 463 "This table lists configuration for NAT 464 entries. This table has an expansion dependent 465 relationship on the natConfTable. When an SNMP entity 466 deletes a conceptual row from the natConfTable, then 467 the corresponding entries are deleted from 468 natConfAddrMapTable." 469 ::= { natConfig 2 } 471 natConfAddrMapEntry OBJECT-TYPE 472 SYNTAX NatConfAddrMapEntry 473 MAX-ACCESS not-accessible 474 STATUS current 475 DESCRIPTION 476 "A description of a NAT entry. This entry 477 contributes to the dynamic or static NAT table of 478 the device." 479 INDEX { natConfName, natConfAddrMapName } 480 ::= { natConfAddrMapTable 1 } 482 NatConfAddrMapEntry ::= SEQUENCE { 483 natConfAddrMapName SnmpAdminString, 484 natConfAddrMapEntryType INTEGER, 485 natConfAddrMapType INTEGER, 486 natConfLocalAddrType InetAddressType, 487 natConfLocalAddrFrom InetAddress, 488 natConfLocalAddrTo InetAddress, 489 natConfLocalPortFrom Integer32, 490 natConfLocalPortTo Integer32, 491 natConfGlobalAddrType InetAddressType, 492 natConfGlobalAddrFrom InetAddress, 493 natConfGlobalAddrTo InetAddress, 494 natConfGlobalPortFrom Integer32, 495 natConfGlobalPortTo Integer32, 496 natConfProtocol BITS, 497 natConfAddrMapStorageType StorageType, 498 natConfAddrMapStatus RowStatus 499 } 501 natConfAddrMapName OBJECT-TYPE 502 SYNTAX SnmpAdminString (SIZE(1..32)) 503 MAX-ACCESS not-accessible 504 STATUS current 505 DESCRIPTION 506 "An arbitrary, but unique identifier associated with this 507 natConfAddrMapEntry." 508 ::= { natConfAddrMapEntry 1 } 510 natConfAddrMapEntryType OBJECT-TYPE 511 SYNTAX INTEGER { 512 static (1), 513 dynamic (2) 514 } 515 MAX-ACCESS read-create 516 STATUS current 517 DESCRIPTION 518 "The config can be used to set up static NAT or dynamic 519 NAT." 520 ::= { natConfAddrMapEntry 2 } 522 natConfAddrMapType OBJECT-TYPE 523 SYNTAX INTEGER { 524 inbound (1), 525 outbound (2), 526 both (3) 527 } 528 MAX-ACCESS read-create 529 STATUS current 530 DESCRIPTION 531 "Address (and Transport-ID) maps may be defined for both 532 inbound and outbound direction. 534 Outbound address map refers to mapping a selected set of 535 addresses from private realm to a selected set of 536 addresses in external realm, whereas inbound address map 537 refers to mapping a set of addresses from the external 538 realm to private realm." 539 ::= { natConfAddrMapEntry 3 } 541 natConfLocalAddrType OBJECT-TYPE 542 SYNTAX InetAddressType 543 MAX-ACCESS read-create 544 STATUS current 545 DESCRIPTION 546 "This object specifies the address type used for 547 natConfLocalAddr." 548 ::= { natConfAddrMapEntry 4 } 550 natConfLocalAddrFrom OBJECT-TYPE 551 SYNTAX InetAddress 552 MAX-ACCESS read-create 553 STATUS current 554 DESCRIPTION 555 "This object specifies the first IP address of the range 556 of IP addresses mapped by this translation entry." 557 ::= { natConfAddrMapEntry 5 } 559 natConfLocalAddrTo OBJECT-TYPE 560 SYNTAX InetAddress 561 MAX-ACCESS read-create 562 STATUS current 563 DESCRIPTION 564 "This object specifies the last IP address of the range of 565 IP addresses mapped by this translation entry. If only 566 a single address being mapped, the value of this object 567 is equal to the value of natConfLocalAddrFrom. For a 568 static NAT the number of addresses in the range defined 569 by natConfLocalAddrFrom and natConfLocalAddrTo should be 570 equal to the number of addresses in the range defined by 571 natConfGlobalAddrFrom and natConfGlobalAddrTo." 572 ::= { natConfAddrMapEntry 6 } 574 natConfLocalPortFrom OBJECT-TYPE 575 SYNTAX Integer32 (0..65535) 576 MAX-ACCESS read-create 577 STATUS current 578 DESCRIPTION 579 "If this conceptual row describes a NAT, then the value 580 of this object is '0'. If this conceptual row 581 describes NAPT, then the value of this object specifies 582 the first port number in the range of ports being 583 mapped. 585 If the translation specifies a single port, then 586 the value of this object is equal to the value of 587 natConfLocalPortTo." 588 ::= { natConfAddrMapEntry 7 } 590 natConfLocalPortTo OBJECT-TYPE 591 SYNTAX Integer32 (0..65535) 592 MAX-ACCESS read-create 593 STATUS current 594 DESCRIPTION 595 "If this conceptual row describes a NAT, then the value 596 of this object is '0'. If this conceptual row 597 describes NAPT, then the value of this object specifies 598 the last port number in the range of ports being mapped. 599 If the translation specifies a single port, then the 600 value of this object is equal to the value of 601 natConfLocalPortFrom." 602 ::= { natConfAddrMapEntry 8 } 604 natConfGlobalAddrType OBJECT-TYPE 605 SYNTAX InetAddressType 606 MAX-ACCESS read-create 607 STATUS current 608 DESCRIPTION 609 "This object specifies the address type used for 610 natConfGlobalAddrFrom." 611 ::= { natConfAddrMapEntry 9 } 613 natConfGlobalAddrFrom OBJECT-TYPE 614 SYNTAX InetAddress 615 MAX-ACCESS read-create 616 STATUS current 617 DESCRIPTION 618 "This object specifies the first IP address of the range of 619 IP addresses being mapped to." 620 ::= { natConfAddrMapEntry 10 } 622 natConfGlobalAddrTo OBJECT-TYPE 623 SYNTAX InetAddress 624 MAX-ACCESS read-create 625 STATUS current 626 DESCRIPTION 627 "This object specifies the last IP address of the range of 628 IP addresses being mapped to. If only a single address is 629 being mapped to, the value of this object is equal to the 630 value of natConfGlobalAddrFrom. For a static NAT the 631 number of addresses in the range defined by 632 natConfGlobalAddrFrom and natConfGlobalAddrTo should be 633 equal to the number of addresses in the range defined by 634 natConfLocalAddrFrom and natConfLocalAddrTo." 635 ::= { natConfAddrMapEntry 11 } 637 natConfGlobalPortFrom OBJECT-TYPE 638 SYNTAX Integer32 (0..65535) 639 MAX-ACCESS read-create 640 STATUS current 641 DESCRIPTION 642 "If this conceptual row describes a NAT, then the value 643 of this object is '0'. If this conceptual row 644 describes NAPT, then the value of this object specifies 645 the first port number in the range of ports being mapped 646 to. If the translation specifies a single port, then the 647 value of this object is equal to the value 648 natConfGlobalPortTo." 649 ::= { natConfAddrMapEntry 12 } 651 natConfGlobalPortTo OBJECT-TYPE 652 SYNTAX Integer32 (0..65535) 653 MAX-ACCESS read-create 654 STATUS current 655 DESCRIPTION 656 "If this conceptual row describes a NAT, then the value 657 of this object is '0'. If this conceptual describes 658 NAPT, then the value of this object specifies the last 659 port number in the range of ports being to. If the 660 translation specifies a single port, then the value of 661 this object is equal to the value of 662 natConfGlobalPortFrom." 663 ::= { natConfAddrMapEntry 13 } 665 natConfProtocol OBJECT-TYPE 666 SYNTAX BITS { 667 all (0), 668 other (1), 669 icmp (2), 670 udp (3), 671 tcp (4) 672 } 673 MAX-ACCESS read-create 674 STATUS current 675 DESCRIPTION 676 "This object specifies a protocol identifier. If the 677 value of this object is '0', then this NAT entry 678 applies to all IP traffic. If the value of this object 679 is non-zero, then this NAT entry only applies to IP 680 traffic with the specified protocol." 681 ::= { natConfAddrMapEntry 14 } 683 natConfAddrMapStorageType OBJECT-TYPE 684 SYNTAX StorageType 685 MAX-ACCESS read-create 686 STATUS current 687 DESCRIPTION 688 "The storage type for this conceptual row." 689 REFERENCE 690 "Textual Conventions for SMIv2, Section 2." 