idnits 2.17.1 draft-ietf-nat-natmib-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 3 instances of too long lines in the document, the longest one being 3 characters in excess of 72. ** There are 3 instances of lines with control characters in the document. ** The abstract seems to contain references ([17]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 253 has weird spacing: '...O needs a cou...' == Line 817 has weird spacing: '...pecific natCo...' == Line 2258 has weird spacing: '...ce, the suppo...' == Couldn't figure out when the document was first submitted -- there may comments or warnings related to the use of a disclaimer for pre-RFC5378 work that could not be issued because of this. Please check the Legal Provisions document at https://trustee.ietf.org/license-info to determine if you need the pre-RFC5378 disclaimer. -- The document date (February 2002) is 8104 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '19' is defined on line 2345, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2571 (ref. '1') (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '4') ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '8') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '9') ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (ref. '11') (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (ref. '12') (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (ref. '13') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (ref. '14') (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (ref. '15') (Obsoleted by RFC 3415) ** Downref: Normative reference to an Informational RFC: RFC 3022 (ref. '17') ** Downref: Normative reference to an Informational RFC: RFC 2663 (ref. '18') ** Obsolete normative reference: RFC 2851 (ref. '19') (Obsoleted by RFC 3291) Summary: 19 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NAT Working Group R. Raghunarayan 2 INTERNET-DRAFT N. Pai 3 Expires August 2002 Cisco Systems, Inc. 4 R. Rohit 5 World Wide Packets, Inc. 6 C. Wang 7 SmartPipes, Inc. 8 P. Srisuresh 9 Kuokoa Networks, Inc 10 February 2002 12 Definitions of Managed Objects for Network Address Translators (NAT) 14 16 Status of this Memo 18 This document is an Internet-Draft and is in full conformance with 19 all provisions of Section 10 of RFC2026 [16]. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six 27 months and may be updated, replaced, or obsoleted by other 28 documents at any time. It is inappropriate to use Internet-Drafts 29 as reference material or to cite them other than as "work in 30 progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 38 Abstract 40 This memo defines an SMIv2 Management Information Base (MIB) for 41 a device implementing traditional NAT [17] function. This may be 42 used for configuration as well as monitoring of a device capable of 43 traditional NAT function. 45 Table of Contents 47 1 Introduction ................................................2 48 2 The Network Management Framework ............................2 49 3 Terminology .................................................3 50 4 Overview ....................................................3 51 5 Extending this MIB ..........................................5 52 6 Definitions .................................................6 53 7 Security Considerations ....................................48 54 8 References .................................................49 55 9 Acknowledgements ...........................................50 56 10 Author's Addresses .........................................51 57 11 Change History .............................................52 59 1. Introduction 61 This memo defines an SMIv2 Management Information Base (MIB) for 62 a device implementing traditional NAT [17] function. This may be 63 used for configuration as well as monitoring of a device capable of 64 traditional NAT function. 66 2. The Network Management Framework 68 The SNMP Management Framework presently consists of five major 69 components: 71 o An overall architecture, described in RFC 2571 [1]. 73 o Mechanisms for describing and naming objects and events for 74 the purpose of management. The first version of this Structure 75 of Management Information (SMI) is called SMIv1 and described 76 in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 77 [4]. The second version, called SMIv2, is described in STD 58, 78 RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7]. 80 o Message protocols for transferring management information. 81 The first version of the SNMP message protocol is called 82 SNMPv1 and is described in STD 15, RFC 1157 [8]. A second 83 version of the SNMP message protocol, which is not an Internet 84 standards track protocol, is called SNMPv2c and described in 85 RFC 1901 [9] and RFC 1906 [10]. The third version of the 86 message protocol is called SNMPv3 and described in RFC 1906 87 [10], RFC 2572 [11] and RFC 2574 [12]. 89 o Protocol operations for accessing management information. The 90 first set of protocol operations and associated PDU formats is 91 described in STD 15, RFC 1157 [8]. A second set of protocol 92 operations and associated PDU formats is described in RFC 1905 93 [13]. 94 o A set of fundamental applications described in RFC 2573 [14] 95 and the view-based access control mechanism described in RFC 96 2575 [15]. 98 Managed Objects are accessed via virtual information store, termed 99 the Management Information Base or MIB. Objects in the MIB are 100 defined using a subset of Abstract Syntax Notation One (ASN.1) 101 defined in the SMIv2. 103 This memo specifies a MIB module that is compliant to the SMIv2. A 104 MIB conforming to the SMIv1 can be produced through the appropriate 105 translations. The resulting translated MIB must be semantically 106 equivalent, except where objects or events are omitted because no 107 translation is possible (use of Counter64). Some machine readable 108 information in SMIv2 will be converted into textual descriptions in 109 SMIv1 during the translation process. However, this loss of 110 machine readable information is not considered to change the 111 semantics of the MIB. 113 3. Terminology 115 The terminology used throughout this document is mostly as per RFC 116 2663 [18]. 118 The term NAT has been used generically, throughout the document, 119 to represent both NAT and NAPT. In cases, where necessary, NAPT and 120 NAT will be used to mean port translation and address translation 121 respectively, and appropriate usage would be clear from the 122 context. 124 The terms public/private are used throughout the document in the 125 context of networks, while the terms local/global are used when 126 referring to addresses and ports. 128 4. Overview 130 The MIB module has been split into three groups: 132 o the configuration group, 133 o the translation group, and 134 o the statistics group. 136 The configuration group consists of five tables and seven scalars: 138 o the interface specific configuration table, which specifies the nat 139 config parameters for a specific interface. 141 o the address map table, which is an extension of the 142 generic configuration table, and specifies information required 143 to setup static and dynamic NAT. 144 o the protocol specific table, which specifies protocol specific NAT 145 configuration parameters. The table also provides extensibility 146 for the configuration of the newer protocols. 147 As tcp, udp and icmp have Idle Timeout as the common parameter 148 for the configuration, so it has been clubbed with the 149 natConfProtTable. 150 o the tcp nat config table, which specifies tcp related NAT 151 configuration parameters. 152 o the protocol specific five scalars which should be used in 153 absence of the protocol specific configuration tables. 154 o the two scalars are used to monitor address thresholds and 155 generate notifications when the thresholds are crossed. 157 The translation group consists of two scalars and three tables: 159 o the scalars, natAddrBindNumberOfEntries and 160 natAddrPortBindNumberOfEntries, hold the number of entries 161 the currently exist in the Address bind and the Address-Port 162 bind tables respectively. 163 o the Address bind table, which holds the currently active 164 address mappings. 165 o the Address-Port bind table, which holds the currently active 166 transport mappings. 167 o the session table, holds information regarding active NAT 168 sessions. 170 And finally, the statistics group consists of three tables: 172 o the Protocol stats table, which holds NAT statistics on a per 173 protocol basis. 174 o the Address Map stats table, which holds NAT statistics on a 175 per address map basis. 176 o the Interface stats table, which holds NAT statistics on a per 177 interface basis 179 There are also two notifications defined in the MIB: 181 o natAddressUseRising notifies the end user/manager of the address 182 usage exceeding a pre-defined threshold. 183 o And finally, natPacketDiscard notifies the end user/manager of 184 packets being discarded due to lack of address mappings. 186 5. Extending this MIB 188 The NAT MIB has currently been defined to support only TCP, UDP and 189 ICMP as protocols. There are, though, points in the MIB to hook in 190 support for other protocols in the future. 192 Following is the list of protocol specific information, identified at 193 this point, which could potentially require protocol specific 194 extensions to this mib: 196 o Each protocol could support its set of timers and/or other protocol 197 specific parameters for operation with NAT. 198 o Statistics could be maintained per protocol, and type of 199 statistics could be protocol specific. 201 To support the first requirement, the natConfTable consists of a 202 pointer (natConfProtConfigName) to a protocol configuration table, 203 natConfProtTable. The natConfProtTable consists of a pointer 204 (natConfProtSpecName) into a protocol specific configuration table. 