idnits 2.17.1 draft-ietf-nat-natmib-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 3 instances of lines with control characters in the document. ** The abstract seems to contain references ([17]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 818 has weird spacing: '...pecific natCo...' == Line 2278 has weird spacing: '...ce, the suppo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 2002) is 7986 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '19' is defined on line 2365, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2571 (ref. '1') (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '4') ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '8') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '9') ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (ref. '11') (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (ref. '12') (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (ref. '13') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (ref. '14') (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (ref. '15') (Obsoleted by RFC 3415) ** Downref: Normative reference to an Informational RFC: RFC 3022 (ref. '17') ** Downref: Normative reference to an Informational RFC: RFC 2663 (ref. '18') ** Obsolete normative reference: RFC 3291 (ref. '19') (Obsoleted by RFC 4001) Summary: 18 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NAT Working Group R. Raghunarayan 2 INTERNET-DRAFT N. Pai 3 Expires December 2002 Cisco Systems, Inc. 4 R. Rohit 5 World Wide Packets, Inc. 6 C. Wang 7 SmartPipes, Inc. 8 P. Srisuresh 9 Kuokoa Networks, Inc 10 June 2002 12 Definitions of Managed Objects for Network Address Translators (NAT) 14 16 Status of this Memo 18 This document is an Internet-Draft and is in full conformance with 19 all provisions of Section 10 of RFC2026 [16]. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that 23 other groups may also distribute working documents as Internet- 24 Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six 27 months and may be updated, replaced, or obsoleted by other 28 documents at any time. It is inappropriate to use Internet-Drafts 29 as reference material or to cite them other than as "work in 30 progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt 35 The list of Internet-Draft Shadow Directories can be accessed at 36 http://www.ietf.org/shadow.html. 38 Abstract 40 This memo defines an SMIv2 Management Information Base (MIB) for 41 a device implementing traditional NAT [17] function. This may be 42 used for configuration as well as monitoring of a device capable of 43 traditional NAT function. 45 Table of Contents 47 1 Introduction ................................................2 48 2 The Network Management Framework ............................2 49 3 Terminology .................................................3 50 4 Overview ....................................................3 51 5 Extending this MIB ..........................................5 52 6 Definitions .................................................6 53 7 Security Considerations ....................................49 54 8 References .................................................50 55 9 Acknowledgements ...........................................51 56 10 Author's Addresses .........................................52 57 11 Change History .............................................53 59 1. Introduction 61 This memo defines an SMIv2 Management Information Base (MIB) for 62 a device implementing traditional NAT [17] function. This may be 63 used for configuration as well as monitoring of a device capable of 64 traditional NAT function. 66 2. The Network Management Framework 68 The SNMP Management Framework presently consists of five major 69 components: 71 o An overall architecture, described in RFC 2571 [1]. 73 o Mechanisms for describing and naming objects and events for 74 the purpose of management. The first version of this Structure 75 of Management Information (SMI) is called SMIv1 and described 76 in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 77 [4]. The second version, called SMIv2, is described in STD 58, 78 RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7]. 80 o Message protocols for transferring management information. 81 The first version of the SNMP message protocol is called 82 SNMPv1 and is described in STD 15, RFC 1157 [8]. A second 83 version of the SNMP message protocol, which is not an Internet 84 standards track protocol, is called SNMPv2c and described in 85 RFC 1901 [9] and RFC 1906 [10]. The third version of the 86 message protocol is called SNMPv3 and described in RFC 1906 87 [10], RFC 2572 [11] and RFC 2574 [12]. 89 o Protocol operations for accessing management information. The 90 first set of protocol operations and associated PDU formats is 91 described in STD 15, RFC 1157 [8]. A second set of protocol 92 operations and associated PDU formats is described in RFC 1905 93 [13]. 95 o A set of fundamental applications described in RFC 2573 [14] 96 and the view-based access control mechanism described in RFC 97 2575 [15]. 99 Managed Objects are accessed via virtual information store, termed 100 the Management Information Base or MIB. Objects in the MIB are 101 defined using a subset of Abstract Syntax Notation One (ASN.1) 102 defined in the SMIv2. 104 This memo specifies a MIB module that is compliant to the SMIv2. A 105 MIB conforming to the SMIv1 can be produced through the appropriate 106 translations. The resulting translated MIB must be semantically 107 equivalent, except where objects or events are omitted because no 108 translation is possible (use of Counter64). Some machine readable 109 information in SMIv2 will be converted into textual descriptions in 110 SMIv1 during the translation process. However, this loss of 111 machine readable information is not considered to change the 112 semantics of the MIB. 114 3. Terminology 116 The terminology used throughout this document is mostly as per RFC 117 2663 [18]. 