691 DEFVAL { nonVolatile } 692 ::= { natConfAddrMapEntry 15 } 694 natConfAddrMapStatus OBJECT-TYPE 695 SYNTAX RowStatus 696 MAX-ACCESS read-create 697 STATUS current 698 DESCRIPTION 699 "The status of this conceptual row." 700 ::= { natConfAddrMapEntry 16 } 702 -- 703 -- NAT Interface Table 704 -- 706 natInterfaceTable OBJECT-TYPE 707 SYNTAX SEQUENCE OF NatInterfaceEntry 708 MAX-ACCESS not-accessible 709 STATUS current 710 DESCRIPTION 711 "This table holds information regarding the interface 712 on which NAT is enabled." 713 ::= { natConfig 3 } 715 natInterfaceEntry OBJECT-TYPE 716 SYNTAX NatInterfaceEntry 717 MAX-ACCESS not-accessible 718 STATUS current 719 DESCRIPTION 720 "Each entry in the NAT Interface Table holds 721 information regarding an interface on which NAT is 722 enabled." 723 INDEX { natInterfaceIndex } 724 ::= { natInterfaceTable 1 } 726 NatInterfaceEntry ::= SEQUENCE { 727 natInterfaceIndex InterfaceIndex, 728 natInterfaceRealm INTEGER, 729 natInterfaceStorageType StorageType, 730 natInterfaceStatus RowStatus 731 } 733 natInterfaceIndex OBJECT-TYPE 734 SYNTAX InterfaceIndex 735 MAX-ACCESS not-accessible 736 STATUS current 737 DESCRIPTION 738 "The ifIndex of the interface on which NAT is enabled." 739 ::= { natInterfaceEntry 1 } 741 natInterfaceRealm OBJECT-TYPE 742 SYNTAX INTEGER { 743 private (1), 744 public (2) 745 } 746 MAX-ACCESS read-create 747 STATUS current 748 DESCRIPTION 749 "This object identifies whether this interface is 750 connected to the private or the public realm." 751 DEFVAL { public } 752 ::= { natInterfaceEntry 2 } 754 natInterfaceStorageType OBJECT-TYPE 755 SYNTAX StorageType 756 MAX-ACCESS read-create 757 STATUS current 758 DESCRIPTION 759 "The storage type for this conceptual row." 760 REFERENCE 761 "Textual Conventions for SMIv2, Section 2." 762 DEFVAL { nonVolatile } 763 ::= { natInterfaceEntry 3 } 765 natInterfaceStatus OBJECT-TYPE 766 SYNTAX RowStatus 767 MAX-ACCESS read-create 768 STATUS current 769 DESCRIPTION 770 "Status of NAT on this interface. An active status 771 indicates that NAT is enabled on this interface." 772 ::= { natInterfaceEntry 4 } 774 -- 775 -- UDP related NAT configuration 776 -- 778 natConfUdpDefIdleTimeout OBJECT-TYPE 779 SYNTAX Integer32 (0..2147483647) 780 UNITS "seconds" 781 MAX-ACCESS read-write 782 STATUS current 783 DESCRIPTION 784 "The default UDP idle timeout parameter. 785 This applies to all NAT configuration unless 786 overridden by a more specific value in the 787 natConfProtTable." 788 DEFVAL { 300 } 789 ::= { natConfig 4 } 791 -- 792 -- ICMP related NAT configuration 793 -- 795 natConfIcmpDefIdleTimeout OBJECT-TYPE 796 SYNTAX Integer32 (0..2147483647) 797 UNITS "seconds" 798 MAX-ACCESS read-write 799 STATUS current 800 DESCRIPTION 801 "The default ICMP idle timeout parameter. This applies to 802 all NAT configuration unless overridden by a more 803 specific value in the natConfProtTable." 804 DEFVAL { 86400 } 805 ::= { natConfig 5 } 807 -- 808 -- Other protocol parameters 809 -- 811 natConfOtherDefIdleTimeout OBJECT-TYPE 812 SYNTAX Integer32 (0..2147483647) 813 UNITS "seconds" 814 MAX-ACCESS read-write 815 STATUS current 816 DESCRIPTION 817 "The default idle timeout parameter for protocols not 818 defined in NATProtocolType. This applies to all NAT 819 configuration unless overridden by a more specific 820 value in the natConfProtTable." 821 DEFVAL { 60 } 822 ::= { natConfig 6 } 824 -- 825 -- TCP related NAT configuration 826 -- 828 natConfTcpDefIdleTimeout OBJECT-TYPE 829 SYNTAX Integer32 (0..2147483647) 830 UNITS "seconds" 831 MAX-ACCESS read-write 832 STATUS current 833 DESCRIPTION 834 "The default TCP idle timeout parameter. This applies to 835 all NAT configuration unless overridden by a more 836 specific value in the natConfProtTable." 837 DEFVAL { 86400 } 838 ::= { natConfig 7 } 840 natConfTcpDefNegTimeout OBJECT-TYPE 841 SYNTAX Integer32 (0..2147483647) 842 UNITS "seconds" 843 MAX-ACCESS read-write 844 STATUS current 845 DESCRIPTION 846 "The default interval of time for which a TCP protocol 847 session, is allowed to remain valid without any 848 activity. This timeout value applies to a TCP session 849 during its establishment and termination phases. 850 This value is taken into account in the absence of a 851 more specific natConfTcpNegTimeout defined in the 852 natConfTcpTable." 853 DEFVAL { 60 } 854 ::= { natConfig 8 } 856 -- 857 -- NAT per protocol config table. 858 -- 860 natConfProtTable OBJECT-TYPE 861 SYNTAX SEQUENCE OF NatConfProtEntry 862 MAX-ACCESS not-accessible 863 STATUS current 864 DESCRIPTION 865 "This table holds pointers to protocol specific parameters 866 required by NAT." 867 ::= { natConfig 9 } 869 natConfProtEntry OBJECT-TYPE 870 SYNTAX NatConfProtEntry 871 MAX-ACCESS not-accessible 872 STATUS current 873 DESCRIPTION 874 "Each entry in natConfProtTable points to a protocol 875 specific table which holds parameters that are required 876 for NAT configuration." 877 INDEX { natConfProtName, natConfProtType } 878 ::= { natConfProtTable 1 } 880 NatConfProtEntry ::= SEQUENCE { 881 natConfProtName SnmpAdminString, 882 natConfProtType NATProtocolType, 883 natConfProtSpecName SnmpAdminString, 884 natConfProtIdleTimeout Integer32, 885 natConfProtRowStatus RowStatus 886 } 888 natConfProtName OBJECT-TYPE 889 SYNTAX SnmpAdminString (SIZE(0..32)) 890 MAX-ACCESS not-accessible 891 STATUS current 892 DESCRIPTION 893 "Name identifying a set of entries in this table that 894 point to protocol specific NAT configuration. The 895 combination of natConfProtName and natConfProtType 896 uniquely identifies an entry in this table." 897 ::= { natConfProtEntry 1 } 899 natConfProtType OBJECT-TYPE 900 SYNTAX NATProtocolType 901 MAX-ACCESS not-accessible 902 STATUS current 903 DESCRIPTION 904 "Identifies the protocol type. 905 natConfProtSpecName points to an entry in the protocol 906 specific table. For e.g if natConfProtType is set to 907 'tcp', natConfProtSpecName points to an entry in the 908 natConfTcpTable." 909 ::= { natConfProtEntry 2 } 911 natConfProtSpecName OBJECT-TYPE 912 SYNTAX SnmpAdminString (SIZE(0..32)) 913 MAX-ACCESS read-create 914 STATUS current 915 DESCRIPTION 916 "Index of an entry in the protocol specific table 917 identified by natConfProtType." 918 ::= { natConfProtEntry 3 } 920 natConfProtIdleTimeout OBJECT-TYPE 921 SYNTAX Integer32 (0..2147483647) 922 UNITS "seconds" 923 MAX-ACCESS read-create 924 STATUS current 925 DESCRIPTION 926 "The interval of time for which the protocol session, 927 associated with this configuration, is allowed to remain 928 valid without any activity." 929 DEFVAL { 86400 } 930 ::= { natConfProtEntry 4 } 932 natConfProtRowStatus OBJECT-TYPE 933 SYNTAX RowStatus 934 MAX-ACCESS read-create 935 STATUS current 936 DESCRIPTION 937 "The status of this conceptual row." 938 ::= { natConfProtEntry 5 } 940 natConfTcpTable OBJECT-TYPE 941 SYNTAX SEQUENCE OF NatConfTcpEntry 942 MAX-ACCESS not-accessible 943 STATUS current 944 DESCRIPTION 945 "This table holds TCP related NAT configuration entries 946 which are pointed to by entries in the natConfProtTable 947 having a natConfProtSpecType of 'tcp'." 948 ::= { natConfig 10 } 950 natConfTcpEntry OBJECT-TYPE 951 SYNTAX NatConfTcpEntry 952 MAX-ACCESS not-accessible 953 STATUS current 954 DESCRIPTION 955 "Each entry contains TCP related NAT parameters. An entry 956 in this table is pointed to by an entry in the 957 natConfProtTable." 958 INDEX { natConfTcpName } 959 ::= { natConfTcpTable 1 } 961 NatConfTcpEntry ::= SEQUENCE { 962 natConfTcpName SnmpAdminString, 963 natConfTcpNegTimeout Integer32, 964 natConfTcpRowStatus RowStatus 965 } 967 natConfTcpName OBJECT-TYPE 968 SYNTAX SnmpAdminString (SIZE(0..32)) 969 MAX-ACCESS not-accessible 970 STATUS current 971 DESCRIPTION 972 "Uniquely identifies an entry in this table." 