205 The protocol specific configuration table can be used to 206 configure/retrieve protocol specific configuration parameters 207 pertaining to a NAT configuration. The natConfTcpTable, defined in 208 this mib module, is an example of a protocol specific configuration 209 table, which allows varying the TCP negotiation timeout for NAT. 211 To represent the configuration with an example, assume the existence 212 of the following row in the natConfTable, which contains a pointer to 213 a row in the protocol configuration table: 215 natConfInterfaceIndex = 1 216 natConfInterfaceRealm = private (1) 217 natConfServiceType = basicNat (1) 218 natConfProtConfigName = "Protocol Config 1" 219 natConfStorageType = nonVolatile (3) 220 natConfStatus = active (1) 222 The following row in natConfProtTable would contain a pointer to a row 223 in the TCP specific configuration table: 225 natConfProtName = "Protocol Config 1" 226 natConfProtType = tcp (5) 227 natConfProtSpecName = "TCP Config 1" 228 natConfProtIdleTimeout = 86400 229 natConfProtRowStatus = active (1) 231 And finally the following row in the TCP specific configuration table 232 would complete the TCP specific configuration: 234 natConfTcpName = "TCP Config 1" 235 natConfTcpNegTimeout = 120 236 natConfTcpRowStatus = active (1) 238 If a new protocol FOO needs to be supported, a new Protocol Specific 239 configuration table could be defined in a FOO-NAT-MIB, with the index 240 of the table being an SnmpAdminString that is referenced via 241 natConfProtSpecName in natConfProtTable. The protocol specific 242 configuration parameters could be defined in this table, and linked to 243 a NAT configuration by the aforementioned mechanism. 245 The natProtocolStatsTable, on the other hand, represents statistics on 246 a per protocol basis, where the protocol is one of those defined in 247 the NATProtocolType textual convention. Only the basic per protocol 248 statistics are represented via the NAT MIB. If any further protocol 249 specific statistics need to be defined, they could be defined in a 250 protocol specific statistics objects/table in the protocol specific 251 mib. 253 For e.g. if a protocol FOO needs a counter which represents the 254 packets rejected due to some event foobar, it would define a protocol 255 specific object fooNatFoobarReject in the FOO-NAT-MIB. 257 6. Definitions 259 NAT-MIB DEFINITIONS ::= BEGIN 261 IMPORTS 262 MODULE-IDENTITY, 263 OBJECT-TYPE, 264 Integer32, 265 Unsigned32, 266 Gauge32, 267 Counter32, 268 TimeTicks, 269 mib-2, 270 NOTIFICATION-TYPE 271 FROM SNMPv2-SMI 272 MODULE-COMPLIANCE, 273 NOTIFICATION-GROUP, 274 OBJECT-GROUP 275 FROM SNMPv2-CONF 276 StorageType, 277 RowStatus 278 FROM SNMPv2-TC 279 InterfaceIndex 280 FROM IF-MIB 281 SnmpAdminString 282 FROM SNMP-FRAMEWORK-MIB 283 InetAddressType, 284 InetAddress 285 FROM INET-ADDRESS-MIB 286 NATProtocolType 287 FROM NAT-TC; 289 natMIB MODULE-IDENTITY 290 LAST-UPDATED "200202070000Z" 291 ORGANIZATION "IETF NAT Working Group" 292 CONTACT-INFO 293 " Rohit 294 World Wide Packets 295 115 North Sullivan Road 296 Veradale, Spokane, WA 99037 297 Phone: +1 509 242 9320 298 Email: Rohit.Rohit@worldwidepackets.com 300 Nalinaksh Pai 301 Cisco Systems, Inc. 302 Prestige Waterford 303 No. 9, Brunton Road 304 Bangalore - 560 025 305 India 306 Phone: +91 80 532 1300 307 Email: npai@cisco.com 309 Rajiv Raghunarayan 310 Cisco Systems, Inc. 311 Prestige Waterford 312 No. 9, Brunton Road 313 Bangalore - 560 025 314 India 315 Phone: +91 80 532 1300 316 Email: rrajiv@cisco.com 318 Cliff Wang 319 SmartPipes Inc. 320 Suite 300, 565 Metro Place South 321 Dublin, OH 43017 322 Phone: +1 614 923 6241 323 Email: CWang@smartpipes.com 325 P. Srisuresh 326 Kuokoa networks 327 2901 Tasman Drive, Suite 202 328 Santa Clara, CA 95054 329 Phone: +1 408 970 0000 330 Email: srisuresh@yahoo.com 331 " 332 DESCRIPTION 333 "This MIB module defines the generic managed objects 334 for NAT." 335 REVISION "200202070000Z" -- 7th Feb. 2002 336 DESCRIPTION 337 "Merged the Config and Interface specific Tables. 338 Added the ability for the Management Station to 339 create/destroy nat address binds and sessions." 340 REVISION "200111090000Z" -- 9th Nov. 2001 341 DESCRIPTION 342 "Merged the Static and Dynamic addr Tables. 343 Protocol specific extensibility added." 344 REVISION "200109100000Z" 345 DESCRIPTION 346 "Notifications added." 347 REVISION "200103010000Z" 348 DESCRIPTION 349 "Initial version of this MIB module." 350 ::= { mib-2 xx } -- xx to be assigned by RFC-editor. 352 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } 354 -- 355 -- The Groups 356 -- o natConfig - Pertaining to NAT configuration information 357 -- o natTranslation - Pertaining to the NAT BINDs/sessions. 358 -- o natStatistics - NAT statistics, other than those maintained 359 -- by the Bind and Session tables. 360 -- 362 natConfig OBJECT IDENTIFIER ::= { natMIBObjects 1 } 363 natTranslation OBJECT IDENTIFIER ::= { natMIBObjects 2 } 364 natStatistics OBJECT IDENTIFIER ::= { natMIBObjects 3 } 366 -- 367 -- The Configuration Group 368 -- The NAT Generic Configuration Table 369 -- 371 natConfTable OBJECT-TYPE 372 SYNTAX SEQUENCE OF NatConfEntry 373 MAX-ACCESS not-accessible 374 STATUS current 375 DESCRIPTION 376 "This table specifies the configuration attributes for a 377 device supporting NAT function." 379 ::= { natConfig 1 } 381 natConfEntry OBJECT-TYPE 382 SYNTAX NatConfEntry 383 MAX-ACCESS not-accessible 384 STATUS current 385 DESCRIPTION 386 "Each entry in the natConfTable holds a set of 387 configuration parameters regarding the interface 388 on which NAT is enabled." 389 INDEX { natConfInterfaceIndex } 390 ::= { natConfTable 1 } 392 NatConfEntry ::= SEQUENCE { 393 natConfInterfaceIndex InterfaceIndex, 394 natConfInterfaceRealm INTEGER, 395 natConfServiceType INTEGER, 396 natConfAddrMapConfigName SnmpAdminString, 397 natConfProtConfigName SnmpAdminString, 398 natConfStorageType StorageType, 399 natConfStatus RowStatus 400 } 402 natConfInterfaceIndex OBJECT-TYPE 403 SYNTAX InterfaceIndex 404 MAX-ACCESS not-accessible 405 STATUS current 406 DESCRIPTION 407 "The ifIndex of the interface on which NAT is enabled." 408 ::= { natConfEntry 1 } 410 natConfInterfaceRealm OBJECT-TYPE 411 SYNTAX INTEGER { 412 private (1), 413 public (2) 414 } 415 MAX-ACCESS read-create 416 STATUS current 417 DESCRIPTION 418 "This object identifies whether this interface is 419 connected to the private or the public realm." 420 DEFVAL { public } 421 ::= { natConfEntry 2 } 423 natConfServiceType OBJECT-TYPE 424 SYNTAX INTEGER { 425 basicNat (1), 426 napt (2), 427 bidirectionalNat (3), 428 twiceNat (4), 429 multihomedNat (5) 430 } 431 MAX-ACCESS read-create 432 STATUS current 433 DESCRIPTION 434 "An indication of the direction in which new sessions 435 are permitted and the extent of translation done within 436 the IP and transport headers." 437 ::= { natConfEntry 3 } 439 natConfAddrMapConfigName OBJECT-TYPE 440 SYNTAX SnmpAdminString (SIZE(0..32)) 441 MAX-ACCESS read-create 442 STATUS current 443 DESCRIPTION 444 "This object selects a set of address maps 445 defined in the natConfAddrMapTable.The 446 selected set of addr maps are defined by entries in the 447 natConfAddrMapTable whose index value (natConfAddrMapName) 448 is equal to this object." 449 DEFVAL { ''H } 450 ::= { natConfEntry 4 } 452 natConfProtConfigName OBJECT-TYPE 453 SYNTAX SnmpAdminString (SIZE(0..32)) 454 MAX-ACCESS read-create 455 STATUS current 456 DESCRIPTION 457 "The index pointing to a set of protocol related 458 NAT parameters in natProtConfTable. 460 This object is used to point to protocol specific 461 configuration that can override any default settings." 462 DEFVAL { ''H } 463 ::= { natConfEntry 5 } 465 natConfStorageType OBJECT-TYPE 466 SYNTAX StorageType 467 MAX-ACCESS read-create 468 STATUS current 469 DESCRIPTION 470 "The storage type for this conceptual row." 471 REFERENCE 472 "Textual Conventions for SMIv2, Section 2." 473 DEFVAL { nonVolatile } 474 ::= { natConfEntry 6 } 476 natConfStatus OBJECT-TYPE 477 SYNTAX RowStatus 478 MAX-ACCESS read-create 479 STATUS current 480 DESCRIPTION 481 "The status of this conceptual row." 482 ::= { natConfEntry 7 } 484 -- 485 -- The Address Map Table 486 -- 488 natConfAddrMapTable OBJECT-TYPE 489 SYNTAX SEQUENCE OF NatConfAddrMapEntry 490 MAX-ACCESS not-accessible 491 STATUS current 492 DESCRIPTION 493 "This table lists address map configuration for NAT 494 entries." 495 ::= { natConfig 2 } 497 natConfAddrMapEntry OBJECT-TYPE 498 SYNTAX NatConfAddrMapEntry 499 MAX-ACCESS not-accessible 500 STATUS current 501 DESCRIPTION 502 "A description of a NAT entry. This entry 503 contributes to the dynamic or static NAT table of 504 the device." 505 INDEX { natConfAddrMapName, natConfAddrMapIndex } 506 ::= { natConfAddrMapTable 1 } 508 NatConfAddrMapEntry ::= SEQUENCE { 509 natConfAddrMapName SnmpAdminString, 510 natConfAddrMapIndex Integer32, 511 natConfAddrMapEntryType INTEGER, 512 natConfAddrMapDirection INTEGER, 513 natConfLocalAddrType InetAddressType, 514 natConfLocalAddrFrom InetAddress, 515 natConfLocalAddrTo InetAddress, 516 natConfLocalPortFrom Integer32, 517 natConfLocalPortTo Integer32, 518 natConfGlobalAddrType InetAddressType, 519 natConfGlobalAddrFrom InetAddress, 520 natConfGlobalAddrTo InetAddress, 521 natConfGlobalPortFrom Integer32, 522 natConfGlobalPortTo Integer32, 523 natConfProtocol BITS, 524 natConfAddrMapStorageType StorageType, 525 natConfAddrMapStatus RowStatus 526 } 528 natConfAddrMapName OBJECT-TYPE 529 SYNTAX SnmpAdminString (SIZE(1..32)) 530 MAX-ACCESS not-accessible 531 STATUS current 532 DESCRIPTION 533 "Name identifying a set of entries in this table. 534 The combination of natConfAddrMapName and 535 natConfAddrMapIndex uniquely identifies 536 an entry in this table." 