119 The term NAT has been used, throughout the document, to represent 120 traditional NAT. In cases, where necessary, NAPT and Basic NAT will 121 be used to represent port translation and address translation 122 respectively. 124 The terms public and private are used throughout the document in 125 the context of networks, while the terms local and global are used 126 when referring to addresses and ports. 128 4. Overview 130 The MIB module has been split into three groups: 132 o the configuration group, 133 o the translation group, and 134 o the statistics group. 136 The configuration group consists of four tables and seven scalars: 138 o the interface specific configuration table, which specifies the 139 nat config parameters for a specific interface. 140 o the address map table, which is an extension of the per-interface 141 configuration table, and specifies information required to setup 142 static/dynamic address and ports maps. 143 o the protocol specific table, which specifies protocol specific NAT 144 configuration parameters. The table also provides extensibility 145 for the configuration of the newer protocols. 147 Since most protocols e.g. TCP, UDP, ICMP, have idle timeouts as a 148 common parameter for the configuration, this parameter has been 149 added to the natConfProtTable. The extension tables, if any, may 150 add other configuration parameters. 151 o the tcp nat config table, which specifies tcp related NAT 152 configuration parameters. 153 o five protocol specific scalars, specifying the BIND timeout 154 values for the more common protocols, TCP, UDP and ICMP, and a 155 generic timeout value that can be used for all other protocols 156 (unless overridden by protocol specific value in another mib). 157 o two scalars used to monitor address thresholds and generate 158 notifications when the thresholds are crossed. 160 The translation group, monitoring the dynamic activities of the NAT 161 device, consists of two scalars and three tables: 163 o the scalars, natAddrBindNumberOfEntries and 164 natAddrPortBindNumberOfEntries, hold the number of entries 165 the currently exist in the Address bind and the Address-Port 166 bind tables respectively. 167 o the Address bind table, which holds the currently active 168 address bindings. 169 o the Address-Port bind table, which holds the currently active 170 transport bindings. 171 o the session table, holds information regarding active NAT 172 sessions. 174 And finally, the statistics group consists of three tables: 176 o the Protocol stats table, indicating translation statistics 177 per protocol. 178 o the Address Map stats table, indicating translation statistics 179 per address map. 180 o the Interface stats table, indicating translation statistics 181 per interface. 183 There are also two notifications defined in the MIB: 185 o natAddressUseRising notifies the end user/manager of the address 186 usage exceeding a pre-defined threshold. 187 o And finally, natPacketDiscard notifies the end user/manager of 188 packets being discarded due to lack of address mappings. 190 5. Extending this MIB 192 The NAT MIB has currently been defined to support only TCP, UDP and 193 ICMP as protocols. There are, though, points in the MIB to hook in 194 support for other protocols in the future. 196 Following is the list of protocol specific information, identified at 197 this point, which could potentially require protocol specific 198 extensions to this mib: 200 o Each protocol could support its set of timers and/or other protocol 201 specific configuration parameters for operation with NAT. 202 o Statistics could be maintained per protocol, and type of 203 statistics could be protocol specific. 205 To support the first requirement, the natConfTable consists of a 206 pointer (natConfProtConfigName) to a protocol configuration table, 207 natConfProtTable. The natConfProtTable consists of a pointer 208 (natConfProtSpecName) into a protocol specific configuration table. 209 The protocol specific configuration table can be used to 210 configure/retrieve protocol specific configuration parameters 211 pertaining to a NAT configuration. The natConfTcpTable, defined in 212 this mib module, is an example of a protocol specific configuration 213 table, which allows varying the TCP negotiation timeout for NAT. 215 To represent the configuration with an example, assume the existence 216 of the following row in the natConfTable, which contains a pointer to 217 a row in the protocol configuration table: 219 natConfInterfaceIndex = 1 220 natConfInterfaceRealm = private (1) 221 natConfServiceType = basicNat (1) 222 natConfProtConfigName = "Protocol Config 1" 223 natConfStorageType = nonVolatile (3) 224 natConfStatus = active (1) 226 The following row in natConfProtTable would contain a pointer to a row 227 in the TCP specific configuration table: 229 natConfProtName = "Protocol Config 1" 230 natConfProtType = tcp (5) 231 natConfProtSpecName = "TCP Config 1" 232 natConfProtIdleTimeout = 86400 233 natConfProtRowStatus = active (1) 235 And finally the following row in the TCP specific configuration table 236 would complete the TCP specific configuration: 238 natConfTcpName = "TCP Config 1" 239 natConfTcpNegTimeout = 120 240 natConfTcpRowStatus = active (1) 241 If a new protocol FOO needs to be supported, a new protocol specific 242 configuration table could be defined in a FOO-NAT-MIB, with the index 243 of the table being an SnmpAdminString that is referenced via 244 natConfProtSpecName in natConfProtTable. The protocol specific 245 configuration parameters could be defined in this table, and linked to 246 a NAT configuration by the aforementioned mechanism. 