973 ::= { natConfTcpEntry 1 } 975 natConfTcpNegTimeout OBJECT-TYPE 976 SYNTAX Integer32 (0..2147483647) 977 UNITS "seconds" 978 MAX-ACCESS read-create 979 STATUS current 980 DESCRIPTION 981 "The interval of time for which a TCP protocol session, 982 associated with this configuration, is allowed to remain 983 valid without any activity. This timeout value applies 984 to a TCP session during its establishment and termination 985 phases." 986 -- 1 minute 987 DEFVAL { 60 } 988 ::= { natConfTcpEntry 2 } 990 natConfTcpRowStatus OBJECT-TYPE 991 SYNTAX RowStatus 992 MAX-ACCESS read-create 993 STATUS current 994 DESCRIPTION 995 "The status of this conceptual row." 996 ::= { natConfTcpEntry 3 } 998 -- 999 -- Notification thresholds 1000 -- 1002 natConfAddressRiseThreshold OBJECT-TYPE 1003 SYNTAX Unsigned32 (0..100) 1004 UNITS "percentage" 1005 MAX-ACCESS read-write 1006 STATUS current 1007 DESCRIPTION 1008 "This objects represents the rising threshold value for 1009 generation of the natAddressUseRising notification. A 1010 notification is generated whenever the usage percentage 1011 of the address map is equal to or greater than 1012 natConfAddressRiseThreshold. 1014 Notifications should not be generated when the value of 1015 this object is 0." 1016 DEFVAL { 0 } 1017 ::= { natConfig 11 } 1019 natConfAddressFallThreshold OBJECT-TYPE 1020 SYNTAX Unsigned32 (0..100) 1021 UNITS "percentage" 1022 MAX-ACCESS read-write 1023 STATUS current 1024 DESCRIPTION 1025 "This object represents the falling threshold value for 1026 generation of the natAddressUseRising notification. 1027 This object only represents the lower end of the 1028 hysteresis curve, and notifications are not generated when 1029 this threshold is crossed." 1030 DEFVAL { 0 } 1031 ::= { natConfig 12 } 1033 -- 1034 -- The Translation Group 1035 -- 1037 -- 1038 -- Address Bind section 1039 -- 1041 natAddrBindNumberOfEntries OBJECT-TYPE 1042 SYNTAX Gauge32 1043 MAX-ACCESS read-only 1044 STATUS current 1045 DESCRIPTION 1046 "This object maintains a count of the number of entries 1047 that currently exist in the natAddrBindTable." 1048 ::= { natTranslation 1 } 1050 -- 1051 -- The NAT Address BIND Table 1052 -- 1054 natAddrBindTable OBJECT-TYPE 1055 SYNTAX SEQUENCE OF NatAddrBindEntry 1056 MAX-ACCESS not-accessible 1057 STATUS current 1058 DESCRIPTION 1059 "This table holds information about the currently 1060 active NAT BINDs." 1061 ::= { natTranslation 2 } 1063 natAddrBindEntry OBJECT-TYPE 1064 SYNTAX NatAddrBindEntry 1065 MAX-ACCESS not-accessible 1066 STATUS current 1067 DESCRIPTION 1068 "Each entry in the NAT BIND table holds information 1069 about a NAT BIND that is currently active." 1070 INDEX { natAddrBindLocalAddrType, natAddrBindLocalAddr } 1071 ::= { natAddrBindTable 1 } 1073 NatAddrBindEntry ::= SEQUENCE { 1074 natAddrBindLocalAddrType InetAddressType, 1075 natAddrBindLocalAddr InetAddress, 1076 natAddrBindGlobalAddrType InetAddressType, 1077 natAddrBindGlobalAddr InetAddress, 1078 natAddrBindId Unsigned32, 1079 natAddrBindDirection INTEGER, 1080 natAddrBindType INTEGER, 1081 natAddrBindConfName SnmpAdminString, 1082 natAddrBindSessionCount Gauge32, 1083 natAddrBindCurrentIdleTime TimeTicks, 1084 natAddrBindInTranslate Counter32, 1085 natAddrBindOutTranslate Counter32 1086 } 1088 natAddrBindLocalAddrType OBJECT-TYPE 1089 SYNTAX InetAddressType 1090 MAX-ACCESS not-accessible 1091 STATUS current 1092 DESCRIPTION 1093 "This object specifies the address type used for 1094 natAddrBindLocalAddr." 1095 ::= { natAddrBindEntry 1 } 1097 natAddrBindLocalAddr OBJECT-TYPE 1098 SYNTAX InetAddress 1099 MAX-ACCESS not-accessible 1100 STATUS current 1101 DESCRIPTION 1102 "This object represents the private-realm specific network 1103 layer address, which maps to the public-realm address 1104 represented by natAddrBindGlobalAddr." 1105 ::= { natAddrBindEntry 2 } 1107 natAddrBindGlobalAddrType OBJECT-TYPE 1108 SYNTAX InetAddressType 1109 MAX-ACCESS read-only 1110 STATUS current 1111 DESCRIPTION 1112 "This object specifies the address type used for 1113 natAddrBindGlobalAddr." 1114 ::= { natAddrBindEntry 3 } 1116 natAddrBindGlobalAddr OBJECT-TYPE 1117 SYNTAX InetAddress 1118 MAX-ACCESS read-only 1119 STATUS current 1120 DESCRIPTION 1121 "This object represents the public-realm network layer 1122 address that maps to the private-realm network layer 1123 address represented by natAddrBindLocalAddr." 1124 ::= { natAddrBindEntry 4 } 1126 natAddrBindId OBJECT-TYPE 1127 SYNTAX Unsigned32 1128 MAX-ACCESS read-only 1129 STATUS current 1130 DESCRIPTION 1131 "This object represents a BIND id that is dynamically 1132 assigned to each BIND by a NAT enabled device. Each 1133 BIND is represented by a BIND id that is 1134 unique across both, the Address bind and the 1135 Address-Port bind tables." 1136 ::= { natAddrBindEntry 5 } 1138 natAddrBindDirection OBJECT-TYPE 1139 SYNTAX INTEGER { 1140 uniDirectional (1), 1141 biDirectional (2) 1142 } 1143 MAX-ACCESS read-only 1144 STATUS current 1145 DESCRIPTION 1146 "This object represents the direction of the BIND. 1147 A BIND may be either uni-directional or bi-directional, 1148 same as the orientation of the address map, based on 1149 which this bind is formed." 1150 ::= { natAddrBindEntry 6 } 1152 natAddrBindType OBJECT-TYPE 1153 SYNTAX INTEGER { 1154 static (1), 1155 dynamic (2) 1156 } 1157 MAX-ACCESS read-only 1158 STATUS current 1159 DESCRIPTION 1160 "This object indicates whether the BIND is static or 1161 dynamic." 1162 ::= { natAddrBindEntry 7 } 1164 natAddrBindConfName OBJECT-TYPE 1165 SYNTAX SnmpAdminString (SIZE(1..32)) 1166 MAX-ACCESS read-only 1167 STATUS current 1168 DESCRIPTION 1169 "This object is a pointer to the natConfTable entry (and 1170 the parameters of that entry) which was used in creating 1171 this BIND." 1172 ::= { natAddrBindEntry 8 } 1174 natAddrBindSessionCount OBJECT-TYPE 1175 SYNTAX Gauge32 1176 MAX-ACCESS read-only 1177 STATUS current 1178 DESCRIPTION 1179 "Number of sessions currently using this BIND." 1180 ::= { natAddrBindEntry 9 } 1182 natAddrBindCurrentIdleTime OBJECT-TYPE 1183 SYNTAX TimeTicks 1184 MAX-ACCESS read-only 1185 STATUS current 1186 DESCRIPTION 1187 "At any given instance of time, this object indicates the 1188 time that this BIND has been idle with no sessions 1189 attached to it. 1191 The value of this object is of relevance 1192 only for dynamic NAT." 1193 ::= { natAddrBindEntry 10 } 1195 natAddrBindInTranslate OBJECT-TYPE 1196 SYNTAX Counter32 1197 MAX-ACCESS read-only 1198 STATUS current 1199 DESCRIPTION 1200 "The number of inbound packets that were successfully 1201 translated using this BIND entry." 1202 ::= { natAddrBindEntry 11 } 1204 natAddrBindOutTranslate OBJECT-TYPE 1205 SYNTAX Counter32 1206 MAX-ACCESS read-only 1207 STATUS current 1208 DESCRIPTION 1209 "The number of outbound packets that were successfully 1210 translated using this BIND entry." 1211 ::= { natAddrBindEntry 12 } 1213 -- 1214 -- Address-Port Bind section 1215 -- 1217 natAddrPortBindNumberOfEntries OBJECT-TYPE 1218 SYNTAX Gauge32 1219 MAX-ACCESS read-only 1220 STATUS current 1221 DESCRIPTION 1222 "This object maintains a count of the number of entries 1223 that currently exist in the natAddrPortBindTable." 1224 ::= { natTranslation 3 } 1226 -- 1227 -- The NAT Address-Port BIND Table 1228 -- 1230 natAddrPortBindTable OBJECT-TYPE 1231 SYNTAX SEQUENCE OF NatAddrPortBindEntry 1232 MAX-ACCESS not-accessible 1233 STATUS current 1234 DESCRIPTION 1235 "This table holds information about the currently 1236 active NAPT BINDs." 1237 ::= { natTranslation 4 } 1239 natAddrPortBindEntry OBJECT-TYPE 1240 SYNTAX NatAddrPortBindEntry 1241 MAX-ACCESS not-accessible 1242 STATUS current 1243 DESCRIPTION 1244 "Each entry in the this table holds information 1245 about a NAPT BIND that is currently active." 