537 ::= { natConfAddrMapEntry 1 } 539 natConfAddrMapIndex OBJECT-TYPE 540 SYNTAX Integer32 (1..2147483647) 541 MAX-ACCESS not-accessible 542 STATUS current 543 DESCRIPTION 544 "This object indentifies a unique entry in the 545 natConfAddrMapTable index by natConfAddrMapName. 546 Address map entries are applied in the order 547 specified by natConfAddrMapIndex." 548 ::= { natConfAddrMapEntry 2 } 550 natConfAddrMapEntryType OBJECT-TYPE 551 SYNTAX INTEGER { 552 static (1), 553 dynamic (2) 554 } 555 MAX-ACCESS read-create 556 STATUS current 557 DESCRIPTION 558 "The config can be used to set up static NAT or dynamic 559 NAT." 560 ::= { natConfAddrMapEntry 3 } 562 natConfAddrMapDirection OBJECT-TYPE 563 SYNTAX INTEGER { 564 inbound (1), 565 outbound (2), 566 both (3) 567 } 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "Address (and Transport-ID) maps may be defined for both 572 inbound and outbound direction. 573 Outbound address map refers to mapping a selected set of 574 addresses from private realm to a selected set of 575 addresses in external realm, whereas inbound address map 576 refers to mapping a set of addresses from the external 577 realm to private realm." 578 ::= { natConfAddrMapEntry 4 } 580 natConfLocalAddrType OBJECT-TYPE 581 SYNTAX InetAddressType 582 MAX-ACCESS read-create 583 STATUS current 584 DESCRIPTION 585 "This object specifies the address type used for 586 natConfLocalAddr." 587 ::= { natConfAddrMapEntry 5 } 589 natConfLocalAddrFrom OBJECT-TYPE 590 SYNTAX InetAddress 591 MAX-ACCESS read-create 592 STATUS current 593 DESCRIPTION 594 "This object specifies the first IP address of the range 595 of IP addresses mapped by this translation entry." 596 ::= { natConfAddrMapEntry 6 } 598 natConfLocalAddrTo OBJECT-TYPE 599 SYNTAX InetAddress 600 MAX-ACCESS read-create 601 STATUS current 602 DESCRIPTION 603 "This object specifies the last IP address of the range of 604 IP addresses mapped by this translation entry. If only 605 a single address being mapped, the value of this object 606 is equal to the value of natConfLocalAddrFrom. For a 607 static NAT the number of addresses in the range defined 608 by natConfLocalAddrFrom and natConfLocalAddrTo should be 609 equal to the number of addresses in the range defined by 610 natConfGlobalAddrFrom and natConfGlobalAddrTo." 611 ::= { natConfAddrMapEntry 7 } 613 natConfLocalPortFrom OBJECT-TYPE 614 SYNTAX Integer32 (0..65535) 615 MAX-ACCESS read-create 616 STATUS current 617 DESCRIPTION 618 "If this conceptual row describes a NAT, then the value 619 of this object is '0'. If this conceptual row 620 describes NAPT, then the value of this object specifies 621 the first port number in the range of ports being 622 mapped. 624 If the translation specifies a single port, then 625 the value of this object is equal to the value of 626 natConfLocalPortTo." 627 ::= { natConfAddrMapEntry 8 } 629 natConfLocalPortTo OBJECT-TYPE 630 SYNTAX Integer32 (0..65535) 631 MAX-ACCESS read-create 632 STATUS current 633 DESCRIPTION 634 "If this conceptual row describes a NAT, then the value 635 of this object is '0'. If this conceptual row 636 describes NAPT, then the value of this object specifies 637 the last port number in the range of ports being mapped. 638 If the translation specifies a single port, then the 639 value of this object is equal to the value of 640 natConfLocalPortFrom." 641 ::= { natConfAddrMapEntry 9 } 643 natConfGlobalAddrType OBJECT-TYPE 644 SYNTAX InetAddressType 645 MAX-ACCESS read-create 646 STATUS current 647 DESCRIPTION 648 "This object specifies the address type used for 649 natConfGlobalAddrFrom." 650 ::= { natConfAddrMapEntry 10 } 652 natConfGlobalAddrFrom OBJECT-TYPE 653 SYNTAX InetAddress 654 MAX-ACCESS read-create 655 STATUS current 656 DESCRIPTION 657 "This object specifies the first IP address of the range of 658 IP addresses being mapped to." 659 ::= { natConfAddrMapEntry 11 } 661 natConfGlobalAddrTo OBJECT-TYPE 662 SYNTAX InetAddress 663 MAX-ACCESS read-create 664 STATUS current 665 DESCRIPTION 666 "This object specifies the last IP address of the range of 667 IP addresses being mapped to. If only a single address is 668 being mapped to, the value of this object is equal to the 669 value of natConfGlobalAddrFrom. For a static NAT the 670 number of addresses in the range defined by 671 natConfGlobalAddrFrom and natConfGlobalAddrTo should be 672 equal to the number of addresses in the range defined by 673 natConfLocalAddrFrom and natConfLocalAddrTo." 674 ::= { natConfAddrMapEntry 12 } 676 natConfGlobalPortFrom OBJECT-TYPE 677 SYNTAX Integer32 (0..65535) 678 MAX-ACCESS read-create 679 STATUS current 680 DESCRIPTION 681 "If this conceptual row describes a NAT, then the value 682 of this object is '0'. If this conceptual row 683 describes NAPT, then the value of this object specifies 684 the first port number in the range of ports being mapped 685 to. If the translation specifies a single port, then the 686 value of this object is equal to the value 687 natConfGlobalPortTo." 688 ::= { natConfAddrMapEntry 13 } 690 natConfGlobalPortTo OBJECT-TYPE 691 SYNTAX Integer32 (0..65535) 692 MAX-ACCESS read-create 693 STATUS current 694 DESCRIPTION 695 "If this conceptual row describes a NAT, then the value 696 of this object is '0'. If this conceptual describes 697 NAPT, then the value of this object specifies the last 698 port number in the range of ports being to. If the 699 translation specifies a single port, then the value of 700 this object is equal to the value of 701 natConfGlobalPortFrom." 702 ::= { natConfAddrMapEntry 14 } 704 natConfProtocol OBJECT-TYPE 705 SYNTAX BITS { 706 all (0), 707 other (1), 708 icmp (2), 709 udp (3), 710 tcp (4) 711 } 712 MAX-ACCESS read-create 713 STATUS current 714 DESCRIPTION 715 "This object specifies a protocol identifier. If the 716 value of this object is '0', then this NAT entry 717 applies to all IP traffic. If the value of this object 718 is non-zero, then this NAT entry only applies to IP 719 traffic with the specified protocol." 720 ::= { natConfAddrMapEntry 15 } 722 natConfAddrMapStorageType OBJECT-TYPE 723 SYNTAX StorageType 724 MAX-ACCESS read-create 725 STATUS current 726 DESCRIPTION 727 "The storage type for this conceptual row." 728 REFERENCE 729 "Textual Conventions for SMIv2, Section 2." 730 DEFVAL { nonVolatile } 731 ::= { natConfAddrMapEntry 16 } 733 natConfAddrMapStatus OBJECT-TYPE 734 SYNTAX RowStatus 735 MAX-ACCESS read-create 736 STATUS current 737 DESCRIPTION 738 "The status of this conceptual row." 739 ::= { natConfAddrMapEntry 17 } 741 -- 742 -- UDP related NAT configuration 743 -- 745 natConfUdpDefIdleTimeout OBJECT-TYPE 746 SYNTAX Integer32 (0..2147483647) 747 UNITS "seconds" 748 MAX-ACCESS read-write 749 STATUS current 750 DESCRIPTION 751 "The default UDP idle timeout parameter. 752 This applies to all NAT configuration unless 753 overridden by a more specific value in the 754 natConfProtTable." 755 DEFVAL { 300 } 756 ::= { natConfig 3 } 758 -- 759 -- ICMP related NAT configuration 760 -- 761 natConfIcmpDefIdleTimeout OBJECT-TYPE 762 SYNTAX Integer32 (0..2147483647) 763 UNITS "seconds" 764 MAX-ACCESS read-write 765 STATUS current 766 DESCRIPTION 767 "The default ICMP idle timeout parameter. This applies to 768 all NAT configuration unless overridden by a more 769 specific value in the natConfProtTable." 770 DEFVAL { 86400 } 771 ::= { natConfig 4 } 773 -- 774 -- Other protocol parameters 775 -- 777 natConfOtherDefIdleTimeout OBJECT-TYPE 778 SYNTAX Integer32 (0..2147483647) 779 UNITS "seconds" 780 MAX-ACCESS read-write 781 STATUS current 782 DESCRIPTION 783 "The default idle timeout parameter for protocols not 784 defined in NATProtocolType. This applies to all NAT 785 configuration unless overridden by a more specific 786 value in the natConfProtTable." 787 DEFVAL { 60 } 788 ::= { natConfig 5 } 790 -- 791 -- TCP related NAT configuration 792 -- 794 natConfTcpDefIdleTimeout OBJECT-TYPE 795 SYNTAX Integer32 (0..2147483647) 796 UNITS "seconds" 797 MAX-ACCESS read-write 798 STATUS current 799 DESCRIPTION 800 "The default TCP idle timeout parameter. This applies to 801 all NAT configuration unless overridden by a more 802 specific value in the natConfProtTable." 803 DEFVAL { 86400 } 804 ::= { natConfig 6 } 806 natConfTcpDefNegTimeout OBJECT-TYPE 807 SYNTAX Integer32 (0..2147483647) 808 UNITS "seconds" 809 MAX-ACCESS read-write 810 STATUS current 811 DESCRIPTION 812 "The default interval of time for which a TCP protocol 813 session, is allowed to remain valid without any 814 activity. This timeout value applies to a TCP session 815 during its establishment and termination phases. 816 This value is taken into account in the absence of a 817 more specific natConfTcpNegTimeout defined in the 818 natConfTcpTable." 819 DEFVAL { 60 } 820 ::= { natConfig 7 } 822 -- 823 -- NAT per protocol config table. 824 -- 826 natConfProtTable OBJECT-TYPE 827 SYNTAX SEQUENCE OF NatConfProtEntry 828 MAX-ACCESS not-accessible 829 STATUS current 830 DESCRIPTION 831 "This table holds pointers to protocol specific parameters 832 required by NAT." 833 ::= { natConfig 8 } 835 natConfProtEntry OBJECT-TYPE 836 SYNTAX NatConfProtEntry 837 MAX-ACCESS not-accessible 838 STATUS current 839 DESCRIPTION 840 "Each entry in natConfProtTable points to a protocol 841 specific table which holds parameters that are required 842 for NAT configuration." 843 INDEX { natConfProtName, natConfProtType } 844 ::= { natConfProtTable 1 } 846 NatConfProtEntry ::= SEQUENCE { 847 natConfProtName SnmpAdminString, 848 natConfProtType NATProtocolType, 849 natConfProtSpecName SnmpAdminString, 850 natConfProtIdleTimeout Integer32, 851 natConfProtRowStatus RowStatus 852 } 854 natConfProtName OBJECT-TYPE 855 SYNTAX SnmpAdminString (SIZE(0..32)) 856 MAX-ACCESS not-accessible 857 STATUS current 858 DESCRIPTION 859 "Name identifying a set of entries in this table that 860 point to protocol specific NAT configuration. The 861 combination of natConfProtName and natConfProtType 862 uniquely identifies an entry in this table." 