248 The natProtocolStatsTable, on the other hand, represents statistics on 249 a per protocol basis, where the protocol is one of those defined in 250 the NATProtocolType textual convention. Only the basic per protocol 251 statistics are represented via the NAT MIB. If any further protocol 252 specific statistics need to be defined, they could be defined via 253 protocol specific statistics objects/table in the protocol specific 254 mib. 256 For e.g. if a protocol FOO needs a counter which represents the 257 packets rejected due to some event foobar, it would define a protocol 258 specific object fooNatFoobarReject in the FOO-NAT-MIB. 260 6. Definitions 262 NAT-MIB DEFINITIONS ::= BEGIN 264 IMPORTS 265 MODULE-IDENTITY, 266 OBJECT-TYPE, 267 Integer32, 268 Unsigned32, 269 Gauge32, 270 Counter32, 271 TimeTicks, 272 mib-2, 273 NOTIFICATION-TYPE 274 FROM SNMPv2-SMI 275 MODULE-COMPLIANCE, 276 NOTIFICATION-GROUP, 277 OBJECT-GROUP 278 FROM SNMPv2-CONF 279 StorageType, 280 RowStatus 281 FROM SNMPv2-TC 282 InterfaceIndex 283 FROM IF-MIB 284 SnmpAdminString 285 FROM SNMP-FRAMEWORK-MIB 286 InetAddressType, 287 InetAddress 288 FROM INET-ADDRESS-MIB 289 NATProtocolType 290 FROM NAT-TC; 292 natMIB MODULE-IDENTITY 293 LAST-UPDATED "200206140000Z" 294 ORGANIZATION "IETF NAT Working Group" 295 CONTACT-INFO 296 " Rohit 297 World Wide Packets 298 115 North Sullivan Road 299 Veradale, Spokane, WA 99037 300 Phone: +1 509 242 9320 301 Email: Rohit.Rohit@worldwidepackets.com 303 Nalinaksh Pai 304 Cisco Systems, Inc. 305 Prestige Waterford 306 No. 9, Brunton Road 307 Bangalore - 560 025 308 India 309 Phone: +91 80 532 1300 310 Email: npai@cisco.com 312 Rajiv Raghunarayan 313 Cisco Systems Inc. 314 170 West Tasman Drive 315 San Jose, CA 95134 316 Phone: +1 408 853 9612 317 Email: raraghun@cisco.com 319 Cliff Wang 320 SmartPipes Inc. 321 Suite 300, 565 Metro Place South 322 Dublin, OH 43017 323 Phone: +1 614 923 6241 324 Email: CWang@smartpipes.com 326 P. Srisuresh 327 Kuokoa networks 328 2901 Tasman Drive, Suite 202 329 Santa Clara, CA 95054 330 Phone: +1 408 970 0000 331 Email: srisuresh@yahoo.com 332 " 333 DESCRIPTION 334 "This MIB module defines the generic managed objects 335 for NAT." 336 REVISION "200206140000Z" -- 14th June 2002 337 DESCRIPTION 338 "This MIB module addresses the smilint warnings found 339 in the IETF MIB Module Validation." 341 REVISION "200202070000Z" -- 7th Feb. 2002 342 DESCRIPTION 343 "Merged the Config and Interface specific Tables. 344 Added the ability for the Management Station to 345 create/destroy nat address binds and sessions." 346 REVISION "200111090000Z" -- 9th Nov. 2001 347 DESCRIPTION 348 "Merged the Static and Dynamic addr Tables. 349 Protocol specific extensibility added." 350 REVISION "200109100000Z" -- 10th Sep. 2001 351 DESCRIPTION 352 "Notifications added." 353 REVISION "200103010000Z" -- 1st Mar. 2001 354 DESCRIPTION 355 "Initial version of this MIB module." 356 ::= { mib-2 xx } -- xx to be assigned by RFC-editor. 358 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } 360 -- 361 -- The Groups 362 -- o natConfig - Pertaining to NAT configuration information 363 -- o natTranslation - Pertaining to the NAT BINDs/sessions. 364 -- o natStatistics - NAT statistics, other than those maintained 365 -- by the Bind and Session tables. 366 -- 368 natConfig OBJECT IDENTIFIER ::= { natMIBObjects 1 } 369 natTranslation OBJECT IDENTIFIER ::= { natMIBObjects 2 } 370 natStatistics OBJECT IDENTIFIER ::= { natMIBObjects 3 } 372 -- 373 -- The Configuration Group 374 -- The per-interface NAT Configuration Table 375 -- 377 natConfTable OBJECT-TYPE 378 SYNTAX SEQUENCE OF NatConfEntry 379 MAX-ACCESS not-accessible 380 STATUS current 381 DESCRIPTION 382 "This table specifies the configuration attributes for a 383 device supporting NAT function." 384 ::= { natConfig 1 } 386 natConfEntry OBJECT-TYPE 387 SYNTAX NatConfEntry 388 MAX-ACCESS not-accessible 389 STATUS current 390 DESCRIPTION 391 "Each entry in the natConfTable holds a set of 392 configuration parameters regarding the interface 393 on which NAT is enabled." 394 INDEX { natConfInterfaceIndex } 395 ::= { natConfTable 1 } 397 NatConfEntry ::= SEQUENCE { 398 natConfInterfaceIndex InterfaceIndex, 399 natConfInterfaceRealm INTEGER, 400 natConfServiceType BITS, 401 natConfAddrMapConfigName SnmpAdminString, 402 natConfProtConfigName SnmpAdminString, 403 natConfStorageType StorageType, 404 natConfStatus RowStatus 405 } 407 natConfInterfaceIndex OBJECT-TYPE 408 SYNTAX InterfaceIndex 409 MAX-ACCESS not-accessible 410 STATUS current 411 DESCRIPTION 412 "The ifIndex of the interface on which NAT is enabled." 413 ::= { natConfEntry 1 } 415 natConfInterfaceRealm OBJECT-TYPE 416 SYNTAX INTEGER { 417 private (1), 418 public (2) 419 } 420 MAX-ACCESS read-create 421 STATUS current 422 DESCRIPTION 423 "This object identifies whether this interface is 424 connected to the private or the public realm." 425 DEFVAL { public } 426 ::= { natConfEntry 2 } 428 natConfServiceType OBJECT-TYPE 429 SYNTAX BITS { 430 basicNat (0), 431 napt (1), 432 bidirectionalNat (2), 433 twiceNat (3), 434 multihomedNat (4) 435 } 436 MAX-ACCESS read-create 437 STATUS current 438 DESCRIPTION 439 "An indication of the direction in which new sessions 440 are permitted and the extent of translation done within 441 the IP and transport headers." 442 ::= { natConfEntry 3 } 444 natConfAddrMapConfigName OBJECT-TYPE 445 SYNTAX SnmpAdminString (SIZE(0..32)) 446 MAX-ACCESS read-create 447 STATUS current 448 DESCRIPTION 449 "This object selects a set of address maps defined in 450 the natConfAddrMapTable.The selected set of addr maps 451 are defined by entries in the natConfAddrMapTable whose 452 index value (natConfAddrMapName) is equal to this object." 453 DEFVAL { ''H } 454 ::= { natConfEntry 4 } 456 natConfProtConfigName OBJECT-TYPE 457 SYNTAX SnmpAdminString (SIZE(0..32)) 458 MAX-ACCESS read-create 459 STATUS current 460 DESCRIPTION 461 "The index pointing to a set of protocol related 462 NAT parameters in natProtConfTable. 464 This object is used to point to protocol specific 465 configuration that override any global (per-box) 466 settings." 467 DEFVAL { ''H } 468 ::= { natConfEntry 5 } 470 natConfStorageType OBJECT-TYPE 471 SYNTAX StorageType 472 MAX-ACCESS read-create 473 STATUS current 474 DESCRIPTION 475 "The storage type for this conceptual row." 476 REFERENCE 477 "Textual Conventions for SMIv2, Section 2." 