1246 INDEX { natAddrPortBindLocalAddrType, natAddrPortBindLocalAddr, 1247 natAddrPortBindLocalPort, natAddrPortBindProtocol } 1248 ::= { natAddrPortBindTable 1 } 1250 NatAddrPortBindEntry ::= SEQUENCE { 1251 natAddrPortBindLocalAddrType InetAddressType, 1252 natAddrPortBindLocalAddr InetAddress, 1253 natAddrPortBindLocalPort Integer32, 1254 natAddrPortBindProtocol NATProtocolType, 1255 natAddrPortBindGlobalAddrType InetAddressType, 1256 natAddrPortBindGlobalAddr InetAddress, 1257 natAddrPortBindGlobalPort Integer32, 1258 natAddrPortBindId Unsigned32, 1259 natAddrPortBindDirection INTEGER, 1260 natAddrPortBindType INTEGER, 1261 natAddrPortBindConfName SnmpAdminString, 1262 natAddrPortBindSessionCount Gauge32, 1263 natAddrPortBindCurrentIdleTime TimeTicks, 1264 natAddrPortBindInTranslate Counter32, 1265 natAddrPortBindOutTranslate Counter32 1266 } 1268 natAddrPortBindLocalAddrType OBJECT-TYPE 1269 SYNTAX InetAddressType 1270 MAX-ACCESS not-accessible 1271 STATUS current 1272 DESCRIPTION 1273 "This object specifies the address type used for 1274 natAddrPortBindLocalAddr." 1275 ::= { natAddrPortBindEntry 1 } 1277 natAddrPortBindLocalAddr OBJECT-TYPE 1278 SYNTAX InetAddress 1279 MAX-ACCESS not-accessible 1280 STATUS current 1281 DESCRIPTION 1282 "This object represents the private-realm specific network 1283 layer address which, in conjunction with 1284 natAddrPortBindLocalPort, maps to the public-realm 1285 network layer address and transport id represented by 1286 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort 1287 respectively." 1288 ::= { natAddrPortBindEntry 2 } 1290 natAddrPortBindLocalPort OBJECT-TYPE 1291 SYNTAX Integer32(0..65535) 1292 MAX-ACCESS not-accessible 1293 STATUS current 1294 DESCRIPTION 1295 "This object represents the private-realm specific port 1296 number (or query ID in case of ICMP messages) which, in 1297 conjunction with natAddrPortBindLocalAddr, maps to the 1298 public-realm network layer address and transport id 1299 represented by natAddrPortBindGlobalAddr and 1300 natAddrPortBindGlobalPort respectively." 1301 ::= { natAddrPortBindEntry 3 } 1303 natAddrPortBindProtocol OBJECT-TYPE 1304 SYNTAX NATProtocolType 1305 MAX-ACCESS not-accessible 1306 STATUS current 1307 DESCRIPTION 1308 "This object specifies a protocol identifier. If the 1309 value of this object is none(1), then this BIND entry 1310 applies to all IP traffic. Any other value of this object 1311 specifies the class of IP traffic to which this BIND 1312 applies." 1313 ::= { natAddrPortBindEntry 4 } 1315 natAddrPortBindGlobalAddrType OBJECT-TYPE 1316 SYNTAX InetAddressType 1317 MAX-ACCESS read-only 1318 STATUS current 1319 DESCRIPTION 1320 "This object specifies the address type used for 1321 natAddrPortBindGlobalAddr." 1322 ::= { natAddrPortBindEntry 5 } 1324 natAddrPortBindGlobalAddr OBJECT-TYPE 1325 SYNTAX InetAddress 1326 MAX-ACCESS read-only 1327 STATUS current 1328 DESCRIPTION 1329 "This object represents the public-realm specific network 1330 layer address that, in conjunction with 1331 natAddrPortBindGlobalPort, maps to the private-realm 1332 network layer address and transport id represented by 1333 natAddrPortBindLocalAddr and natAddrPortBindLocalPort 1334 respectively." 1335 ::= { natAddrPortBindEntry 6 } 1337 natAddrPortBindGlobalPort OBJECT-TYPE 1338 SYNTAX Integer32(0..65535) 1339 MAX-ACCESS read-only 1340 STATUS current 1341 DESCRIPTION 1342 "This object represents the port number (or query id in 1343 case of ICMP) that, in conjunction with 1344 natAddrPortBindGlobalAddr, maps to the private-realm 1345 network layer address and transport id represented by 1346 natAddrPortBindLocalAddr and natAddrPortBindLocalPort 1347 respectively." 1348 ::= { natAddrPortBindEntry 7 } 1350 natAddrPortBindId OBJECT-TYPE 1351 SYNTAX Unsigned32 1352 MAX-ACCESS read-only 1353 STATUS current 1354 DESCRIPTION 1355 "This object represents a BIND id that is dynamically 1356 assigned to each BIND by a NAT enabled device. Each 1357 BIND is represented by a unique BIND id across both, 1358 the Address Bind and Address-Port Bind tables." 1359 ::= { natAddrPortBindEntry 8 } 1361 natAddrPortBindDirection OBJECT-TYPE 1362 SYNTAX INTEGER { 1363 uniDirectional (1), 1364 biDirectional (2) 1365 } 1366 MAX-ACCESS read-only 1367 STATUS current 1368 DESCRIPTION 1369 "This object represents the direction of the BIND. A 1370 BIND may be either uni-directional or bi-directional, 1371 same as the orientation of the address map, based on 1372 which this bind is formed." 1373 ::= { natAddrPortBindEntry 9 } 1375 natAddrPortBindType OBJECT-TYPE 1376 SYNTAX INTEGER { 1377 static (1), 1378 dynamic (2) 1379 } 1380 MAX-ACCESS read-only 1381 STATUS current 1382 DESCRIPTION 1383 "This object indicates whether the BIND is static or 1384 dynamic." 1385 ::= { natAddrPortBindEntry 10 } 1387 natAddrPortBindConfName OBJECT-TYPE 1388 SYNTAX SnmpAdminString 1389 MAX-ACCESS read-only 1390 STATUS current 1391 DESCRIPTION 1392 "This object is a pointer to the natConfTable entry (and 1393 the parameters of that entry) which was used in creating 1394 this BIND." 1395 ::= { natAddrPortBindEntry 11 } 1397 natAddrPortBindSessionCount OBJECT-TYPE 1398 SYNTAX Gauge32 1399 MAX-ACCESS read-only 1400 STATUS current 1401 DESCRIPTION 1402 "Number of sessions currently using this BIND." 1403 ::= { natAddrPortBindEntry 12 } 1405 natAddrPortBindCurrentIdleTime OBJECT-TYPE 1406 SYNTAX TimeTicks 1407 MAX-ACCESS read-only 1408 STATUS current 1409 DESCRIPTION 1410 "At any given instance of time, this object indicates the 1411 time that this BIND has been idle with no sessions 1412 attached to it. The value of this object is of relevance 1413 only for dynamic NAT." 1414 ::= { natAddrPortBindEntry 13 } 1416 natAddrPortBindInTranslate OBJECT-TYPE 1417 SYNTAX Counter32 1418 MAX-ACCESS read-only 1419 STATUS current 1420 DESCRIPTION 1421 "The number of inbound packets that were translated as per 1422 this BIND entry." 1423 ::= { natAddrPortBindEntry 14 } 1425 natAddrPortBindOutTranslate OBJECT-TYPE 1426 SYNTAX Counter32 1427 MAX-ACCESS read-only 1428 STATUS current 1429 DESCRIPTION 1430 "The number of outbound packets that were translated as per 1431 this BIND entry." 1432 ::= { natAddrPortBindEntry 15 } 1434 -- 1435 -- The Session Table 1436 -- 1438 natSessionTable OBJECT-TYPE 1439 SYNTAX SEQUENCE OF NatSessionEntry 1440 MAX-ACCESS not-accessible 1441 STATUS current 1442 DESCRIPTION 1443 "The (conceptual) table containing one entry for each 1444 NAT session currently active on this NAT device." 1445 ::= { natTranslation 5 } 1447 natSessionEntry OBJECT-TYPE 1448 SYNTAX NatSessionEntry 1449 MAX-ACCESS not-accessible 1450 STATUS current 1451 DESCRIPTION 1452 "An entry (conceptual row) containing information 1453 about an active NAT session on this NAT device." 1454 INDEX { natSessionBindId, natSessionId } 1455 ::= { natSessionTable 1 } 1457 NatSessionEntry ::= SEQUENCE { 1458 natSessionBindId Unsigned32, 1459 natSessionId Unsigned32, 1460 natSessionDirection INTEGER, 1461 natSessionUpTime TimeTicks, 1462 natSessionProtocolType NATProtocolType, 1463 natSessionOrigPrivateAddrType InetAddressType, 1464 natSessionOrigPrivateAddr InetAddress, 1465 natSessionTransPrivateAddrType InetAddressType, 1466 natSessionTransPrivateAddr InetAddress, 1467 natSessionOrigPrivatePort Integer32, 1468 natSessionTransPrivatePort Integer32, 1469 natSessionOrigPublicAddrType InetAddressType, 1470 natSessionOrigPublicAddr InetAddress, 1471 natSessionTransPublicAddrType InetAddressType, 1472 natSessionTransPublicAddr InetAddress, 1473 natSessionOrigPublicPort Integer32, 1474 natSessionTransPublicPort Integer32, 1475 natSessionCurrentIdletime TimeTicks, 1476 natSessionSecondBindId Unsigned32, 1477 natSessionInTranslate Counter32, 1478 natSessionOutTranslate Counter32 1479 } 1481 natSessionBindId OBJECT-TYPE 1482 SYNTAX Unsigned32 1483 MAX-ACCESS not-accessible 1484 STATUS current 1485 DESCRIPTION 1486 "This object represents a BIND id that is dynamically 1487 assigned to each BIND by a NAT enabled device. This 1488 bind id is that same as represented by the BindId 1489 objects in the Address bind and Address-Port bind 1490 tables." 