863 ::= { natConfProtEntry 1 } 865 natConfProtType OBJECT-TYPE 866 SYNTAX NATProtocolType 867 MAX-ACCESS not-accessible 868 STATUS current 869 DESCRIPTION 870 "Identifies the protocol type. 871 natConfProtSpecName points to an entry in the protocol 872 specific table. For e.g if natConfProtType is set to 873 'tcp', natConfProtSpecName points to an entry in the 874 natConfTcpTable." 875 ::= { natConfProtEntry 2 } 877 natConfProtSpecName OBJECT-TYPE 878 SYNTAX SnmpAdminString (SIZE(0..32)) 879 MAX-ACCESS read-create 880 STATUS current 881 DESCRIPTION 882 "Index of an entry in the protocol specific table 883 identified by natConfProtType." 884 ::= { natConfProtEntry 3 } 886 natConfProtIdleTimeout OBJECT-TYPE 887 SYNTAX Integer32 (0..2147483647) 888 UNITS "seconds" 889 MAX-ACCESS read-create 890 STATUS current 891 DESCRIPTION 892 "The interval of time for which the protocol session, 893 associated with this configuration, is allowed to remain 894 valid without any activity." 895 DEFVAL { 86400 } 896 ::= { natConfProtEntry 4 } 898 natConfProtRowStatus OBJECT-TYPE 899 SYNTAX RowStatus 900 MAX-ACCESS read-create 901 STATUS current 902 DESCRIPTION 903 "The status of this conceptual row." 904 ::= { natConfProtEntry 5 } 906 natConfTcpTable OBJECT-TYPE 907 SYNTAX SEQUENCE OF NatConfTcpEntry 908 MAX-ACCESS not-accessible 909 STATUS current 910 DESCRIPTION 911 "This table holds TCP related NAT configuration entries 912 which are pointed to by entries in the natConfProtTable 913 having a natConfProtSpecType of 'tcp'." 914 ::= { natConfig 9 } 916 natConfTcpEntry OBJECT-TYPE 917 SYNTAX NatConfTcpEntry 918 MAX-ACCESS not-accessible 919 STATUS current 920 DESCRIPTION 921 "Each entry contains TCP related NAT parameters. An entry 922 in this table is pointed to by an entry in the 923 natConfProtTable." 924 INDEX { natConfTcpName } 925 ::= { natConfTcpTable 1 } 927 NatConfTcpEntry ::= SEQUENCE { 928 natConfTcpName SnmpAdminString, 929 natConfTcpNegTimeout Integer32, 930 natConfTcpRowStatus RowStatus 931 } 933 natConfTcpName OBJECT-TYPE 934 SYNTAX SnmpAdminString (SIZE(0..32)) 935 MAX-ACCESS not-accessible 936 STATUS current 937 DESCRIPTION 938 "Uniquely identifies an entry in this table." 939 ::= { natConfTcpEntry 1 } 941 natConfTcpNegTimeout OBJECT-TYPE 942 SYNTAX Integer32 (0..2147483647) 943 UNITS "seconds" 944 MAX-ACCESS read-create 945 STATUS current 946 DESCRIPTION 947 "The interval of time for which a TCP protocol session, 948 associated with this configuration, is allowed to remain 949 valid without any activity. This timeout value applies 950 to a TCP session during its establishment and termination 951 phases." 952 -- 1 minute 953 DEFVAL { 60 } 954 ::= { natConfTcpEntry 2 } 955 natConfTcpRowStatus OBJECT-TYPE 956 SYNTAX RowStatus 957 MAX-ACCESS read-create 958 STATUS current 959 DESCRIPTION 960 "The status of this conceptual row." 961 ::= { natConfTcpEntry 3 } 963 -- 964 -- Notification thresholds 965 -- 967 natConfAddressRiseThreshold OBJECT-TYPE 968 SYNTAX Unsigned32 (0..100) 969 UNITS "percentage" 970 MAX-ACCESS read-write 971 STATUS current 972 DESCRIPTION 973 "This objects represents the rising threshold value for 974 generation of the natAddressUseRising notification. A 975 notification is generated whenever the usage percentage 976 of the address map is equal to or greater than 977 natConfAddressRiseThreshold. 979 Notifications should not be generated when the value of 980 this object is 0." 981 DEFVAL { 0 } 982 ::= { natConfig 10 } 984 natConfAddressFallThreshold OBJECT-TYPE 985 SYNTAX Unsigned32 (0..100) 986 UNITS "percentage" 987 MAX-ACCESS read-write 988 STATUS current 989 DESCRIPTION 990 "This object represents the falling threshold value for 991 generation of the natAddressUseRising notification. 992 This object only represents the lower end of the 993 hysteresis curve, and notifications are not generated when 994 this threshold is crossed." 995 DEFVAL { 0 } 996 ::= { natConfig 11 } 998 -- 999 -- The Translation Group 1000 -- 1001 -- 1002 -- Address Bind section 1003 -- 1005 natAddrBindNumberOfEntries OBJECT-TYPE 1006 SYNTAX Gauge32 1007 MAX-ACCESS read-only 1008 STATUS current 1009 DESCRIPTION 1010 "This object maintains a count of the number of entries 1011 that currently exist in the natAddrBindTable." 1012 ::= { natTranslation 1 } 1014 -- 1015 -- The NAT Address BIND Table 1016 -- 1018 natAddrBindTable OBJECT-TYPE 1019 SYNTAX SEQUENCE OF NatAddrBindEntry 1020 MAX-ACCESS not-accessible 1021 STATUS current 1022 DESCRIPTION 1023 "This table holds information about the currently 1024 active NAT BINDs." 1025 ::= { natTranslation 2 } 1027 natAddrBindEntry OBJECT-TYPE 1028 SYNTAX NatAddrBindEntry 1029 MAX-ACCESS not-accessible 1030 STATUS current 1031 DESCRIPTION 1032 "Each entry in the NAT BIND table holds information 1033 about a NAT BIND that is currently active." 1034 INDEX { natAddrBindLocalAddrType, natAddrBindLocalAddr } 1035 ::= { natAddrBindTable 1 } 1037 NatAddrBindEntry ::= SEQUENCE { 1038 natAddrBindLocalAddrType InetAddressType, 1039 natAddrBindLocalAddr InetAddress, 1040 natAddrBindGlobalAddrType InetAddressType, 1041 natAddrBindGlobalAddr InetAddress, 1042 natAddrBindId Unsigned32, 1043 natAddrBindDirection INTEGER, 1044 natAddrBindType INTEGER, 1045 natAddrBindAddrMapName SnmpAdminString, 1046 natAddrBindSessionCount Gauge32, 1047 natAddrBindCurrentIdleTime TimeTicks, 1048 natAddrBindInTranslate Counter32, 1049 natAddrBindOutTranslate Counter32, 1050 natAddrBindStatus RowStatus 1051 } 1053 natAddrBindLocalAddrType OBJECT-TYPE 1054 SYNTAX InetAddressType 1055 MAX-ACCESS not-accessible 1056 STATUS current 1057 DESCRIPTION 1058 "This object specifies the address type used for 1059 natAddrBindLocalAddr." 1060 ::= { natAddrBindEntry 1 } 1062 natAddrBindLocalAddr OBJECT-TYPE 1063 SYNTAX InetAddress 1064 MAX-ACCESS not-accessible 1065 STATUS current 1066 DESCRIPTION 1067 "This object represents the private-realm specific network 1068 layer address, which maps to the public-realm address 1069 represented by natAddrBindGlobalAddr." 1070 ::= { natAddrBindEntry 2 } 1072 natAddrBindGlobalAddrType OBJECT-TYPE 1073 SYNTAX InetAddressType 1074 MAX-ACCESS read-create 1075 STATUS current 1076 DESCRIPTION 1077 "This object specifies the address type used for 1078 natAddrBindGlobalAddr." 1079 ::= { natAddrBindEntry 3 } 1081 natAddrBindGlobalAddr OBJECT-TYPE 1082 SYNTAX InetAddress 1083 MAX-ACCESS read-create 1084 STATUS current 1085 DESCRIPTION 1086 "This object represents the public-realm network layer 1087 address that maps to the private-realm network layer 1088 address represented by natAddrBindLocalAddr." 1089 ::= { natAddrBindEntry 4 } 1091 natAddrBindId OBJECT-TYPE 1092 SYNTAX Unsigned32 1093 MAX-ACCESS read-only 1094 STATUS current 1095 DESCRIPTION 1096 "This object represents a BIND id that is dynamically 1097 assigned to each BIND by a NAT enabled device. Each 1098 BIND is represented by a BIND id that is 1099 unique across both, the Address bind and the 1100 Address-Port bind tables." 1101 ::= { natAddrBindEntry 5 } 1103 natAddrBindDirection OBJECT-TYPE 1104 SYNTAX INTEGER { 1105 uniDirectional (1), 1106 biDirectional (2) 1107 } 1108 MAX-ACCESS read-create 1109 STATUS current 1110 DESCRIPTION 1111 "This object represents the direction of the BIND. 1112 A BIND may be either uni-directional or bi-directional, 1113 same as the orientation of the address map, based on 1114 which this bind is formed." 1115 ::= { natAddrBindEntry 6 } 1117 natAddrBindType OBJECT-TYPE 1118 SYNTAX INTEGER { 1119 static (1), 1120 dynamic (2) 1121 } 1122 MAX-ACCESS read-create 1123 STATUS current 1124 DESCRIPTION 1125 "This object indicates whether the BIND is static or 1126 dynamic." 1127 ::= { natAddrBindEntry 7 } 1129 natAddrBindAddrMapName OBJECT-TYPE 1130 SYNTAX SnmpAdminString (SIZE(1..32)) 1131 MAX-ACCESS read-create 1132 STATUS current 1133 DESCRIPTION 1134 "This object is a pointer to the natConfAddrMapTable entry (and 1135 the parameters of that entry) which was used in creating 1136 this BIND. If the bind is being created by the Management 1137 Station, then it should set the value for this object to an 1138 existing addrMapName. An attempt to set this object 1139 to a nonExistent addrMapName will result in badValue 1140 error." 1141 ::= { natAddrBindEntry 8 } 1143 natAddrBindSessionCount OBJECT-TYPE 1144 SYNTAX Gauge32 1145 MAX-ACCESS read-only 1146 STATUS current 1147 DESCRIPTION 1148 "Number of sessions currently using this BIND." 1149 ::= { natAddrBindEntry 9 } 1151 natAddrBindCurrentIdleTime OBJECT-TYPE 1152 SYNTAX TimeTicks 1153 MAX-ACCESS read-only 1154 STATUS current 1155 DESCRIPTION 1156 "At any given instance of time, this object indicates the 1157 time that this BIND has been idle with no sessions 1158 attached to it. 1160 The value of this object is of relevance 1161 only for dynamic NAT." 1162 ::= { natAddrBindEntry 10 } 1164 natAddrBindInTranslate OBJECT-TYPE 1165 SYNTAX Counter32 1166 MAX-ACCESS read-only 1167 STATUS current 1168 DESCRIPTION 1169 "The number of inbound packets that were successfully 1170 translated using this BIND entry." 1171 ::= { natAddrBindEntry 11 } 1173 natAddrBindOutTranslate OBJECT-TYPE 1174 SYNTAX Counter32 1175 MAX-ACCESS read-only 1176 STATUS current 1177 DESCRIPTION 1178 "The number of outbound packets that were successfully 1179 translated using this BIND entry." 1180 ::= { natAddrBindEntry 12 } 1182 natAddrBindStatus OBJECT-TYPE 1183 SYNTAX RowStatus 1184 MAX-ACCESS read-create 1185 STATUS current 1186 DESCRIPTION 1187 "The status of this conceptual row." 1188 ::= { natAddrBindEntry 13 } 1190 -- 1191 -- Address-Port Bind section 1192 -- 1193 natAddrPortBindNumberOfEntries OBJECT-TYPE 1194 SYNTAX Gauge32 1195 MAX-ACCESS read-only 1196 STATUS current 1197 DESCRIPTION 1198 "This object maintains a count of the number of entries 1199 that currently exist in the natAddrPortBindTable." 