478 DEFVAL { nonVolatile } 479 ::= { natConfEntry 6 } 481 natConfStatus OBJECT-TYPE 482 SYNTAX RowStatus 483 MAX-ACCESS read-create 484 STATUS current 485 DESCRIPTION 486 "The status of this conceptual row." 487 ::= { natConfEntry 7 } 489 -- 490 -- The Address Map Table 491 -- 493 natConfAddrMapTable OBJECT-TYPE 494 SYNTAX SEQUENCE OF NatConfAddrMapEntry 495 MAX-ACCESS not-accessible 496 STATUS current 497 DESCRIPTION 498 "This table lists address map configuration for NAT." 499 ::= { natConfig 2 } 501 natConfAddrMapEntry OBJECT-TYPE 502 SYNTAX NatConfAddrMapEntry 503 MAX-ACCESS not-accessible 504 STATUS current 505 DESCRIPTION 506 "This entry represents an address map to be used for 507 NAT, and contributes to the dynamic and/or static 508 address mapping tables of the NAT device." 509 INDEX { natConfAddrMapName, natConfAddrMapIndex } 510 ::= { natConfAddrMapTable 1 } 512 NatConfAddrMapEntry ::= SEQUENCE { 513 natConfAddrMapName SnmpAdminString, 514 natConfAddrMapIndex Integer32, 515 natConfAddrMapEntryType INTEGER, 516 natConfAddrMapDirection INTEGER, 517 natConfLocalAddrType InetAddressType, 518 natConfLocalAddrFrom InetAddress, 519 natConfLocalAddrTo InetAddress, 520 natConfLocalPortFrom Integer32, 521 natConfLocalPortTo Integer32, 522 natConfGlobalAddrType InetAddressType, 523 natConfGlobalAddrFrom InetAddress, 524 natConfGlobalAddrTo InetAddress, 525 natConfGlobalPortFrom Integer32, 526 natConfGlobalPortTo Integer32, 527 natConfProtocol BITS, 528 natConfAddrMapStorageType StorageType, 529 natConfAddrMapStatus RowStatus 530 } 532 natConfAddrMapName OBJECT-TYPE 533 SYNTAX SnmpAdminString (SIZE(1..32)) 534 MAX-ACCESS not-accessible 535 STATUS current 536 DESCRIPTION 537 "Name identifying a set of entries in this table. 538 The combination of natConfAddrMapName and 539 natConfAddrMapIndex uniquely identifies 540 an entry in this table." 541 ::= { natConfAddrMapEntry 1 } 543 natConfAddrMapIndex OBJECT-TYPE 544 SYNTAX Integer32 (1..2147483647) 545 MAX-ACCESS not-accessible 546 STATUS current 547 DESCRIPTION 548 "Along with natConfAddrMapName, this object uniquely 549 identifies an entry in the natConfAddrMapTable. 550 Address map entries are applied in the order 551 specified by natConfAddrMapIndex." 552 ::= { natConfAddrMapEntry 2 } 554 natConfAddrMapEntryType OBJECT-TYPE 555 SYNTAX INTEGER { 556 static (1), 557 dynamic (2) 558 } 559 MAX-ACCESS read-create 560 STATUS current 561 DESCRIPTION 562 "This config parameter can be used to set up static 563 or dynamic address maps." 564 ::= { natConfAddrMapEntry 3 } 566 natConfAddrMapDirection OBJECT-TYPE 567 SYNTAX INTEGER { 568 inbound (1), 569 outbound (2), 570 both (3) 571 } 572 MAX-ACCESS read-create 573 STATUS current 574 DESCRIPTION 575 "Address (and Transport-ID) maps may be defined for 576 both inbound and outbound direction. 578 Outbound address map refers to mapping a selected set of 579 addresses from private realm to a selected set of 580 addresses in public realm, whereas inbound address map 581 refers to mapping a set of addresses from the public 582 realm to private realm." 583 ::= { natConfAddrMapEntry 4 } 585 natConfLocalAddrType OBJECT-TYPE 586 SYNTAX InetAddressType 587 MAX-ACCESS read-create 588 STATUS current 589 DESCRIPTION 590 "This object specifies the address type used for 591 natConfLocalAddr." 592 ::= { natConfAddrMapEntry 5 } 594 natConfLocalAddrFrom OBJECT-TYPE 595 SYNTAX InetAddress (SIZE (0..20)) 596 MAX-ACCESS read-create 597 STATUS current 598 DESCRIPTION 599 "This object specifies the first IP address of the range 600 of IP addresses mapped by this translation entry." 601 ::= { natConfAddrMapEntry 6 } 603 natConfLocalAddrTo OBJECT-TYPE 604 SYNTAX InetAddress (SIZE (0..20)) 605 MAX-ACCESS read-create 606 STATUS current 607 DESCRIPTION 608 "This object specifies the last IP address of the range of 609 IP addresses mapped by this translation entry. If only 610 a single address being mapped, the value of this object 611 is equal to the value of natConfLocalAddrFrom. For a 612 static NAT, the number of addresses in the range defined 613 by natConfLocalAddrFrom and natConfLocalAddrTo should be 614 equal to the number of addresses in the range defined by 615 natConfGlobalAddrFrom and natConfGlobalAddrTo." 616 ::= { natConfAddrMapEntry 7 } 618 natConfLocalPortFrom OBJECT-TYPE 619 SYNTAX Integer32 (0..65535) 620 MAX-ACCESS read-create 621 STATUS current 622 DESCRIPTION 623 "If this conceptual row describes a Basic NAT address 624 mapping, then the value of this object is 0. If this 625 conceptual row describes NAPT, then the value of this 626 object specifies the first port number in the range of 627 ports being mapped. 629 If the translation specifies a single port, then 630 the value of this object is equal to the value of 631 natConfLocalPortTo." 632 ::= { natConfAddrMapEntry 8 } 634 natConfLocalPortTo OBJECT-TYPE 635 SYNTAX Integer32 (0..65535) 636 MAX-ACCESS read-create 637 STATUS current 638 DESCRIPTION 639 "If this conceptual row describes a Basic NAT address 640 mapping, then the value of this object is 0. If this 641 conceptual row describes NAPT, then the value of this 642 object specifies the last port number in the range of 643 ports being mapped. 645 If the translation specifies a single port, then the 646 value of this object is equal to the value of 647 natConfLocalPortFrom." 648 ::= { natConfAddrMapEntry 9 } 650 natConfGlobalAddrType OBJECT-TYPE 651 SYNTAX InetAddressType 652 MAX-ACCESS read-create 653 STATUS current 654 DESCRIPTION 655 "This object specifies the address type used for 656 natConfGlobalAddrFrom." 657 ::= { natConfAddrMapEntry 10 } 659 natConfGlobalAddrFrom OBJECT-TYPE 660 SYNTAX InetAddress (SIZE (0..20)) 661 MAX-ACCESS read-create 662 STATUS current 663 DESCRIPTION 664 "This object specifies the first IP address of the range of 665 IP addresses being mapped to." 666 ::= { natConfAddrMapEntry 11 } 668 natConfGlobalAddrTo OBJECT-TYPE 669 SYNTAX InetAddress (SIZE (0..20)) 670 MAX-ACCESS read-create 671 STATUS current 672 DESCRIPTION 673 "This object specifies the last IP address of the range of 674 IP addresses being mapped to. If only a single address is 675 being mapped to, the value of this object is equal to the 676 value of natConfGlobalAddrFrom. For a static NAT, the 677 number of addresses in the range defined by 678 natConfGlobalAddrFrom and natConfGlobalAddrTo should be 679 equal to the number of addresses in the range defined by 680 natConfLocalAddrFrom and natConfLocalAddrTo." 