1491 ::= { natSessionEntry 1 } 1493 natSessionId OBJECT-TYPE 1494 SYNTAX Unsigned32 1495 MAX-ACCESS not-accessible 1496 STATUS current 1497 DESCRIPTION 1498 "The session ID for this NAT session." 1499 ::= { natSessionEntry 2 } 1501 natSessionDirection OBJECT-TYPE 1502 SYNTAX INTEGER { 1503 inbound (1), 1504 outbound (2) 1505 } 1506 MAX-ACCESS read-only 1507 STATUS current 1508 DESCRIPTION 1509 "The direction of this session with respect to the 1510 local network. 'inbound' indicates that this session 1511 was initiated from the public network into the private 1512 network. 'outbound' indicates that this session was 1513 initiated from the private network into the public 1514 network." 1515 ::= { natSessionEntry 3 } 1517 natSessionUpTime OBJECT-TYPE 1518 SYNTAX TimeTicks 1519 MAX-ACCESS read-only 1520 STATUS current 1521 DESCRIPTION 1522 "The up time of this session in one-hundredths of a 1523 second." 1524 ::= { natSessionEntry 4 } 1526 natSessionProtocolType OBJECT-TYPE 1527 SYNTAX NATProtocolType 1528 MAX-ACCESS read-only 1529 STATUS current 1530 DESCRIPTION 1531 "The protocol type of this session. 1533 TCP and UDP sessions are uniquely identified by the 1534 tuple of (source IP address, source TCP/UDP port, 1535 destination IP address, destination TCP/UDP port). 1536 ICMP query sessions are identified by the tuple of 1537 (source IP address, ICMP query ID, destination IP 1538 address)." 1539 ::= { natSessionEntry 5 } 1541 natSessionOrigPrivateAddrType OBJECT-TYPE 1542 SYNTAX InetAddressType 1543 MAX-ACCESS read-only 1544 STATUS current 1545 DESCRIPTION 1546 "This object specifies the address type used for 1547 natSessionOrigPrivateAddr." 1548 ::= { natSessionEntry 6 } 1550 natSessionOrigPrivateAddr OBJECT-TYPE 1551 SYNTAX InetAddress 1552 MAX-ACCESS read-only 1553 STATUS current 1554 DESCRIPTION 1555 "The original IP address of the session endpoint that 1556 lies in the private network." 1557 ::= { natSessionEntry 7 } 1559 natSessionTransPrivateAddrType OBJECT-TYPE 1560 SYNTAX InetAddressType 1561 MAX-ACCESS read-only 1562 STATUS current 1563 DESCRIPTION 1564 "This object specifies the address type used for 1565 natSessionTransPrivateAddr." 1566 ::= { natSessionEntry 8 } 1568 natSessionTransPrivateAddr OBJECT-TYPE 1569 SYNTAX InetAddress 1570 MAX-ACCESS read-only 1571 STATUS current 1572 DESCRIPTION 1573 "The translated IP address of the session endpoint that 1574 lies in the private network. The value of this object 1575 is equal to that of the original public IP Address 1576 (natSessionOrigPrivateAddr) when there is no 1577 translation." 1578 ::= { natSessionEntry 9 } 1580 natSessionOrigPrivatePort OBJECT-TYPE 1581 SYNTAX Integer32 (0..65535) 1582 MAX-ACCESS read-only 1583 STATUS current 1584 DESCRIPTION 1585 "The original transport port of the session endpoint that 1586 belongs to the private network. If this is an ICMP 1587 session then the value is the ICMP request ID. The value 1588 of this object should be 0 when the port is not involved 1589 in the translation." 1590 ::= { natSessionEntry 10 } 1592 natSessionTransPrivatePort OBJECT-TYPE 1593 SYNTAX Integer32 (0..65535) 1594 MAX-ACCESS read-only 1595 STATUS current 1596 DESCRIPTION 1597 "The translated transport port of the session that lies in 1598 the private network.The value of this object is equal to 1599 that of the original transport port 1600 (natSessionOrigPrivatePort) when there is no 1601 translation." 1602 ::= { natSessionEntry 11 } 1604 natSessionOrigPublicAddrType OBJECT-TYPE 1605 SYNTAX InetAddressType 1606 MAX-ACCESS read-only 1607 STATUS current 1608 DESCRIPTION 1609 "This object specifies the address type used for 1610 natSessionOrigPublicAddr." 1611 ::= { natSessionEntry 12 } 1613 natSessionOrigPublicAddr OBJECT-TYPE 1614 SYNTAX InetAddress 1615 MAX-ACCESS read-only 1616 STATUS current 1617 DESCRIPTION 1618 "The original IP address of the session endpoint that lies 1619 in the public network." 1620 ::= { natSessionEntry 13 } 1622 natSessionTransPublicAddrType OBJECT-TYPE 1623 SYNTAX InetAddressType 1624 MAX-ACCESS read-only 1625 STATUS current 1626 DESCRIPTION 1627 "This object specifies the address type used for 1628 natSessionTransPublicAddr." 1629 ::= { natSessionEntry 14 } 1631 natSessionTransPublicAddr OBJECT-TYPE 1632 SYNTAX InetAddress 1633 MAX-ACCESS read-only 1634 STATUS current 1635 DESCRIPTION 1636 "The translated IP address of the session endpoint that 1637 belongs to the public network. The value of this object 1638 is equal to that of the original public IP Address 1639 (natSessionOrigPublicAddr) when there is no 1640 translation." 1641 ::= { natSessionEntry 15 } 1643 natSessionOrigPublicPort OBJECT-TYPE 1644 SYNTAX Integer32 (0..65535) 1645 MAX-ACCESS read-only 1646 STATUS current 1647 DESCRIPTION 1648 "The original transport port of the session endpoint that 1649 belongs to the public network. If this is an ICMP 1650 session then the value contains the ICMP request ID. 1651 The value of this object should be 0 when the port is 1652 not involved in the translation." 1653 ::= { natSessionEntry 16 } 1655 natSessionTransPublicPort OBJECT-TYPE 1656 SYNTAX Integer32 (0..65535) 1657 MAX-ACCESS read-only 1658 STATUS current 1659 DESCRIPTION 1660 "The translated transport port of the session endpoint 1661 that belongs to the public network. The value of this 1662 object is equal to that of the original transport port 1663 (natSessionOrigPublicPort) when there is no 1664 translation." 1665 ::= { natSessionEntry 17 } 1667 natSessionCurrentIdletime OBJECT-TYPE 1668 SYNTAX TimeTicks 1669 MAX-ACCESS read-only 1670 STATUS current 1671 DESCRIPTION 1672 "The time in one-hundredths of a second since a packet 1673 belonging to this session was last detected." 1674 ::= { natSessionEntry 18 } 1676 natSessionSecondBindId OBJECT-TYPE 1677 SYNTAX Unsigned32 1678 MAX-ACCESS read-only 1679 STATUS current 1680 DESCRIPTION 1681 "The natBindId of the 'other' NAT binding incase of Twice 1682 NAT. 1684 An instance of this object contains a valid value 1685 only if the binding type for this session is TwiceNAT." 1686 ::= { natSessionEntry 19 } 1688 natSessionInTranslate OBJECT-TYPE 1689 SYNTAX Counter32 1690 MAX-ACCESS read-only 1691 STATUS current 1692 DESCRIPTION 1693 "The number of inbound packets that were translated for 1694 this session." 1695 ::= { natSessionEntry 20 } 1697 natSessionOutTranslate OBJECT-TYPE 1698 SYNTAX Counter32 1699 MAX-ACCESS read-only 1700 STATUS current 1701 DESCRIPTION 1702 "The number of outbound packets that were translated for 1703 this session." 1704 ::= { natSessionEntry 21 } 1706 -- 1707 -- natStatistics Group 1708 -- 1710 -- 1711 -- The Protocol Stats table 1712 -- 1714 natProtocolStatsTable OBJECT-TYPE 1715 SYNTAX SEQUENCE OF NatProtocolStatsEntry 1716 MAX-ACCESS not-accessible 1717 STATUS current 1718 DESCRIPTION 1719 "The (conceptual) table containing per protocol NAT 1720 statistics." 