1200 ::= { natTranslation 3 } 1202 -- 1203 -- The NAT Address-Port BIND Table 1204 -- 1206 natAddrPortBindTable OBJECT-TYPE 1207 SYNTAX SEQUENCE OF NatAddrPortBindEntry 1208 MAX-ACCESS not-accessible 1209 STATUS current 1210 DESCRIPTION 1211 "This table holds information about the currently 1212 active NAPT BINDs." 1213 ::= { natTranslation 4 } 1215 natAddrPortBindEntry OBJECT-TYPE 1216 SYNTAX NatAddrPortBindEntry 1217 MAX-ACCESS not-accessible 1218 STATUS current 1219 DESCRIPTION 1220 "Each entry in the this table holds information 1221 about a NAPT BIND that is currently active." 1222 INDEX { natAddrPortBindLocalAddrType, natAddrPortBindLocalAddr, 1223 natAddrPortBindLocalPort, natAddrPortBindProtocol } 1224 ::= { natAddrPortBindTable 1 } 1226 NatAddrPortBindEntry ::= SEQUENCE { 1227 natAddrPortBindLocalAddrType InetAddressType, 1228 natAddrPortBindLocalAddr InetAddress, 1229 natAddrPortBindLocalPort Integer32, 1230 natAddrPortBindProtocol NATProtocolType, 1231 natAddrPortBindGlobalAddrType InetAddressType, 1232 natAddrPortBindGlobalAddr InetAddress, 1233 natAddrPortBindGlobalPort Integer32, 1234 natAddrPortBindId Unsigned32, 1235 natAddrPortBindDirection INTEGER, 1236 natAddrPortBindType INTEGER, 1237 natAddrPortBindAddrMapName SnmpAdminString, 1238 natAddrPortBindSessionCount Gauge32, 1239 natAddrPortBindCurrentIdleTime TimeTicks, 1240 natAddrPortBindInTranslate Counter32, 1241 natAddrPortBindOutTranslate Counter32, 1242 natAddrPortBindStatus RowStatus 1243 } 1245 natAddrPortBindLocalAddrType OBJECT-TYPE 1246 SYNTAX InetAddressType 1247 MAX-ACCESS not-accessible 1248 STATUS current 1249 DESCRIPTION 1250 "This object specifies the address type used for 1251 natAddrPortBindLocalAddr." 1252 ::= { natAddrPortBindEntry 1 } 1254 natAddrPortBindLocalAddr OBJECT-TYPE 1255 SYNTAX InetAddress 1256 MAX-ACCESS not-accessible 1257 STATUS current 1258 DESCRIPTION 1259 "This object represents the private-realm specific network 1260 layer address which, in conjunction with 1261 natAddrPortBindLocalPort, maps to the public-realm 1262 network layer address and transport id represented by 1263 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort 1264 respectively." 1265 ::= { natAddrPortBindEntry 2 } 1267 natAddrPortBindLocalPort OBJECT-TYPE 1268 SYNTAX Integer32(0..65535) 1269 MAX-ACCESS not-accessible 1270 STATUS current 1271 DESCRIPTION 1272 "This object represents the private-realm specific port 1273 number (or query ID in case of ICMP messages) which, in 1274 conjunction with natAddrPortBindLocalAddr, maps to the 1275 public-realm network layer address and transport id 1276 represented by natAddrPortBindGlobalAddr and 1277 natAddrPortBindGlobalPort respectively." 1278 ::= { natAddrPortBindEntry 3 } 1280 natAddrPortBindProtocol OBJECT-TYPE 1281 SYNTAX NATProtocolType 1282 MAX-ACCESS not-accessible 1283 STATUS current 1284 DESCRIPTION 1285 "This object specifies a protocol identifier. If the 1286 value of this object is none(1), then this BIND entry 1287 applies to all IP traffic. Any other value of this object 1288 specifies the class of IP traffic to which this BIND 1289 applies." 1290 ::= { natAddrPortBindEntry 4 } 1292 natAddrPortBindGlobalAddrType OBJECT-TYPE 1293 SYNTAX InetAddressType 1294 MAX-ACCESS read-create 1295 STATUS current 1296 DESCRIPTION 1297 "This object specifies the address type used for 1298 natAddrPortBindGlobalAddr." 1299 ::= { natAddrPortBindEntry 5 } 1301 natAddrPortBindGlobalAddr OBJECT-TYPE 1302 SYNTAX InetAddress 1303 MAX-ACCESS read-create 1304 STATUS current 1305 DESCRIPTION 1306 "This object represents the public-realm specific network 1307 layer address that, in conjunction with 1308 natAddrPortBindGlobalPort, maps to the private-realm 1309 network layer address and transport id represented by 1310 natAddrPortBindLocalAddr and natAddrPortBindLocalPort 1311 respectively." 1312 ::= { natAddrPortBindEntry 6 } 1314 natAddrPortBindGlobalPort OBJECT-TYPE 1315 SYNTAX Integer32(0..65535) 1316 MAX-ACCESS read-create 1317 STATUS current 1318 DESCRIPTION 1319 "This object represents the port number (or query id in 1320 case of ICMP) that, in conjunction with 1321 natAddrPortBindGlobalAddr, maps to the private-realm 1322 network layer address and transport id represented by 1323 natAddrPortBindLocalAddr and natAddrPortBindLocalPort 1324 respectively." 1325 ::= { natAddrPortBindEntry 7 } 1327 natAddrPortBindId OBJECT-TYPE 1328 SYNTAX Unsigned32 1329 MAX-ACCESS read-only 1330 STATUS current 1331 DESCRIPTION 1332 "This object represents a BIND id that is dynamically 1333 assigned to each BIND by a NAT enabled device. Each 1334 BIND is represented by a unique BIND id across both, 1335 the Address Bind and Address-Port Bind tables." 1336 ::= { natAddrPortBindEntry 8 } 1338 natAddrPortBindDirection OBJECT-TYPE 1339 SYNTAX INTEGER { 1340 uniDirectional (1), 1341 biDirectional (2) 1342 } 1343 MAX-ACCESS read-create 1344 STATUS current 1345 DESCRIPTION 1346 "This object represents the direction of the BIND. A 1347 BIND may be either uni-directional or bi-directional, 1348 same as the orientation of the address map, based on 1349 which this bind is formed." 1350 ::= { natAddrPortBindEntry 9 } 1352 natAddrPortBindType OBJECT-TYPE 1353 SYNTAX INTEGER { 1354 static (1), 1355 dynamic (2) 1356 } 1357 MAX-ACCESS read-create 1358 STATUS current 1359 DESCRIPTION 1360 "This object indicates whether the BIND is static or 1361 dynamic." 1362 ::= { natAddrPortBindEntry 10 } 1364 natAddrPortBindAddrMapName OBJECT-TYPE 1365 SYNTAX SnmpAdminString 1366 MAX-ACCESS read-create 1367 STATUS current 1368 DESCRIPTION 1369 "This object is a pointer to the NatConfAddrMapEntry entry (and 1370 the parameters of that entry) which was used in creating 1371 this BIND. If the bind is being created by the Management 1372 Station, then it should set the value for this object as well. 1373 An attempt to set this object to a nonExistent addrMapName 1374 will result in badValue error." 1375 ::= { natAddrPortBindEntry 11 } 1377 natAddrPortBindSessionCount OBJECT-TYPE 1378 SYNTAX Gauge32 1379 MAX-ACCESS read-only 1380 STATUS current 1381 DESCRIPTION 1382 "Number of sessions currently using this BIND." 1383 ::= { natAddrPortBindEntry 12 } 1385 natAddrPortBindCurrentIdleTime OBJECT-TYPE 1386 SYNTAX TimeTicks 1387 MAX-ACCESS read-only 1388 STATUS current 1389 DESCRIPTION 1390 "At any given instance of time, this object indicates the 1391 time that this BIND has been idle with no sessions 1392 attached to it. The value of this object is of relevance 1393 only for dynamic NAT." 1394 ::= { natAddrPortBindEntry 13 } 1396 natAddrPortBindInTranslate OBJECT-TYPE 1397 SYNTAX Counter32 1398 MAX-ACCESS read-only 1399 STATUS current 1400 DESCRIPTION 1401 "The number of inbound packets that were translated as per 1402 this BIND entry." 1403 ::= { natAddrPortBindEntry 14 } 1405 natAddrPortBindOutTranslate OBJECT-TYPE 1406 SYNTAX Counter32 1407 MAX-ACCESS read-only 1408 STATUS current 1409 DESCRIPTION 1410 "The number of outbound packets that were translated as per 1411 this BIND entry." 1412 ::= { natAddrPortBindEntry 15 } 1414 natAddrPortBindStatus OBJECT-TYPE 1415 SYNTAX RowStatus 1416 MAX-ACCESS read-create 1417 STATUS current 1418 DESCRIPTION 1419 "The status of this conceptual row." 1420 ::= { natAddrPortBindEntry 16 } 1422 -- 1423 -- The Session Table 1424 -- 1426 natSessionTable OBJECT-TYPE 1427 SYNTAX SEQUENCE OF NatSessionEntry 1428 MAX-ACCESS not-accessible 1429 STATUS current 1430 DESCRIPTION 1431 "The (conceptual) table containing one entry for each 1432 NAT session currently active on this NAT device." 1434 ::= { natTranslation 5 } 1436 natSessionEntry OBJECT-TYPE 1437 SYNTAX NatSessionEntry 1438 MAX-ACCESS not-accessible 1439 STATUS current 1440 DESCRIPTION 1441 "An entry (conceptual row) containing information 1442 about an active NAT session on this NAT device." 1443 INDEX { natSessionBindId, natSessionId } 1444 ::= { natSessionTable 1 } 1446 NatSessionEntry ::= SEQUENCE { 1447 natSessionBindId Unsigned32, 1448 natSessionId Unsigned32, 1449 natSessionDirection INTEGER, 1450 natSessionUpTime TimeTicks, 1451 natSessionProtocolType NATProtocolType, 1452 natSessionOrigPrivateAddrType InetAddressType, 1453 natSessionOrigPrivateAddr InetAddress, 1454 natSessionTransPrivateAddrType InetAddressType, 1455 natSessionTransPrivateAddr InetAddress, 1456 natSessionOrigPrivatePort Integer32, 1457 natSessionTransPrivatePort Integer32, 1458 natSessionOrigPublicAddrType InetAddressType, 1459 natSessionOrigPublicAddr InetAddress, 1460 natSessionTransPublicAddrType InetAddressType, 1461 natSessionTransPublicAddr InetAddress, 1462 natSessionOrigPublicPort Integer32, 1463 natSessionTransPublicPort Integer32, 1464 natSessionCurrentIdletime TimeTicks, 1465 natSessionSecondBindId Unsigned32, 1466 natSessionInTranslate Counter32, 1467 natSessionOutTranslate Counter32, 1468 natSessionStatus RowStatus 1469 } 1471 natSessionBindId OBJECT-TYPE 1472 SYNTAX Unsigned32 1473 MAX-ACCESS not-accessible 1474 STATUS current 1475 DESCRIPTION 1476 "This object represents a BIND id that is dynamically 1477 assigned to each BIND by a NAT enabled device. This 1478 bind id is that same as represented by the BindId 1479 objects in the Address bind and Address-Port bind 1480 tables." 1481 ::= { natSessionEntry 1 } 1483 natSessionId OBJECT-TYPE 1484 SYNTAX Unsigned32 1485 MAX-ACCESS not-accessible 1486 STATUS current 1487 DESCRIPTION 1488 "The session ID for this NAT session." 1489 ::= { natSessionEntry 2 } 1491 natSessionDirection OBJECT-TYPE 1492 SYNTAX INTEGER { 1493 inbound (1), 1494 outbound (2) 1495 } 1496 MAX-ACCESS read-create 1497 STATUS current 1498 DESCRIPTION 1499 "The direction of this session with respect to the 1500 local network. 'inbound' indicates that this session 1501 was initiated from the public network into the private 1502 network. 'outbound' indicates that this session was 1503 initiated from the private network into the public 1504 network." 