681 ::= { natConfAddrMapEntry 12 } 683 natConfGlobalPortFrom OBJECT-TYPE 684 SYNTAX Integer32 (0..65535) 685 MAX-ACCESS read-create 686 STATUS current 687 DESCRIPTION 688 "If this conceptual row describes a Basic NAT address 689 mapping, then the value of this object is 0. If this 690 conceptual row describes NAPT, then the value of this 691 object specifies the first port number in the range of 692 ports being mapped to. If the translation specifies a 693 single port, then the value of this object is equal to 694 the value natConfGlobalPortTo." 695 ::= { natConfAddrMapEntry 13 } 697 natConfGlobalPortTo OBJECT-TYPE 698 SYNTAX Integer32 (0..65535) 699 MAX-ACCESS read-create 700 STATUS current 701 DESCRIPTION 702 "If this conceptual row describes a Basic NAT address 703 mapping, then the value of this object is 0. If this 704 conceptual describes NAPT, then the value of this object 705 specifies the last port number in the range of ports 706 being to. If the translation specifies a single port, 707 then the value of this object is equal to the value of 708 natConfGlobalPortFrom." 709 ::= { natConfAddrMapEntry 14 } 711 natConfProtocol OBJECT-TYPE 712 SYNTAX BITS { 713 other (0), 714 icmp (1), 715 udp (2), 716 tcp (3) 717 } 718 MAX-ACCESS read-create 719 STATUS current 720 DESCRIPTION 721 "This object specifies a protocol identifier." 722 ::= { natConfAddrMapEntry 15 } 724 natConfAddrMapStorageType OBJECT-TYPE 725 SYNTAX StorageType 726 MAX-ACCESS read-create 727 STATUS current 728 DESCRIPTION 729 "The storage type for this conceptual row." 730 REFERENCE 731 "Textual Conventions for SMIv2, Section 2." 732 DEFVAL { nonVolatile } 733 ::= { natConfAddrMapEntry 16 } 735 natConfAddrMapStatus OBJECT-TYPE 736 SYNTAX RowStatus 737 MAX-ACCESS read-create 738 STATUS current 739 DESCRIPTION 740 "The status of this conceptual row." 741 ::= { natConfAddrMapEntry 17 } 743 -- 744 -- UDP related NAT configuration 745 -- 747 natConfUdpDefIdleTimeout OBJECT-TYPE 748 SYNTAX Integer32 (0..2147483647) 749 UNITS "seconds" 750 MAX-ACCESS read-write 751 STATUS current 752 DESCRIPTION 753 "The default UDP idle timeout parameter. This applies 754 to all NAT configuration unless overridden by a more 755 specific value in the natConfProtTable." 756 DEFVAL { 300 } 757 ::= { natConfig 3 } 759 -- 760 -- ICMP related NAT configuration 761 -- 763 natConfIcmpDefIdleTimeout OBJECT-TYPE 764 SYNTAX Integer32 (0..2147483647) 765 UNITS "seconds" 766 MAX-ACCESS read-write 767 STATUS current 768 DESCRIPTION 769 "The default ICMP idle timeout parameter. This applies to 770 all NAT configuration unless overridden by a more 771 specific value in the natConfProtTable." 772 DEFVAL { 300 } 773 ::= { natConfig 4 } 775 -- 776 -- Other protocol parameters 777 -- 779 natConfOtherDefIdleTimeout OBJECT-TYPE 780 SYNTAX Integer32 (0..2147483647) 781 UNITS "seconds" 782 MAX-ACCESS read-write 783 STATUS current 784 DESCRIPTION 785 "The default idle timeout parameter for protocols 786 represented by the value other (2) in NATProtocolType. 787 This applies to all NAT configuration unless overridden 788 by a more specific value in the natConfProtTable." 789 DEFVAL { 60 } 790 ::= { natConfig 5 } 791 -- 792 -- TCP related NAT configuration 793 -- 795 natConfTcpDefIdleTimeout OBJECT-TYPE 796 SYNTAX Integer32 (0..2147483647) 797 UNITS "seconds" 798 MAX-ACCESS read-write 799 STATUS current 800 DESCRIPTION 801 "The default TCP idle timeout parameter. This applies to 802 all NAT configuration unless overridden by a more 803 specific value in the natConfProtTable." 804 DEFVAL { 86400 } 805 ::= { natConfig 6 } 807 natConfTcpDefNegTimeout OBJECT-TYPE 808 SYNTAX Integer32 (0..2147483647) 809 UNITS "seconds" 810 MAX-ACCESS read-write 811 STATUS current 812 DESCRIPTION 813 "The default interval of time for which a TCP protocol 814 session, is allowed to remain valid without any 815 activity. This timeout value applies to a TCP session 816 during its establishment and termination phases. 817 This value is taken into account in the absence of a 818 more specific natConfTcpNegTimeout defined in the 819 natConfTcpTable." 820 DEFVAL { 60 } 821 ::= { natConfig 7 } 823 -- 824 -- NAT per protocol config table. 825 -- 827 natConfProtTable OBJECT-TYPE 828 SYNTAX SEQUENCE OF NatConfProtEntry 829 MAX-ACCESS not-accessible 830 STATUS current 831 DESCRIPTION 832 "This table holds pointers to protocol specific parameters 833 required by NAT." 834 ::= { natConfig 8 } 835 natConfProtEntry OBJECT-TYPE 836 SYNTAX NatConfProtEntry 837 MAX-ACCESS not-accessible 838 STATUS current 839 DESCRIPTION 840 "Each entry in natConfProtTable points to a protocol 841 specific table which holds parameters that are required 842 for NAT configuration." 843 INDEX { natConfProtName, natConfProtType } 844 ::= { natConfProtTable 1 } 846 NatConfProtEntry ::= SEQUENCE { 847 natConfProtName SnmpAdminString, 848 natConfProtType NATProtocolType, 849 natConfProtSpecName SnmpAdminString, 850 natConfProtIdleTimeout Integer32, 851 natConfProtRowStatus RowStatus 852 } 854 natConfProtName OBJECT-TYPE 855 SYNTAX SnmpAdminString (SIZE(0..32)) 856 MAX-ACCESS not-accessible 857 STATUS current 858 DESCRIPTION 859 "Name identifying a set of entries in this table that 860 point to protocol specific NAT configuration. The 861 combination of natConfProtName and natConfProtType 862 uniquely identifies an entry in this table." 863 ::= { natConfProtEntry 1 } 865 natConfProtType OBJECT-TYPE 866 SYNTAX NATProtocolType 867 MAX-ACCESS not-accessible 868 STATUS current 869 DESCRIPTION 870 "Identifies the protocol type. 871 natConfProtSpecName points to an entry in the protocol 872 specific table. For e.g. if natConfProtType is set to 873 'tcp', natConfProtSpecName points to an entry in the 874 natConfTcpTable." 875 ::= { natConfProtEntry 2 } 877 natConfProtSpecName OBJECT-TYPE 878 SYNTAX SnmpAdminString (SIZE(0..32)) 879 MAX-ACCESS read-create 880 STATUS current 881 DESCRIPTION 882 "Index of an entry in the protocol specific table 883 identified by natConfProtType." 