1721 ::= { natStatistics 1 } 1723 natProtocolStatsEntry OBJECT-TYPE 1724 SYNTAX NatProtocolStatsEntry 1725 MAX-ACCESS not-accessible 1726 STATUS current 1727 DESCRIPTION 1728 "An entry (conceptual row) containing NAT statistics 1729 pertaining to a particular protocol." 1730 INDEX { natProtocolStatsName } 1731 ::= { natProtocolStatsTable 1 } 1733 NatProtocolStatsEntry ::= SEQUENCE { 1734 natProtocolStatsName NATProtocolType, 1735 natProtocolStatsInTranslate Counter32, 1736 natProtocolStatsOutTranslate Counter32, 1737 natProtocolStatsRejectCount Counter32 1738 } 1740 natProtocolStatsName OBJECT-TYPE 1741 SYNTAX NATProtocolType 1742 MAX-ACCESS not-accessible 1743 STATUS current 1744 DESCRIPTION 1745 "This object represents the protocol pertaining to which 1746 statistics are reported." 1747 ::= { natProtocolStatsEntry 1 } 1749 natProtocolStatsInTranslate OBJECT-TYPE 1750 SYNTAX Counter32 1751 MAX-ACCESS read-only 1752 STATUS current 1753 DESCRIPTION 1754 "The number of inbound packets, pertaining to the protocol 1755 identified by natProtocolStatsName, that underwent NAT." 1756 ::= { natProtocolStatsEntry 2 } 1758 natProtocolStatsOutTranslate OBJECT-TYPE 1759 SYNTAX Counter32 1760 MAX-ACCESS read-only 1761 STATUS current 1762 DESCRIPTION 1763 "The number of outbound packets, pertaining to the protocol 1764 identified by natProtocolStatsName, that underwent NAT." 1765 ::= { natProtocolStatsEntry 3 } 1767 natProtocolStatsRejectCount OBJECT-TYPE 1768 SYNTAX Counter32 1769 MAX-ACCESS read-only 1770 STATUS current 1771 DESCRIPTION 1772 "The number of packets, pertaining to the protocol 1773 identified by natProtocolStatsName, that had to be 1774 rejected/dropped due to lack of resources. These 1775 rejections could be due to session timeout, resource 1776 unavailability, lack of address space etc." 1777 ::= { natProtocolStatsEntry 4 } 1779 -- 1780 -- The Address Map Stats table 1781 -- 1783 natAddrMapStatsTable OBJECT-TYPE 1784 SYNTAX SEQUENCE OF NatAddrMapStatsEntry 1785 MAX-ACCESS not-accessible 1786 STATUS current 1787 DESCRIPTION 1788 "The (conceptual) table containing per address map NAT 1789 statistics." 1790 ::= { natStatistics 2 } 1792 natAddrMapStatsEntry OBJECT-TYPE 1793 SYNTAX NatAddrMapStatsEntry 1794 MAX-ACCESS not-accessible 1795 STATUS current 1796 DESCRIPTION 1797 "An entry (conceptual row) containing NAT statistics per 1798 address map." 1799 AUGMENTS { natConfAddrMapEntry } 1800 ::= { natAddrMapStatsTable 1 } 1802 NatAddrMapStatsEntry ::= SEQUENCE { 1803 natAddrMapStatsInTranslate Counter32, 1804 natAddrMapStatsOutTranslate Counter32, 1805 natAddrMapStatsNoResource Counter32, 1806 natAddrMapStatsAddrUsed Gauge32 1807 } 1808 natAddrMapStatsInTranslate OBJECT-TYPE 1809 SYNTAX Counter32 1810 MAX-ACCESS read-only 1811 STATUS current 1812 DESCRIPTION 1813 "The number of inbound packets, pertaining to this address 1814 map entry, that were translated." 1815 ::= { natAddrMapStatsEntry 3 } 1817 natAddrMapStatsOutTranslate OBJECT-TYPE 1818 SYNTAX Counter32 1819 MAX-ACCESS read-only 1820 STATUS current 1821 DESCRIPTION 1822 "The number of outbound packets, pertaining to this 1823 address map entry, that were translated." 1824 ::= { natAddrMapStatsEntry 4 } 1826 natAddrMapStatsNoResource OBJECT-TYPE 1827 SYNTAX Counter32 1828 MAX-ACCESS read-only 1829 STATUS current 1830 DESCRIPTION 1831 "The number of packets, pertaining to this address map 1832 entry, that were dropped due to lack of addresses in the 1833 address pool identified by this address map. The value of 1834 this object should always be zero in case of static 1835 address map." 1836 ::= { natAddrMapStatsEntry 5 } 1838 natAddrMapStatsAddrUsed OBJECT-TYPE 1839 SYNTAX Gauge32 1840 MAX-ACCESS read-only 1841 STATUS current 1842 DESCRIPTION 1843 "The number of addresses, pertaining to this address map, 1844 that are currently being used from the nat pool. The 1845 value of this object is irrelevant if the address map in 1846 question is a static address map." 1847 ::= { natAddrMapStatsEntry 6 } 1849 -- 1850 -- The Interface Stats table 1851 -- 1853 natInterfaceStatsTable OBJECT-TYPE 1854 SYNTAX SEQUENCE OF NatInterfaceStatsEntry 1855 MAX-ACCESS not-accessible 1856 STATUS current 1857 DESCRIPTION 1858 "This table augments the natInterfaceTable and provides 1859 statistics information pertaining to the specified 1860 interface." 1861 ::= { natStatistics 3 } 1863 natInterfaceStatsEntry OBJECT-TYPE 1864 SYNTAX NatInterfaceStatsEntry 1865 MAX-ACCESS not-accessible 1866 STATUS current 1867 DESCRIPTION 1868 "Each entry of the natInterfaceStatsTable represents stats 1869 pertaining to one interface, which is identified by its 1870 ifIndex." 1871 AUGMENTS { natInterfaceEntry } 1872 ::= { natInterfaceStatsTable 1 } 1874 NatInterfaceStatsEntry ::= SEQUENCE { 1875 natInterfacePktsIn Counter32, 1876 natInterfacePktsOut Counter32 1877 } 1879 natInterfacePktsIn OBJECT-TYPE 1880 SYNTAX Counter32 1881 MAX-ACCESS read-only 1882 STATUS current 1883 DESCRIPTION 1884 "Number of packets received on this interface that 1885 were translated." 1886 ::= { natInterfaceStatsEntry 1 } 1888 natInterfacePktsOut OBJECT-TYPE 1889 SYNTAX Counter32 1890 MAX-ACCESS read-only 1891 STATUS current 1892 DESCRIPTION 1893 "Number of translated packets that were sent out this 1894 interface." 1895 ::= { natInterfaceStatsEntry 2 } 1897 -- 1898 -- Notifications section 1899 -- 1901 natNotificationPrefix OBJECT IDENTIFIER ::= { natMIB 2 } 1902 natNotifications OBJECT IDENTIFIER ::= 1903 { natNotificationPrefix 0 } 1905 -- 1906 -- Notification objects i.e. objects accessible only for notification 1907 -- purpose. 1908 -- 1910 natNotificationObjects OBJECT IDENTIFIER ::= 1911 { natNotificationPrefix 1 } 1913 natAddrMapName OBJECT-TYPE 1914 SYNTAX SnmpAdminString 1915 MAX-ACCESS accessible-for-notify 1916 STATUS current 1917 DESCRIPTION 1918 "This object represent the address map corresponding to 1919 which the addresses/ports have been exhausted, thereby 1920 resulting in a natPacketDiscard notification." 1921 ::= { natNotificationObjects 1 } 1923 natPktDiscardReason OBJECT-TYPE 1924 SYNTAX INTEGER { 1925 other (1), 1926 addressSpaceExhausted (2) 1927 } 1928 MAX-ACCESS accessible-for-notify 1929 STATUS current 1930 DESCRIPTION 1931 "This object represents the reason for which a packet is 1932 discarded by NAT. 1934 addressSpaceExhausted (2) represents a situation wherein 1935 the address space required to do this mapping has been 1936 exhausted (used up by other translations). 1938 other (1) represents a case where the packet was 1939 discarded due to any other reasons." 1940 ::= { natNotificationObjects 2 } 1942 -- 1943 -- Notifications 1944 -- 1946 natAddressUseRising NOTIFICATION-TYPE 1947 OBJECTS { natAddrMapStatsAddrUsed } 1948 STATUS current 1949 DESCRIPTION 1950 "This notification is generated whenever the number of 1951 addresses per address map is equal to or greater than the 1952 configured address rising threshold value. 1954 Note that once this notification is generated, another 1955 notification for the same address map should be generated 1956 only after the address usage falls to/below the defined 1957 falling threshold. 1959 This notification should be generated only for dynamic 1960 address maps, since they do not provide any useful 1961 information for static maps." 1962 ::= { natNotifications 1 } 1964 natPacketDiscard NOTIFICATION-TYPE 1965 OBJECTS { natAddrMapName, natPktDiscardReason } 1966 STATUS current 1967 DESCRIPTION 1968 "This notification is generated whenever packets are 1969 discarded e.g. due to lack of mapping space when we run 1970 out of address/ports in case of NAT/NAPT respectively. 