1505 ::= { natSessionEntry 3 } 1507 natSessionUpTime OBJECT-TYPE 1508 SYNTAX TimeTicks 1509 MAX-ACCESS read-only 1510 STATUS current 1511 DESCRIPTION 1512 "The up time of this session in one-hundredths of a 1513 second." 1514 ::= { natSessionEntry 4 } 1516 natSessionProtocolType OBJECT-TYPE 1517 SYNTAX NATProtocolType 1518 MAX-ACCESS read-create 1519 STATUS current 1520 DESCRIPTION 1521 "The protocol type of this session. 1523 TCP and UDP sessions are uniquely identified by the 1524 tuple of (source IP address, source TCP/UDP port, 1525 destination IP address, destination TCP/UDP port). 1526 ICMP query sessions are identified by the tuple of 1527 (source IP address, ICMP query ID, destination IP 1528 address)." 1529 ::= { natSessionEntry 5 } 1531 natSessionOrigPrivateAddrType OBJECT-TYPE 1532 SYNTAX InetAddressType 1533 MAX-ACCESS read-create 1534 STATUS current 1535 DESCRIPTION 1536 "This object specifies the address type used for 1537 natSessionOrigPrivateAddr." 1538 ::= { natSessionEntry 6 } 1540 natSessionOrigPrivateAddr OBJECT-TYPE 1541 SYNTAX InetAddress 1542 MAX-ACCESS read-create 1543 STATUS current 1544 DESCRIPTION 1545 "The original IP address of the session endpoint that 1546 lies in the private network." 1547 ::= { natSessionEntry 7 } 1549 natSessionTransPrivateAddrType OBJECT-TYPE 1550 SYNTAX InetAddressType 1551 MAX-ACCESS read-create 1552 STATUS current 1553 DESCRIPTION 1554 "This object specifies the address type used for 1555 natSessionTransPrivateAddr." 1556 ::= { natSessionEntry 8 } 1558 natSessionTransPrivateAddr OBJECT-TYPE 1559 SYNTAX InetAddress 1560 MAX-ACCESS read-create 1561 STATUS current 1562 DESCRIPTION 1563 "The translated IP address of the session endpoint that 1564 lies in the private network. The value of this object 1565 is equal to that of the original public IP Address 1566 (natSessionOrigPrivateAddr) when there is no 1567 translation." 1568 ::= { natSessionEntry 9 } 1570 natSessionOrigPrivatePort OBJECT-TYPE 1571 SYNTAX Integer32 (0..65535) 1572 MAX-ACCESS read-create 1573 STATUS current 1574 DESCRIPTION 1575 "The original transport port of the session endpoint that 1576 belongs to the private network. If this is an ICMP 1577 session then the value is the ICMP request ID. The value 1578 of this object should be 0 when the port is not involved 1579 in the translation." 1580 ::= { natSessionEntry 10 } 1582 natSessionTransPrivatePort OBJECT-TYPE 1583 SYNTAX Integer32 (0..65535) 1584 MAX-ACCESS read-create 1585 STATUS current 1586 DESCRIPTION 1587 "The translated transport port of the session that lies in 1588 the private network.The value of this object is equal to 1589 that of the original transport port 1590 (natSessionOrigPrivatePort) when there is no 1591 translation." 1592 ::= { natSessionEntry 11 } 1594 natSessionOrigPublicAddrType OBJECT-TYPE 1595 SYNTAX InetAddressType 1596 MAX-ACCESS read-create 1597 STATUS current 1598 DESCRIPTION 1599 "This object specifies the address type used for 1600 natSessionOrigPublicAddr." 1601 ::= { natSessionEntry 12 } 1603 natSessionOrigPublicAddr OBJECT-TYPE 1604 SYNTAX InetAddress 1605 MAX-ACCESS read-create 1606 STATUS current 1607 DESCRIPTION 1608 "The original IP address of the session endpoint that lies 1609 in the public network." 1610 ::= { natSessionEntry 13 } 1612 natSessionTransPublicAddrType OBJECT-TYPE 1613 SYNTAX InetAddressType 1614 MAX-ACCESS read-create 1615 STATUS current 1616 DESCRIPTION 1617 "This object specifies the address type used for 1618 natSessionTransPublicAddr." 1619 ::= { natSessionEntry 14 } 1621 natSessionTransPublicAddr OBJECT-TYPE 1622 SYNTAX InetAddress 1623 MAX-ACCESS read-create 1624 STATUS current 1625 DESCRIPTION 1626 "The translated IP address of the session endpoint that 1627 belongs to the public network. The value of this object 1628 is equal to that of the original public IP Address 1629 (natSessionOrigPublicAddr) when there is no 1630 translation." 1631 ::= { natSessionEntry 15 } 1633 natSessionOrigPublicPort OBJECT-TYPE 1634 SYNTAX Integer32 (0..65535) 1635 MAX-ACCESS read-create 1636 STATUS current 1637 DESCRIPTION 1638 "The original transport port of the session endpoint that 1639 belongs to the public network. If this is an ICMP 1640 session then the value contains the ICMP request ID. 1641 The value of this object should be 0 when the port is 1642 not involved in the translation." 1643 ::= { natSessionEntry 16 } 1645 natSessionTransPublicPort OBJECT-TYPE 1646 SYNTAX Integer32 (0..65535) 1647 MAX-ACCESS read-create 1648 STATUS current 1649 DESCRIPTION 1650 "The translated transport port of the session endpoint 1651 that belongs to the public network. The value of this 1652 object is equal to that of the original transport port 1653 (natSessionOrigPublicPort) when there is no 1654 translation." 1655 ::= { natSessionEntry 17 } 1657 natSessionCurrentIdletime OBJECT-TYPE 1658 SYNTAX TimeTicks 1659 MAX-ACCESS read-only 1660 STATUS current 1661 DESCRIPTION 1662 "The time in one-hundredths of a second since a packet 1663 belonging to this session was last detected." 1664 ::= { natSessionEntry 18 } 1666 natSessionSecondBindId OBJECT-TYPE 1667 SYNTAX Unsigned32 1668 MAX-ACCESS read-create 1669 STATUS current 1670 DESCRIPTION 1671 "The natBindId of the 'other' NAT binding incase of Twice 1672 NAT. 1674 An instance of this object contains a valid value 1675 only if the binding type for this session is TwiceNAT." 1676 ::= { natSessionEntry 19 } 1678 natSessionInTranslate OBJECT-TYPE 1679 SYNTAX Counter32 1680 MAX-ACCESS read-only 1681 STATUS current 1682 DESCRIPTION 1683 "The number of inbound packets that were translated for 1684 this session." 1685 ::= { natSessionEntry 20 } 1687 natSessionOutTranslate OBJECT-TYPE 1688 SYNTAX Counter32 1689 MAX-ACCESS read-only 1690 STATUS current 1691 DESCRIPTION 1692 "The number of outbound packets that were translated for 1693 this session." 1694 ::= { natSessionEntry 21 } 1696 natSessionStatus OBJECT-TYPE 1697 SYNTAX RowStatus 1698 MAX-ACCESS read-create 1699 STATUS current 1700 DESCRIPTION 1701 "The status of this conceptual row." 1702 ::= { natSessionEntry 22 } 1704 -- 1705 -- natStatistics Group 1706 -- 1708 -- 1709 -- The Protocol Stats table 1710 -- 1712 natProtocolStatsTable OBJECT-TYPE 1713 SYNTAX SEQUENCE OF NatProtocolStatsEntry 1714 MAX-ACCESS not-accessible 1715 STATUS current 1716 DESCRIPTION 1717 "The (conceptual) table containing per protocol NAT 1718 statistics." 1719 ::= { natStatistics 1 } 1721 natProtocolStatsEntry OBJECT-TYPE 1722 SYNTAX NatProtocolStatsEntry 1723 MAX-ACCESS not-accessible 1724 STATUS current 1725 DESCRIPTION 1726 "An entry (conceptual row) containing NAT statistics 1727 pertaining to a particular protocol." 1728 INDEX { natProtocolStatsName } 1729 ::= { natProtocolStatsTable 1 } 1731 NatProtocolStatsEntry ::= SEQUENCE { 1732 natProtocolStatsName NATProtocolType, 1733 natProtocolStatsInTranslate Counter32, 1734 natProtocolStatsOutTranslate Counter32, 1735 natProtocolStatsRejectCount Counter32 1736 } 1738 natProtocolStatsName OBJECT-TYPE 1739 SYNTAX NATProtocolType 1740 MAX-ACCESS not-accessible 1741 STATUS current 1742 DESCRIPTION 1743 "This object represents the protocol pertaining to which 1744 statistics are reported." 1745 ::= { natProtocolStatsEntry 1 } 1747 natProtocolStatsInTranslate OBJECT-TYPE 1748 SYNTAX Counter32 1749 MAX-ACCESS read-only 1750 STATUS current 1751 DESCRIPTION 1752 "The number of inbound packets, pertaining to the protocol 1753 identified by natProtocolStatsName, that underwent NAT." 1754 ::= { natProtocolStatsEntry 2 } 1756 natProtocolStatsOutTranslate OBJECT-TYPE 1757 SYNTAX Counter32 1758 MAX-ACCESS read-only 1759 STATUS current 1760 DESCRIPTION 1761 "The number of outbound packets, pertaining to the protocol 1762 identified by natProtocolStatsName, that underwent NAT." 1763 ::= { natProtocolStatsEntry 3 } 1765 natProtocolStatsRejectCount OBJECT-TYPE 1766 SYNTAX Counter32 1767 MAX-ACCESS read-only 1768 STATUS current 1769 DESCRIPTION 1770 "The number of packets, pertaining to the protocol 1771 identified by natProtocolStatsName, that had to be 1772 rejected/dropped due to lack of resources. These 1773 rejections could be due to session timeout, resource 1774 unavailability, lack of address space etc." 1775 ::= { natProtocolStatsEntry 4 } 1777 -- 1778 -- The Address Map Stats table 1779 -- 1781 natAddrMapStatsTable OBJECT-TYPE 1782 SYNTAX SEQUENCE OF NatAddrMapStatsEntry 1783 MAX-ACCESS not-accessible 1784 STATUS current 1785 DESCRIPTION 1786 "The (conceptual) table containing per address map NAT 1787 statistics." 1788 ::= { natStatistics 2 } 1790 natAddrMapStatsEntry OBJECT-TYPE 1791 SYNTAX NatAddrMapStatsEntry 1792 MAX-ACCESS not-accessible 1793 STATUS current 1794 DESCRIPTION 1795 "An entry (conceptual row) containing NAT statistics per 1796 address map." 1797 AUGMENTS { natConfAddrMapEntry } 1798 ::= { natAddrMapStatsTable 1 } 1800 NatAddrMapStatsEntry ::= SEQUENCE { 1801 natAddrMapStatsInTranslate Counter32, 1802 natAddrMapStatsOutTranslate Counter32, 1803 natAddrMapStatsNoResource Counter32, 1804 natAddrMapStatsAddrUsed Gauge32 1805 } 1807 natAddrMapStatsInTranslate OBJECT-TYPE 1808 SYNTAX Counter32 1809 MAX-ACCESS read-only 1810 STATUS current 1811 DESCRIPTION 1812 "The number of inbound packets, pertaining to this address 1813 map entry, that were translated." 1814 ::= { natAddrMapStatsEntry 3 } 1816 natAddrMapStatsOutTranslate OBJECT-TYPE 1817 SYNTAX Counter32 1818 MAX-ACCESS read-only 1819 STATUS current 1820 DESCRIPTION 1821 "The number of outbound packets, pertaining to this 1822 address map entry, that were translated." 