884 ::= { natConfProtEntry 3 } 886 natConfProtIdleTimeout OBJECT-TYPE 887 SYNTAX Integer32 (0..2147483647) 888 UNITS "seconds" 889 MAX-ACCESS read-create 890 STATUS current 891 DESCRIPTION 892 "The interval of time for which the protocol session, 893 associated with the protocol represented by 894 natConfProtType, is allowed to remain valid without 895 any activity." 896 DEFVAL { 86400 } 897 ::= { natConfProtEntry 4 } 899 natConfProtRowStatus OBJECT-TYPE 900 SYNTAX RowStatus 901 MAX-ACCESS read-create 902 STATUS current 903 DESCRIPTION 904 "The status of this conceptual row." 905 ::= { natConfProtEntry 5 } 907 natConfTcpTable OBJECT-TYPE 908 SYNTAX SEQUENCE OF NatConfTcpEntry 909 MAX-ACCESS not-accessible 910 STATUS current 911 DESCRIPTION 912 "This table holds TCP related NAT configuration entries 913 which are pointed to by entries in the natConfProtTable 914 having a natConfProtSpecType of 'tcp'." 915 ::= { natConfig 9 } 917 natConfTcpEntry OBJECT-TYPE 918 SYNTAX NatConfTcpEntry 919 MAX-ACCESS not-accessible 920 STATUS current 921 DESCRIPTION 922 "Each entry contains TCP related NAT parameters. An entry 923 in this table is pointed to by an entry in the 924 natConfProtTable." 925 INDEX { natConfTcpName } 926 ::= { natConfTcpTable 1 } 928 NatConfTcpEntry ::= SEQUENCE { 929 natConfTcpName SnmpAdminString, 930 natConfTcpNegTimeout Integer32, 931 natConfTcpRowStatus RowStatus 932 } 933 natConfTcpName OBJECT-TYPE 934 SYNTAX SnmpAdminString (SIZE(0..32)) 935 MAX-ACCESS not-accessible 936 STATUS current 937 DESCRIPTION 938 "Uniquely identifies an entry in this table." 939 ::= { natConfTcpEntry 1 } 941 natConfTcpNegTimeout OBJECT-TYPE 942 SYNTAX Integer32 (0..2147483647) 943 UNITS "seconds" 944 MAX-ACCESS read-create 945 STATUS current 946 DESCRIPTION 947 "The interval of time for which a TCP protocol session, 948 associated with this configuration, is allowed to remain 949 valid without any activity. This timeout value applies 950 to a TCP session during its establishment and termination 951 phases." 952 DEFVAL { 60 } -- 1 minute 953 ::= { natConfTcpEntry 2 } 955 natConfTcpRowStatus OBJECT-TYPE 956 SYNTAX RowStatus 957 MAX-ACCESS read-create 958 STATUS current 959 DESCRIPTION 960 "The status of this conceptual row." 961 ::= { natConfTcpEntry 3 } 963 -- 964 -- Notification thresholds 965 -- 967 natConfAddressRiseThreshold OBJECT-TYPE 968 SYNTAX Unsigned32 (0..100) 969 UNITS "percentage" 970 MAX-ACCESS read-write 971 STATUS current 972 DESCRIPTION 973 "This objects represents the rising threshold value for 974 generation of the natAddressUseRising notification. A 975 notification is generated whenever the usage percentage 976 of the address map is equal to or greater than 977 natConfAddressRiseThreshold. 979 Notifications should not be generated when the value of 980 this object is 0." 981 DEFVAL { 0 } 982 ::= { natConfig 10 } 984 natConfAddressFallThreshold OBJECT-TYPE 985 SYNTAX Unsigned32 (0..100) 986 UNITS "percentage" 987 MAX-ACCESS read-write 988 STATUS current 989 DESCRIPTION 990 "This object represents the falling threshold value for 991 generation of the natAddressUseRising notification. 992 This object only represents the lower end of the 993 hysteresis curve, and notifications are not generated 994 when this threshold is crossed." 995 DEFVAL { 0 } 996 ::= { natConfig 11 } 998 -- 999 -- The Translation Group 1000 -- 1002 -- 1003 -- Address Bind section 1004 -- 1006 natAddrBindNumberOfEntries OBJECT-TYPE 1007 SYNTAX Gauge32 1008 MAX-ACCESS read-only 1009 STATUS current 1010 DESCRIPTION 1011 "This object maintains a count of the number of entries 1012 that currently exist in the natAddrBindTable." 1013 ::= { natTranslation 1 } 1015 -- 1016 -- The NAT Address BIND Table 1017 -- 1019 natAddrBindTable OBJECT-TYPE 1020 SYNTAX SEQUENCE OF NatAddrBindEntry 1021 MAX-ACCESS not-accessible 1022 STATUS current 1023 DESCRIPTION 1024 "This table holds information about the currently 1025 active NAT BINDs. This table only holds information 1026 regarding the active address BINDs." 1027 ::= { natTranslation 2 } 1029 natAddrBindEntry OBJECT-TYPE 1030 SYNTAX NatAddrBindEntry 1031 MAX-ACCESS not-accessible 1032 STATUS current 1033 DESCRIPTION 1034 "Each entry in this table holds information about 1035 an active address BIND." 1037 INDEX { natAddrBindLocalAddrType, natAddrBindLocalAddr } 1038 ::= { natAddrBindTable 1 } 1040 NatAddrBindEntry ::= SEQUENCE { 1041 natAddrBindLocalAddrType InetAddressType, 1042 natAddrBindLocalAddr InetAddress, 1043 natAddrBindGlobalAddrType InetAddressType, 1044 natAddrBindGlobalAddr InetAddress, 1045 natAddrBindId Unsigned32, 1046 natAddrBindDirection INTEGER, 1047 natAddrBindType INTEGER, 1048 natAddrBindAddrMapName SnmpAdminString, 1049 natAddrBindSessionCount Gauge32, 1050 natAddrBindCurrentIdleTime TimeTicks, 1051 natAddrBindInTranslate Counter32, 1052 natAddrBindOutTranslate Counter32, 1053 natAddrBindStatus RowStatus 1054 } 1056 natAddrBindLocalAddrType OBJECT-TYPE 1057 SYNTAX InetAddressType 1058 MAX-ACCESS not-accessible 1059 STATUS current 1060 DESCRIPTION 1061 "This object specifies the address type used for 1062 natAddrBindLocalAddr." 1063 ::= { natAddrBindEntry 1 } 1065 natAddrBindLocalAddr OBJECT-TYPE 1066 SYNTAX InetAddress (SIZE (0..20)) 1067 MAX-ACCESS not-accessible 1068 STATUS current 1069 DESCRIPTION 1070 "This object represents the private-realm specific network 1071 layer address, which maps to the public-realm address 1072 represented by natAddrBindGlobalAddr." 1073 ::= { natAddrBindEntry 2 } 1075 natAddrBindGlobalAddrType OBJECT-TYPE 1076 SYNTAX InetAddressType 1077 MAX-ACCESS read-create 1078 STATUS current 1079 DESCRIPTION 1080 "This object specifies the address type used for 1081 natAddrBindGlobalAddr." 1082 ::= { natAddrBindEntry 3 } 1084 natAddrBindGlobalAddr OBJECT-TYPE 1085 SYNTAX InetAddress (SIZE (0..20)) 1086 MAX-ACCESS read-create 1087 STATUS current 1088 DESCRIPTION 1089 "This object represents the public-realm network layer 1090 address that maps to the private-realm network layer 1091 address represented by natAddrBindLocalAddr." 