1972 An agent should not generate more than one 1973 natPacketDiscard 'notification-events' in a given time 1974 interval (five seconds is the suggested default). A 1975 'notification-event' is the transmission of a single 1976 trap or inform PDU to a list of notification 1977 destinations. 1979 If additional nat packets are discarded within the 1980 throttling period, then notification-events for these 1981 changes should be suppressed by the agent until the 1982 current throttling period expires. At the end of a 1983 throttling period, one notification-event should be 1984 generated if any NAT packet was discarded since the 1985 start of the throttling period. In such a case, another 1986 throttling period is started right away." 1987 ::= { natNotifications 2 } 1989 -- 1990 -- Conformance information. 1991 -- 1993 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 3 } 1994 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 1 } 1995 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 2 } 1997 -- 1998 -- Compliance statements 1999 -- 2001 natMIBCompliance MODULE-COMPLIANCE 2002 STATUS current 2003 DESCRIPTION 2004 "The compliance statement for devices running NAT." 2005 MODULE -- this module 2006 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup } 2008 GROUP natConfProtGroup 2009 DESCRIPTION 2010 "This group is mandatory if any of the protocol 2011 specific tables (below) are supported." 2013 GROUP natConfTcpGroup 2014 DESCRIPTION 2015 "This group is optional." 2017 ::= { natMIBCompliances 1 } 2019 -- 2020 -- Units of conformance 2021 -- 2023 natConfigGroup OBJECT-GROUP 2024 OBJECTS { natConfServiceType, 2025 natConfProtConfigName, 2026 natConfStorageType, 2027 natConfStatus, 2028 natConfAddrMapEntryType, 2029 natConfAddrMapType, 2030 natConfLocalAddrType, 2031 natConfLocalAddrFrom, 2032 natConfLocalAddrTo, 2033 natConfLocalPortFrom, 2034 natConfLocalPortTo, 2035 natConfGlobalAddrType, 2036 natConfGlobalAddrFrom, 2037 natConfGlobalAddrTo, 2038 natConfGlobalPortFrom, 2039 natConfGlobalPortTo, 2040 natConfProtocol, 2041 natConfAddrMapStorageType, 2042 natConfAddrMapStatus, 2043 natInterfaceRealm, 2044 natInterfaceStorageType, 2045 natInterfaceStatus, 2046 natConfUdpDefIdleTimeout, 2047 natConfIcmpDefIdleTimeout, 2048 natConfOtherDefIdleTimeout, 2049 natConfTcpDefIdleTimeout, 2050 natConfTcpDefNegTimeout } 2051 STATUS current 2052 DESCRIPTION 2053 "A collection of configuration-related information 2054 required to support management of devices supporting 2055 NAT." 2056 ::= { natMIBGroups 1 } 2058 natTranslationGroup OBJECT-GROUP 2059 OBJECTS { natAddrBindNumberOfEntries, 2060 natAddrBindGlobalAddrType, 2061 natAddrBindGlobalAddr, 2062 natAddrBindId, 2063 natAddrBindDirection, 2064 natAddrBindType, 2065 natAddrBindConfName, 2066 natAddrBindSessionCount, 2067 natAddrBindCurrentIdleTime, 2068 natAddrBindInTranslate, 2069 natAddrBindOutTranslate, 2070 natAddrPortBindNumberOfEntries, 2071 natAddrPortBindGlobalAddrType, 2072 natAddrPortBindGlobalAddr, 2073 natAddrPortBindGlobalPort, 2074 natAddrPortBindId, 2075 natAddrPortBindDirection, 2076 natAddrPortBindType, 2077 natAddrPortBindConfName, 2078 natAddrPortBindSessionCount, 2079 natAddrPortBindCurrentIdleTime, 2080 natAddrPortBindInTranslate, 2081 natAddrPortBindOutTranslate, 2082 natSessionDirection, 2083 natSessionUpTime, 2084 natSessionProtocolType, 2085 natSessionOrigPrivateAddrType, 2086 natSessionOrigPrivateAddr, 2087 natSessionTransPrivateAddrType, 2088 natSessionTransPrivateAddr, 2089 natSessionOrigPrivatePort, 2090 natSessionTransPrivatePort, 2091 natSessionOrigPublicAddrType, 2092 natSessionOrigPublicAddr, 2093 natSessionTransPublicAddrType, 2094 natSessionTransPublicAddr, 2095 natSessionOrigPublicPort, 2096 natSessionTransPublicPort, 2097 natSessionCurrentIdletime, 2098 natSessionSecondBindId, 2099 natSessionInTranslate, 2100 natSessionOutTranslate } 2101 STATUS current 2102 DESCRIPTION 2103 "A collection of BIND-related objects required to support 2104 management of devices supporting NAT." 2105 ::= { natMIBGroups 2 } 2107 natStatsGroup OBJECT-GROUP 2108 OBJECTS { natProtocolStatsInTranslate, 2109 natProtocolStatsOutTranslate, 2110 natProtocolStatsRejectCount, 2111 natAddrMapStatsInTranslate, 2112 natAddrMapStatsOutTranslate, 2113 natAddrMapStatsNoResource, 2114 natAddrMapStatsAddrUsed, 2115 natInterfacePktsIn, 2116 natInterfacePktsOut } 2117 STATUS current 2118 DESCRIPTION 2119 "A collection of NAT statistics related objects required 2120 to support troubleshooting/monitoring NAT operation." 2121 ::= { natMIBGroups 3 } 2123 natConfProtGroup OBJECT-GROUP 2124 OBJECTS { natConfProtSpecName, 2125 natConfProtIdleTimeout, 2126 natConfProtRowStatus } 2127 STATUS current 2128 DESCRIPTION 2129 "A collection of objects to facilitate protocol related 2130 NAT configuration." 2131 ::= { natMIBGroups 4 } 2133 natConfTcpGroup OBJECT-GROUP 2134 OBJECTS { natConfTcpNegTimeout, 2135 natConfTcpRowStatus } 2136 STATUS current 2137 DESCRIPTION 2138 "A collection of TCP related NAT parameter objects 2139 used for NAT configuration." 2140 ::= { natMIBGroups 5 } 2142 natMIBNotifConfigGroup OBJECT-GROUP 2143 OBJECTS { natConfAddressRiseThreshold, 2144 natConfAddressFallThreshold } 2145 STATUS current 2146 DESCRIPTION 2147 "A collection of configuration objects required to support 2148 the threshold-based notifications." 2149 ::= { natMIBGroups 6 } 2151 natMIBNotificationObjectsGroup OBJECT-GROUP 2152 OBJECTS { natAddrMapName, 2153 natPktDiscardReason } 2154 STATUS current 2155 DESCRIPTION 2156 "A collection of objects required to support NAT 2157 notifications." 2158 ::= { natMIBGroups 7 } 2160 natMIBNotificationGroup NOTIFICATION-GROUP 2161 NOTIFICATIONS { natAddressUseRising, 2162 natPacketDiscard } 2163 STATUS current 2164 DESCRIPTION 2165 "A collection of notifications which are generated by 2166 devices supporting this MIB." 2167 ::= { natMIBGroups 8 } 2169 END 2170 NAT-TC DEFINITIONS ::= BEGIN 2172 IMPORTS 2173 MODULE-IDENTITY, 2174 mib-2 2175 FROM SNMPv2-SMI 2176 TEXTUAL-CONVENTION 2177 FROM SNMPv2-TC; 2179 natTextualConventions MODULE-IDENTITY 2180 LAST-UPDATED "200111090000Z" 2181 ORGANIZATION "IETF NAT Working Group" 2182 CONTACT-INFO 2183 " Rohit 2184 World Wide Packets 2185 115 North Sullivan Road 2186 Veradale, Spokane, WA 99037 2187 Phone: +1 509 242 9320 2188 Email: Rohit.Rohit@worldwidepackets.com 2190 Nalinaksh Pai 2191 Cisco Systems, Inc. 2192 Prestige Waterford 2193 No. 9, Brunton Road 2194 Bangalore - 560 025 2195 India 2196 Phone: +91 80 532 1300 2197 Email: npai@cisco.com 2199 Rajiv Raghunarayan 2200 Cisco Systems, Inc. 2201 Prestige Waterford 2202 No. 9, Brunton Road 2203 Bangalore - 560 025 2204 India 2205 Phone: +91 80 532 1300 2206 Email: rrajiv@cisco.com 2208 Cliff Wang 2209 SmartPipes Inc. 2210 Suite 300, 565 Metro Place South 2211 Dublin, OH 43017 2212 Phone: +1 614 923 6241 2213 Email: CWang@smartpipes.com 2215 P. Srisuresh 2216 Kuokoa networks 2217 2901 Tasman Drive, Suite 202 2218 Santa Clara, CA 95054 2219 Phone: +1 408 970 0000 2220 Email: srisuresh@yahoo.com 2221 " 2223 DESCRIPTION 2224 "This MIB module defines the NATProtocolType textual 2225 convention for use in MIBs that need to identify the 2226 protocols which support network address translation." 2228 REVISION "200111090000Z" -- 9th Nov. 2001 2229 DESCRIPTION 2230 "Initial version of this MIB module." 2232 ::= { mib-2 xx } -- to be assigned by RFC-editor 2234 NATProtocolType ::= TEXTUAL-CONVENTION 2235 STATUS current 2236 DESCRIPTION 2237 "A list of protocols that are affected/support 2238 network address translation. Inclusion of values is 2239 not intended to imply that those protocols need be 2240 supported." 