1823 ::= { natAddrMapStatsEntry 4 } 1825 natAddrMapStatsNoResource OBJECT-TYPE 1826 SYNTAX Counter32 1827 MAX-ACCESS read-only 1828 STATUS current 1829 DESCRIPTION 1830 "The number of packets, pertaining to this address map 1831 entry, that were dropped due to lack of addresses in the 1832 address pool identified by this address map. The value of 1833 this object should always be zero in case of static 1834 address map." 1835 ::= { natAddrMapStatsEntry 5 } 1837 natAddrMapStatsAddrUsed OBJECT-TYPE 1838 SYNTAX Gauge32 1839 MAX-ACCESS read-only 1840 STATUS current 1841 DESCRIPTION 1842 "The number of addresses, pertaining to this address map, 1843 that are currently being used from the nat pool. The 1844 value of this object is irrelevant if the address map in 1845 question is a static address map." 1846 ::= { natAddrMapStatsEntry 6 } 1848 -- 1849 -- The Interface Stats table 1850 -- 1852 natInterfaceStatsTable OBJECT-TYPE 1853 SYNTAX SEQUENCE OF NatInterfaceStatsEntry 1854 MAX-ACCESS not-accessible 1855 STATUS current 1856 DESCRIPTION 1857 "This table augments the natInterfaceTable and provides 1858 statistics information pertaining to the specified 1859 interface." 1860 ::= { natStatistics 3 } 1862 natInterfaceStatsEntry OBJECT-TYPE 1863 SYNTAX NatInterfaceStatsEntry 1864 MAX-ACCESS not-accessible 1865 STATUS current 1866 DESCRIPTION 1867 "Each entry of the natInterfaceStatsTable represents stats 1868 pertaining to one interface, which is identified by its 1869 ifIndex." 1870 AUGMENTS { natConfEntry } 1871 ::= { natInterfaceStatsTable 1 } 1873 NatInterfaceStatsEntry ::= SEQUENCE { 1874 natInterfacePktsIn Counter32, 1875 natInterfacePktsOut Counter32 1876 } 1878 natInterfacePktsIn OBJECT-TYPE 1879 SYNTAX Counter32 1880 MAX-ACCESS read-only 1881 STATUS current 1882 DESCRIPTION 1883 "Number of packets received on this interface that 1884 were translated." 1885 ::= { natInterfaceStatsEntry 1 } 1887 natInterfacePktsOut OBJECT-TYPE 1888 SYNTAX Counter32 1889 MAX-ACCESS read-only 1890 STATUS current 1891 DESCRIPTION 1892 "Number of translated packets that were sent out this 1893 interface." 1894 ::= { natInterfaceStatsEntry 2 } 1896 -- 1897 -- Notifications section 1898 -- 1900 natNotificationPrefix OBJECT IDENTIFIER ::= { natMIB 2 } 1901 natNotifications OBJECT IDENTIFIER ::= 1902 { natNotificationPrefix 0 } 1904 -- 1905 -- Notification objects i.e. objects accessible only for notification 1906 -- purpose. 1907 -- 1908 natNotificationObjects OBJECT IDENTIFIER ::= 1909 { natNotificationPrefix 1 } 1911 natAddrMapName OBJECT-TYPE 1912 SYNTAX SnmpAdminString 1913 MAX-ACCESS accessible-for-notify 1914 STATUS current 1915 DESCRIPTION 1916 "This object represent the address map corresponding to 1917 which the addresses/ports have been exhausted, thereby 1918 resulting in a natPacketDiscard notification." 1919 ::= { natNotificationObjects 1 } 1921 natPktDiscardReason OBJECT-TYPE 1922 SYNTAX INTEGER { 1923 other (1), 1924 addressSpaceExhausted (2) 1925 } 1926 MAX-ACCESS accessible-for-notify 1927 STATUS current 1928 DESCRIPTION 1929 "This object represents the reason for which a packet is 1930 discarded by NAT. 1932 addressSpaceExhausted (2) represents a situation wherein 1933 the address space required to do this mapping has been 1934 exhausted (used up by other translations). 1936 other (1) represents a case where the packet was 1937 discarded due to any other reasons." 1938 ::= { natNotificationObjects 2 } 1940 -- 1941 -- Notifications 1942 -- 1944 natAddressUseRising NOTIFICATION-TYPE 1945 OBJECTS { natAddrMapStatsAddrUsed } 1946 STATUS current 1947 DESCRIPTION 1948 "This notification is generated whenever the number of 1949 addresses per address map is equal to or greater than the 1950 configured address rising threshold value. 1952 Note that once this notification is generated, another 1953 notification for the same address map should be generated 1954 only after the address usage falls to/below the defined 1955 falling threshold. 1956 This notification should be generated only for dynamic 1957 address maps, since they do not provide any useful 1958 information for static maps." 1959 ::= { natNotifications 1 } 1961 natPacketDiscard NOTIFICATION-TYPE 1962 OBJECTS { natAddrMapName, natPktDiscardReason } 1963 STATUS current 1964 DESCRIPTION 1965 "This notification is generated whenever packets are 1966 discarded e.g. due to lack of mapping space when we run 1967 out of address/ports in case of NAT/NAPT respectively. 1969 An agent should not generate more than one 1970 natPacketDiscard 'notification-events' in a given time 1971 interval (five seconds is the suggested default). A 1972 'notification-event' is the transmission of a single 1973 trap or inform PDU to a list of notification 1974 destinations. 1976 If additional nat packets are discarded within the 1977 throttling period, then notification-events for these 1978 changes should be suppressed by the agent until the 1979 current throttling period expires. At the end of a 1980 throttling period, one notification-event should be 1981 generated if any NAT packet was discarded since the 1982 start of the throttling period. In such a case, another 1983 throttling period is started right away." 1984 ::= { natNotifications 2 } 1986 -- 1987 -- Conformance information. 1988 -- 1990 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 3 } 1991 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 1 } 1992 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 2 } 1994 -- 1995 -- Compliance statements 1996 -- 1998 natMIBCompliance MODULE-COMPLIANCE 1999 STATUS current 2000 DESCRIPTION 2001 "The compliance statement for devices running NAT." 2002 MODULE -- this module 2003 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup } 2004 GROUP natConfProtGroup 2005 DESCRIPTION 2006 "This group is mandatory if any of the protocol 2007 specific tables (below) are supported." 2008 GROUP natConfTcpGroup 2009 DESCRIPTION 2010 "This group is optional." 2012 ::= { natMIBCompliances 1 } 2014 -- 2015 -- Units of conformance 2016 -- 2018 natConfigGroup OBJECT-GROUP 2019 OBJECTS { natConfInterfaceRealm, 2020 natConfServiceType, 2021 natConfAddrMapConfigName, 2022 natConfProtConfigName, 2023 natConfStorageType, 2024 natConfStatus, 2025 natConfAddrMapEntryType, 2026 natConfAddrMapDirection, 2027 natConfLocalAddrType, 2028 natConfLocalAddrFrom, 2029 natConfLocalAddrTo, 2030 natConfLocalPortFrom, 2031 natConfLocalPortTo, 2032 natConfGlobalAddrType, 2033 natConfGlobalAddrFrom, 2034 natConfGlobalAddrTo, 2035 natConfGlobalPortFrom, 2036 natConfGlobalPortTo, 2037 natConfProtocol, 2038 natConfAddrMapStorageType, 2039 natConfAddrMapStatus, 2040 natConfUdpDefIdleTimeout, 2041 natConfIcmpDefIdleTimeout, 2042 natConfOtherDefIdleTimeout, 2043 natConfTcpDefIdleTimeout, 2044 natConfTcpDefNegTimeout } 2045 STATUS current 2046 DESCRIPTION 2047 "A collection of configuration-related information 2048 required to support management of devices supporting 2049 NAT." 2050 ::= { natMIBGroups 1 } 2052 natTranslationGroup OBJECT-GROUP 2053 OBJECTS { natAddrBindNumberOfEntries, 2054 natAddrBindGlobalAddrType, 2055 natAddrBindGlobalAddr, 2056 natAddrBindId, 2057 natAddrBindDirection, 2058 natAddrBindType, 2059 natAddrBindAddrMapName, 2060 natAddrBindSessionCount, 2061 natAddrBindCurrentIdleTime, 2062 natAddrBindInTranslate, 2063 natAddrBindOutTranslate, 2064 natAddrPortBindNumberOfEntries, 2065 natAddrPortBindGlobalAddrType, 2066 natAddrPortBindGlobalAddr, 2067 natAddrPortBindGlobalPort, 2068 natAddrPortBindId, 2069 natAddrPortBindDirection, 2070 natAddrPortBindType, 2071 natAddrPortBindAddrMapName, 2072 natAddrPortBindSessionCount, 2073 natAddrPortBindCurrentIdleTime, 2074 natAddrPortBindInTranslate, 2075 natAddrPortBindOutTranslate, 2076 natSessionDirection, 2077 natSessionUpTime, 2078 natSessionProtocolType, 2079 natSessionOrigPrivateAddrType, 2080 natSessionOrigPrivateAddr, 2081 natSessionTransPrivateAddrType, 2082 natSessionTransPrivateAddr, 2083 natSessionOrigPrivatePort, 2084 natSessionTransPrivatePort, 2085 natSessionOrigPublicAddrType, 2086 natSessionOrigPublicAddr, 2087 natSessionTransPublicAddrType, 2088 natSessionTransPublicAddr, 2089 natSessionOrigPublicPort, 2090 natSessionTransPublicPort, 2091 natSessionCurrentIdletime, 2092 natSessionSecondBindId, 2093 natSessionInTranslate, 2094 natSessionOutTranslate, 2095 natSessionStatus } 2096 STATUS current 2097 DESCRIPTION 2098 "A collection of BIND-related objects required to support 2099 management of devices supporting NAT." 2101 ::= { natMIBGroups 2 } 2102 natStatsGroup OBJECT-GROUP 2103 OBJECTS { natProtocolStatsInTranslate, 2104 natProtocolStatsOutTranslate, 2105 natProtocolStatsRejectCount, 2106 natAddrMapStatsInTranslate, 2107 natAddrMapStatsOutTranslate, 2108 natAddrMapStatsNoResource, 2109 natAddrMapStatsAddrUsed, 2110 natInterfacePktsIn, 2111 natInterfacePktsOut } 2112 STATUS current 2113 DESCRIPTION 2114 "A collection of NAT statistics related objects required 2115 to support troubleshooting/monitoring NAT operation." 2116 ::= { natMIBGroups 3 } 2118 natConfProtGroup OBJECT-GROUP 2119 OBJECTS { natConfProtSpecName, 2120 natConfProtIdleTimeout, 2121 natConfProtRowStatus } 2122 STATUS current 2123 DESCRIPTION 2124 "A collection of objects to facilitate protocol related 2125 NAT configuration." 2126 ::= { natMIBGroups 4 } 2128 natConfTcpGroup OBJECT-GROUP 2129 OBJECTS { natConfTcpNegTimeout, 2130 natConfTcpRowStatus } 2131 STATUS current 2132 DESCRIPTION 2133 "A collection of TCP related NAT parameter objects 2134 used for NAT configuration." 2135 ::= { natMIBGroups 5 } 2137 natMIBNotifConfigGroup OBJECT-GROUP 2138 OBJECTS { natConfAddressRiseThreshold, 2139 natConfAddressFallThreshold } 2140 STATUS current 2141 DESCRIPTION 2142 "A collection of configuration objects required to support 2143 the threshold-based notifications." 2144 ::= { natMIBGroups 6 } 2146 natMIBNotificationObjectsGroup OBJECT-GROUP 2147 OBJECTS { natAddrMapName, 2148 natPktDiscardReason } 2150 STATUS current 2151 DESCRIPTION 2152 "A collection of objects required to support NAT 2153 notifications." 