1092 ::= { natAddrBindEntry 4 } 1094 natAddrBindId OBJECT-TYPE 1095 SYNTAX Unsigned32 1096 MAX-ACCESS read-only 1097 STATUS current 1098 DESCRIPTION 1099 "This object represents a BIND id that is dynamically 1100 assigned to each BIND by a NAT enabled device. Each 1101 BIND is represented by a BIND id that is 1102 unique across both, the Address bind and the 1103 Address-Port bind tables." 1104 ::= { natAddrBindEntry 5 } 1106 natAddrBindDirection OBJECT-TYPE 1107 SYNTAX INTEGER { 1108 uniDirectional (1), 1109 biDirectional (2) 1110 } 1111 MAX-ACCESS read-create 1112 STATUS current 1113 DESCRIPTION 1114 "This object represents the direction of the BIND. 1115 A BIND may be either uni-directional or bi-directional, 1116 same as the orientation of the address map, based on 1117 which this bind is formed." 1118 ::= { natAddrBindEntry 6 } 1120 natAddrBindType OBJECT-TYPE 1121 SYNTAX INTEGER { 1122 static (1), 1123 dynamic (2) 1124 } 1125 MAX-ACCESS read-create 1126 STATUS current 1127 DESCRIPTION 1128 "This object indicates whether the BIND is static or 1129 dynamic." 1130 ::= { natAddrBindEntry 7 } 1132 natAddrBindAddrMapName OBJECT-TYPE 1133 SYNTAX SnmpAdminString (SIZE(1..32)) 1134 MAX-ACCESS read-create 1135 STATUS current 1136 DESCRIPTION 1137 "This object is a pointer to the natConfAddrMapTable entry 1138 (and the parameters of that entry) which was used in 1139 creating this BIND. If the bind is being created by the 1140 Management Station, then it should set the value for this 1141 object to an existing addrMapName. An attempt to set this 1142 object to a nonExistent addrMapName will result in 1143 badValue error." 1144 ::= { natAddrBindEntry 8 } 1146 natAddrBindSessionCount OBJECT-TYPE 1147 SYNTAX Gauge32 1148 MAX-ACCESS read-only 1149 STATUS current 1150 DESCRIPTION 1151 "Number of sessions currently using this BIND." 1152 ::= { natAddrBindEntry 9 } 1154 natAddrBindCurrentIdleTime OBJECT-TYPE 1155 SYNTAX TimeTicks 1156 MAX-ACCESS read-only 1157 STATUS current 1158 DESCRIPTION 1159 "At any given instance of time, this object indicates the 1160 time that this BIND has been idle with no sessions 1161 attached to it. 1163 The value of this object is of relevance only for 1164 dynamic NAT." 1165 ::= { natAddrBindEntry 10 } 1167 natAddrBindInTranslate OBJECT-TYPE 1168 SYNTAX Counter32 1169 MAX-ACCESS read-only 1170 STATUS current 1171 DESCRIPTION 1172 "The number of inbound packets that were successfully 1173 translated using this BIND entry." 1174 ::= { natAddrBindEntry 11 } 1176 natAddrBindOutTranslate OBJECT-TYPE 1177 SYNTAX Counter32 1178 MAX-ACCESS read-only 1179 STATUS current 1180 DESCRIPTION 1181 "The number of outbound packets that were successfully 1182 translated using this BIND entry." 1183 ::= { natAddrBindEntry 12 } 1185 natAddrBindStatus OBJECT-TYPE 1186 SYNTAX RowStatus 1187 MAX-ACCESS read-create 1188 STATUS current 1189 DESCRIPTION 1190 "The status of this conceptual row." 1191 ::= { natAddrBindEntry 13 } 1193 -- 1194 -- Address-Port Bind section 1195 -- 1197 natAddrPortBindNumberOfEntries OBJECT-TYPE 1198 SYNTAX Gauge32 1199 MAX-ACCESS read-only 1200 STATUS current 1201 DESCRIPTION 1202 "This object maintains a count of the number of entries 1203 that currently exist in the natAddrPortBindTable." 1204 ::= { natTranslation 3 } 1206 -- 1207 -- The NAT Address-Port BIND Table 1208 -- 1210 natAddrPortBindTable OBJECT-TYPE 1211 SYNTAX SEQUENCE OF NatAddrPortBindEntry 1212 MAX-ACCESS not-accessible 1213 STATUS current 1214 DESCRIPTION 1215 "This table holds information about the currently 1216 active NAPT BINDs." 1217 ::= { natTranslation 4 } 1219 natAddrPortBindEntry OBJECT-TYPE 1220 SYNTAX NatAddrPortBindEntry 1221 MAX-ACCESS not-accessible 1222 STATUS current 1223 DESCRIPTION 1224 "Each entry in the this table holds information 1225 about a NAPT BIND that is currently active." 1226 INDEX { natAddrPortBindLocalAddrType, natAddrPortBindLocalAddr, 1227 natAddrPortBindLocalPort, natAddrPortBindProtocol } 1228 ::= { natAddrPortBindTable 1 } 1229 NatAddrPortBindEntry ::= SEQUENCE { 1230 natAddrPortBindLocalAddrType InetAddressType, 1231 natAddrPortBindLocalAddr InetAddress, 1232 natAddrPortBindLocalPort Integer32, 1233 natAddrPortBindProtocol NATProtocolType, 1234 natAddrPortBindGlobalAddrType InetAddressType, 1235 natAddrPortBindGlobalAddr InetAddress, 1236 natAddrPortBindGlobalPort Integer32, 1237 natAddrPortBindId Unsigned32, 1238 natAddrPortBindDirection INTEGER, 1239 natAddrPortBindType INTEGER, 1240 natAddrPortBindAddrMapName SnmpAdminString, 1241 natAddrPortBindSessionCount Gauge32, 1242 natAddrPortBindCurrentIdleTime TimeTicks, 1243 natAddrPortBindInTranslate Counter32, 1244 natAddrPortBindOutTranslate Counter32, 1245 natAddrPortBindStatus RowStatus 1246 } 1248 natAddrPortBindLocalAddrType OBJECT-TYPE 1249 SYNTAX InetAddressType 1250 MAX-ACCESS not-accessible 1251 STATUS current 1252 DESCRIPTION 1253 "This object specifies the address type used for 1254 natAddrPortBindLocalAddr." 1255 ::= { natAddrPortBindEntry 1 } 1257 natAddrPortBindLocalAddr OBJECT-TYPE 1258 SYNTAX InetAddress (SIZE (0..20)) 1259 MAX-ACCESS not-accessible 1260 STATUS current 1261 DESCRIPTION 1262 "This object represents the private-realm specific network 1263 layer address which, in conjunction with 1264 natAddrPortBindLocalPort, maps to the public-realm 1265 network layer address and transport id represented by 1266 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort 1267 respectively." 1268 ::= { natAddrPortBindEntry 2 } 1270 natAddrPortBindLocalPort OBJECT-TYPE 1271 SYNTAX Integer32(0..65535) 1272 MAX-ACCESS not-accessible 1273 STATUS current 1274 DESCRIPTION 1275 "This object represents the private-realm specific port 1276 number (or query ID in case of ICMP messages) which, in 1277 conjunction with natAddrPortBindLocalAddr, maps to the 1278 public-realm network layer address and transport id 1279 represented by natAddrPortBindGlobalAddr and 1280 natAddrPortBindGlobalPort respectively." 