2241 SYNTAX INTEGER { 2242 none (1), -- not specified 2243 other (2), -- none of the following 2244 icmp (3), 2245 udp (4), 2246 tcp (5) 2247 } 2249 END 2250 7. Security Considerations 2252 This MIB contains readable objects whose values provide information 2253 related to nat binds and sessions. Some of these objects could 2254 contain sensitive information e.g. bind information. There are 2255 a number of management objects defined in this MIB that have a 2256 MAX-ACCESS clause of read-write and/or read-create. Such objects 2257 may be considered sensitive or vulnerable in some network 2258 environments. 2260 While unauthorized access to the readable objects may be relatively 2261 innocuous, unauthorized access to the write-able objects could 2262 cause a denial of service, and/or widespread network 2263 disturbance. Hence, the support for SET operations in a non-secure 2264 environment without proper protection can have a negative effect on 2265 network operations. 2267 SNMPv1 by itself is not a secure environment. Even if the network 2268 itself is secure, there is no control as to who on the secure 2269 network is allowed to access and GET/SET (read/change/create/delete) 2270 the objects in this MIB. 2272 It is recommended that the implementors consider the security 2273 features as provided by the SNMPv3 framework. Specifically, the use 2274 of the User-based Security Model RFC 2574 [12] and the View-based 2275 Access Control Model RFC 2575 [15] is recommended. 2277 It is then a customer/user responsibility to ensure that the SNMP 2278 entity giving access to an instance of this MIB, is properly 2279 configured to give access to the objects only to those 2280 principals (users) that have legitimate rights to indeed GET or 2281 SET (change/create/delete) them. 2283 8. References 2285 [1] Wijnen, B., Harrington, D. and R. Presuhn, "An Architecture 2286 for Describing SNMP Management Frameworks", RFC 2571, April 2287 1999. 2289 [2] Rose, M. and K. McCloghrie, "Structure and Identification of 2290 Management Information for TCP/IP-based Internets", STD 16, 2291 RFC 1155, May 1990. 2293 [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, 2294 RFC 1212, March 1991. 2296 [4] Rose, M., "A Convention for Defining Traps for use with the 2297 SNMP", RFC 1215, March 1991. 2299 [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2300 Rose, M. and S. Waldbusser, "Structure of Management 2301 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 2303 [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2304 Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", 2305 STD 58, RFC 2579, April 1999. 2307 [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2308 Rose, M. and S. Waldbusser, "Conformance Statements for 2309 SMIv2", STD 58, RFC 2580, April 1999. 2311 [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple 2312 Network Management Protocol", STD 15, RFC 1157, May 1990. 2314 [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2315 "Introduction to Community-based SNMPv2", RFC 1901, January 2316 1996. 2318 [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2319 "Transport Mappings for Version 2 of the Simple Network 2320 Management Protocol (SNMPv2)", RFC 1906, January 1996. 2322 [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message 2323 Processing and Dispatching for the Simple Network Management 2324 Protocol (SNMP)", RFC 2572, April 1999. 2326 [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) 2327 for version 3 of the Simple Network Management Protocol 2328 (SNMPv3)", RFC 2574, April 1999. 2330 [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2331 "Protocol Operations for Version 2 of the Simple Network 2332 Management Protocol (SNMPv2)", RFC 1905, January 1996. 2334 [14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 2335 2573, April 1999. 2337 [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access 2338 Control Model (VACM) for the Simple Network Management 2339 Protocol (SNMP)", RFC 2575, April 1999. 2341 [16] Bradner, S., "The Internet Standards Process -- Revision 3", 2342 BCP 9, RFC 2026, October 1996. 2344 [17] Srisuresh, P. and Egevang, K., "Traditional IP Network Address 2345 Translator (Traditional NAT)", RFC 3022, January 2001. 2347 [18] Srisuresh, P. and M. Holdrege, "NAT Terminology and 2348 Considerations", RFC 2663, August 1999. 2350 [19] Daniele, M., Haberman, B., Routhier, S., Schoenwaelder, J., 2351 "Textual Conventions for Internet Network Addresses", RFC 2352 2851, June 2000. 2354 9. Acknowledgements 2356 The authors of this memo would like to thank Randy Turner for his 2357 valuable contribution to this MIB. 2359 10. Author's Addresses 2361 Rohit R. 2362 World Wide Packets 2363 115 North Sullivan Road 2364 Veradale, Spokane, WA 99037 2365 Phone: +1 509 242 9320 2366 Email: Rohit.Rohit@worldwidepackets.com 2368 Nalinaksh Pai 2369 Cisco Systems, Inc. 2370 Prestige Waterford 2371 No. 9, Brunton Road 2372 Bangalore - 560 025 2373 India 2374 Phone: +91 80 532 1300 extn. 6354 2375 Email: npai@cisco.com 2377 Rajiv Raghunarayan 2378 Cisco Systems, Inc. 2379 Prestige Waterford 2380 No. 9, Brunton Road 2381 Bangalore - 560 025 2382 India 2383 Phone: +91 80 532 1300 extn. 6314 2384 Email: rrajiv@cisco.com 2386 Cliff Wang 2387 SmartPipes Inc. 2388 Suite 300, 565 Metro Place South 2389 Dublin, OH 43017 2390 Phone: +1 614 923 6241 2391 Email: CWang@smartpipes.com 2393 P. Srisuresh 2394 Kuokoa networks 2395 2901 Tasman Drive, Suite 202 2396 Santa Clara, CA 95054 2397 Phone: +1 408 970 0000 2398 Email: srisuresh@yahoo.com 2400 11. Change History 2402 A record of changes which will be removed before publication. 2404 10 September 2001 2406 o Added the following objects to support notifications: 2407 natConfAddressRiseThreshold, natConfAddressFallThreshold, 2408 natAddrMapName and natPktDiscardReason. 2409 o Following notifications were added (there are still some 2410 unclear parameters though): 2411 natAddressUseRising and natPacketDiscard. 2413 10 November 2001 2415 o Dynamic and Static Address Map tables are Merged. 2417 o Protocol Extensibility added. 2419 o Rearrangement of OIDs done to get things in proper sequence. 2421 Full Copyright Statement 2422 "Copyright (C) The Internet Society (2000). All Rights Reserved. 2423 This document and translations of it may be copied and furnished to 2424 others, and derivative works that comment on or otherwise explain it 2425 or assist in its implementation may be prepared, copied, published 2426 and distributed, in whole or in part, without restriction of any 2427 kind, provided that the above copyright notice and this paragraph 2428 are included on all such copies and derivative works. However, this 2429 document itself may not be modified in any way, such as by removing 2430 the copyright notice or references to the Internet Society or other 2431 Internet organizations, except as needed for the purpose of 2432 developing Internet standards in which case the procedures for 2433 copyrights defined in the Internet Standards process must be 2434 followed, or as required to translate it into languages other than 2435 English. 2437 The limited permissions granted above are perpetual and will not be 2438 revoked by the Internet Society or its successors or assigns. 2440 This document and the information contained herein is provided on an 2441 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 2442 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 2443 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 2444 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 2445 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2447 Acknowledgement 2449 Funding for the RFC Editor function is currently provided by the 2450 Internet Society.