2154 ::= { natMIBGroups 7 } 2156 natMIBNotificationGroup NOTIFICATION-GROUP 2157 NOTIFICATIONS { natAddressUseRising, 2158 natPacketDiscard } 2159 STATUS current 2160 DESCRIPTION 2161 "A collection of notifications which are generated by 2162 devices supporting this MIB." 2163 ::= { natMIBGroups 8 } 2165 END 2167 NAT-TC DEFINITIONS ::= BEGIN 2169 IMPORTS 2170 MODULE-IDENTITY, 2171 mib-2 2172 FROM SNMPv2-SMI 2173 TEXTUAL-CONVENTION 2174 FROM SNMPv2-TC; 2176 natTextualConventions MODULE-IDENTITY 2177 LAST-UPDATED "200111090000Z" 2178 ORGANIZATION "IETF NAT Working Group" 2179 CONTACT-INFO 2180 " Rohit 2181 World Wide Packets 2182 115 North Sullivan Road 2183 Veradale, Spokane, WA 99037 2184 Phone: +1 509 242 9320 2185 Email: Rohit.Rohit@worldwidepackets.com 2187 Nalinaksh Pai 2188 Cisco Systems, Inc. 2189 Prestige Waterford 2190 No. 9, Brunton Road 2191 Bangalore - 560 025 2192 India 2193 Phone: +91 80 532 1300 2194 Email: npai@cisco.com 2196 Rajiv Raghunarayan 2197 Cisco Systems, Inc. 2198 Prestige Waterford 2199 No. 9, Brunton Road 2200 Bangalore - 560 025 2201 India 2202 Phone: +91 80 532 1300 2203 Email: rrajiv@cisco.com 2205 Cliff Wang 2206 SmartPipes Inc. 2207 Suite 300, 565 Metro Place South 2208 Dublin, OH 43017 2209 Phone: +1 614 923 6241 2210 Email: CWang@smartpipes.com 2212 P. Srisuresh 2213 Kuokoa networks 2214 2901 Tasman Drive, Suite 202 2215 Santa Clara, CA 95054 2216 Phone: +1 408 970 0000 2217 Email: srisuresh@yahoo.com 2218 " 2219 DESCRIPTION 2220 "This MIB module defines the NATProtocolType textual 2221 convention for use in MIBs that need to identify the 2222 protocols which support network address translation." 2224 REVISION "200111090000Z" -- 9th Nov. 2001 2225 DESCRIPTION 2226 "Initial version of this MIB module." 2227 ::= { mib-2 xx } -- to be assigned by RFC-editor 2229 NATProtocolType ::= TEXTUAL-CONVENTION 2230 STATUS current 2231 DESCRIPTION 2232 "A list of protocols that are affected/support 2233 network address translation. Inclusion of values is 2234 not intended to imply that those protocols need be 2235 supported." 2236 SYNTAX INTEGER { 2237 none (1), -- not specified 2238 other (2), -- none of the following 2239 icmp (3), 2240 udp (4), 2241 tcp (5) 2242 } 2244 END 2245 7. Security Considerations 2247 This MIB contains readable objects whose values provide information 2248 related to nat binds and sessions. Some of these objects could 2249 contain sensitive information e.g. bind information. There are 2250 a number of management objects defined in this MIB that have a 2251 MAX-ACCESS clause of read-write and/or read-create. Such objects 2252 may be considered sensitive or vulnerable in some network 2253 environments. 2255 While unauthorized access to the readable objects may be relatively 2256 innocuous, unauthorized access to the write-able objects could 2257 cause a denial of service, and/or widespread network 2258 disturbance. Hence, the support for SET operations in a non-secure 2259 environment without proper protection can have a negative effect on 2260 network operations. 2262 SNMPv1 by itself is not a secure environment. Even if the network 2263 itself is secure, there is no control as to who on the secure 2264 network is allowed to access and GET/SET (read/change/create/delete) 2265 the objects in this MIB. 2267 It is recommended that the implementors consider the security 2268 features as provided by the SNMPv3 framework. Specifically, the use 2269 of the User-based Security Model RFC 2574 [12] and the View-based 2270 Access Control Model RFC 2575 [15] is recommended. 2272 It is then a customer/user responsibility to ensure that the SNMP 2273 entity giving access to an instance of this MIB, is properly 2274 configured to give access to the objects only to those 2275 principals (users) that have legitimate rights to indeed GET or 2276 SET (change/create/delete) them. 2278 8. References 2280 [1] Wijnen, B., Harrington, D. and R. Presuhn, "An Architecture 2281 for Describing SNMP Management Frameworks", RFC 2571, April 2282 1999. 2284 [2] Rose, M. and K. McCloghrie, "Structure and Identification of 2285 Management Information for TCP/IP-based Internets", STD 16, 2286 RFC 1155, May 1990. 2288 [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, 2289 RFC 1212, March 1991. 2291 [4] Rose, M., "A Convention for Defining Traps for use with the 2292 SNMP", RFC 1215, March 1991. 2294 [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2295 Rose, M. and S. Waldbusser, "Structure of Management 2296 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 2298 [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2299 Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", 2300 STD 58, RFC 2579, April 1999. 2302 [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2303 Rose, M. and S. Waldbusser, "Conformance Statements for 2304 SMIv2", STD 58, RFC 2580, April 1999. 2306 [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple 2307 Network Management Protocol", STD 15, RFC 1157, May 1990. 2309 [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2310 "Introduction to Community-based SNMPv2", RFC 1901, January 2311 1996. 2313 [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2314 "Transport Mappings for Version 2 of the Simple Network 2315 Management Protocol (SNMPv2)", RFC 1906, January 1996. 2317 [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message 2318 Processing and Dispatching for the Simple Network Management 2319 Protocol (SNMP)", RFC 2572, April 1999. 2321 [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) 2322 for version 3 of the Simple Network Management Protocol 2323 (SNMPv3)", RFC 2574, April 1999. 2325 [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2326 "Protocol Operations for Version 2 of the Simple Network 2327 Management Protocol (SNMPv2)", RFC 1905, January 1996. 2329 [14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 2330 2573, April 1999. 2332 [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access 2333 Control Model (VACM) for the Simple Network Management 2334 Protocol (SNMP)", RFC 2575, April 1999. 2336 [16] Bradner, S., "The Internet Standards Process -- Revision 3", 2337 BCP 9, RFC 2026, October 1996. 2339 [17] Srisuresh, P. and Egevang, K., "Traditional IP Network Address 2340 Translator (Traditional NAT)", RFC 3022, January 2001. 2342 [18] Srisuresh, P. and M. Holdrege, "NAT Terminology and 2343 Considerations", RFC 2663, August 1999. 2345 [19] Daniele, M., Haberman, B., Routhier, S., Schoenwaelder, J., 2346 "Textual Conventions for Internet Network Addresses", RFC 2347 2851, June 2000. 2349 9. Acknowledgements 2351 The authors of this memo would like to thank Randy Turner for his 2352 valuable contribution to this MIB. 2354 10. Author's Addresses 2356 Rohit R. 2357 World Wide Packets 2358 115 North Sullivan Road 2359 Veradale, Spokane, WA 99037 2360 Phone: +1 509 242 9320 2361 Email: Rohit.Rohit@worldwidepackets.com 2363 Nalinaksh Pai 2364 Cisco Systems, Inc. 2365 Prestige Waterford 2366 No. 9, Brunton Road 2367 Bangalore - 560 025 2368 India 2369 Phone: +91 80 532 1300 extn. 6354 2370 Email: npai@cisco.com 2372 Rajiv Raghunarayan 2373 Cisco Systems, Inc. 2374 Prestige Waterford 2375 No. 9, Brunton Road 2376 Bangalore - 560 025 2377 India 2378 Phone: +91 80 532 1300 extn. 6314 2379 Email: rrajiv@cisco.com 2381 Cliff Wang 2382 SmartPipes Inc. 2383 Suite 300, 565 Metro Place South 2384 Dublin, OH 43017 2385 Phone: +1 614 923 6241 2386 Email: CWang@smartpipes.com 2388 P. Srisuresh 2389 Kuokoa networks 2390 2901 Tasman Drive, Suite 202 2391 Santa Clara, CA 95054 2392 Phone: +1 408 970 0000 2393 Email: srisuresh@yahoo.com 2395 11. Change History 2397 A record of changes which will be removed before publication. 2399 10 September 2001 2401 o Added the following objects to support notifications: 2402 natConfAddressRiseThreshold, natConfAddressFallThreshold, 2403 natAddrMapName and natPktDiscardReason. 2404 o Following notifications were added (there are still some 2405 unclear parameters though): 2406 natAddressUseRising and natPacketDiscard. 2408 10 November 2001 2410 o Dynamic and Static Address Map tables are Merged. 2412 o Protocol Extensibility added. 2414 o Rearrangement of OIDs done to get things in proper sequence. 2416 07 February 2002 2418 o Config and Interface Specific tables are Merged. 2420 o MAX-ACCESS for the bind and session entry objects are 2421 changed to be read-create. 2423 o natConfAddrMapType renamed to natConfAddrMapDirection. 2425 Full Copyright Statement 2426 "Copyright (C) The Internet Society (2000). All Rights Reserved. 2427 This document and translations of it may be copied and furnished to 2428 others, and derivative works that comment on or otherwise explain it 2429 or assist in its implementation may be prepared, copied, published 2430 and distributed, in whole or in part, without restriction of any 2431 kind, provided that the above copyright notice and this paragraph 2432 are included on all such copies and derivative works. However, this 2433 document itself may not be modified in any way, such as by removing 2434 the copyright notice or references to the Internet Society or other 2435 Internet organizations, except as needed for the purpose of 2436 developing Internet standards in which case the procedures for 2437 copyrights defined in the Internet Standards process must be 2438 followed, or as required to translate it into languages other than 2439 English. 2441 The limited permissions granted above are perpetual and will not be 2442 revoked by the Internet Society or its successors or assigns. 2444 This document and the information contained herein is provided on an 2445 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 2446 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 2447 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 2448 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 2449 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2451 Acknowledgement 2453 Funding for the RFC Editor function is currently provided by the 2454 Internet Society.