1282 ::= { natAddrPortBindEntry 3 } 1284 natAddrPortBindProtocol OBJECT-TYPE 1285 SYNTAX NATProtocolType 1286 MAX-ACCESS not-accessible 1287 STATUS current 1288 DESCRIPTION 1289 "This object specifies a protocol identifier. If the 1290 value of this object is none(1), then this BIND entry 1291 applies to all IP traffic. Any other value of this object 1292 specifies the class of IP traffic to which this BIND 1293 applies." 1294 ::= { natAddrPortBindEntry 4 } 1296 natAddrPortBindGlobalAddrType OBJECT-TYPE 1297 SYNTAX InetAddressType 1298 MAX-ACCESS read-create 1299 STATUS current 1300 DESCRIPTION 1301 "This object specifies the address type used for 1302 natAddrPortBindGlobalAddr." 1303 ::= { natAddrPortBindEntry 5 } 1305 natAddrPortBindGlobalAddr OBJECT-TYPE 1306 SYNTAX InetAddress (SIZE (0..20)) 1307 MAX-ACCESS read-create 1308 STATUS current 1309 DESCRIPTION 1310 "This object represents the public-realm specific network 1311 layer address that, in conjunction with 1312 natAddrPortBindGlobalPort, maps to the private-realm 1313 network layer address and transport id represented by 1314 natAddrPortBindLocalAddr and natAddrPortBindLocalPort 1315 respectively." 1316 ::= { natAddrPortBindEntry 6 } 1318 natAddrPortBindGlobalPort OBJECT-TYPE 1319 SYNTAX Integer32(0..65535) 1320 MAX-ACCESS read-create 1321 STATUS current 1322 DESCRIPTION 1323 "This object represents the port number (or query id in 1324 case of ICMP) that, in conjunction with 1325 natAddrPortBindGlobalAddr, maps to the private-realm 1326 network layer address and transport id represented by 1327 natAddrPortBindLocalAddr and natAddrPortBindLocalPort 1328 respectively." 1329 ::= { natAddrPortBindEntry 7 } 1331 natAddrPortBindId OBJECT-TYPE 1332 SYNTAX Unsigned32 1333 MAX-ACCESS read-only 1334 STATUS current 1335 DESCRIPTION 1336 "This object represents a BIND id that is dynamically 1337 assigned to each BIND by a NAT enabled device. Each 1338 BIND is represented by a unique BIND id across both, 1339 the Address Bind and Address-Port Bind tables." 1340 ::= { natAddrPortBindEntry 8 } 1342 natAddrPortBindDirection OBJECT-TYPE 1343 SYNTAX INTEGER { 1344 uniDirectional (1), 1345 biDirectional (2) 1346 } 1347 MAX-ACCESS read-create 1348 STATUS current 1349 DESCRIPTION 1350 "This object represents the direction of the BIND. A 1351 BIND may be either uni-directional or bi-directional, 1352 same as the orientation of the address map, based on 1353 which this bind is formed." 1354 ::= { natAddrPortBindEntry 9 } 1356 natAddrPortBindType OBJECT-TYPE 1357 SYNTAX INTEGER { 1358 static (1), 1359 dynamic (2) 1360 } 1361 MAX-ACCESS read-create 1362 STATUS current 1363 DESCRIPTION 1364 "This object indicates whether the BIND is static or 1365 dynamic." 1366 ::= { natAddrPortBindEntry 10 } 1368 natAddrPortBindAddrMapName OBJECT-TYPE 1369 SYNTAX SnmpAdminString 1370 MAX-ACCESS read-create 1371 STATUS current 1372 DESCRIPTION 1373 "This object is a pointer to the NatConfAddrMapEntry entry 1374 (and the parameters of that entry) which was used in 1375 creating this BIND. If the bind is being created by the 1376 Management Station, then it should set the value for 1377 this object as well. An attempt to set this object to a 1378 nonExistent addrMapName will result in badValue error." 1379 ::= { natAddrPortBindEntry 11 } 1381 natAddrPortBindSessionCount OBJECT-TYPE 1382 SYNTAX Gauge32 1383 MAX-ACCESS read-only 1384 STATUS current 1385 DESCRIPTION 1386 "Number of sessions currently using this BIND." 1387 ::= { natAddrPortBindEntry 12 } 1389 natAddrPortBindCurrentIdleTime OBJECT-TYPE 1390 SYNTAX TimeTicks 1391 MAX-ACCESS read-only 1392 STATUS current 1393 DESCRIPTION 1394 "At any given instance of time, this object indicates the 1395 time that this BIND has been idle with no sessions 1396 attached to it. The value of this object is of relevance 1397 only for dynamic NAT." 1398 ::= { natAddrPortBindEntry 13 } 1400 natAddrPortBindInTranslate OBJECT-TYPE 1401 SYNTAX Counter32 1402 MAX-ACCESS read-only 1403 STATUS current 1404 DESCRIPTION 1405 "The number of inbound packets that were translated as per 1406 this BIND entry." 1407 ::= { natAddrPortBindEntry 14 } 1409 natAddrPortBindOutTranslate OBJECT-TYPE 1410 SYNTAX Counter32 1411 MAX-ACCESS read-only 1412 STATUS current 1413 DESCRIPTION 1414 "The number of outbound packets that were translated as per 1415 this BIND entry." 1416 ::= { natAddrPortBindEntry 15 } 1418 natAddrPortBindStatus OBJECT-TYPE 1419 SYNTAX RowStatus 1420 MAX-ACCESS read-create 1421 STATUS current 1422 DESCRIPTION 1423 "The status of this conceptual row." 1424 ::= { natAddrPortBindEntry 16 } 1426 -- 1427 -- The Session Table 1428 -- 1430 natSessionTable OBJECT-TYPE 1431 SYNTAX SEQUENCE OF NatSessionEntry 1432 MAX-ACCESS not-accessible 1433 STATUS current 1434 DESCRIPTION 1435 "The (conceptual) table containing one entry for each 1436 NAT session currently active on this NAT device." 1437 ::= { natTranslation 5 } 1439 natSessionEntry OBJECT-TYPE 1440 SYNTAX NatSessionEntry 1441 MAX-ACCESS not-accessible 1442 STATUS current 1443 DESCRIPTION 1444 "An entry (conceptual row) containing information 1445 about an active NAT session on this NAT device." 1446 INDEX { natSessionBindId, natSessionId } 1447 ::= { natSessionTable 1 } 1449 NatSessionEntry ::= SEQUENCE { 1450 natSessionBindId Unsigned32, 1451 natSessionId Unsigned32, 1452 natSessionDirection INTEGER, 1453 natSessionUpTime TimeTicks, 1454 natSessionProtocolType NATProtocolType, 1455 natSessionOrigPrivateAddrType InetAddressType, 1456 natSessionOrigPrivateAddr InetAddress, 1457 natSessionTransPrivateAddrType InetAddressType, 1458 natSessionTransPrivateAddr InetAddress, 1459 natSessionOrigPrivatePort Integer32, 1460 natSessionTransPrivatePort Integer32, 1461 natSessionOrigPublicAddrType InetAddressType, 1462 natSessionOrigPublicAddr InetAddress, 1463 natSessionTransPublicAddrType InetAddressType, 1464 natSessionTransPublicAddr InetAddress, 1465 natSessionOrigPublicPort Integer32, 1466 natSessionTransPublicPort Integer32, 1467 natSessionCurrentIdletime TimeTicks, 1468 natSessionSecondBindId Unsigned32, 1469 natSessionInTranslate Counter32, 1470 natSessionOutTranslate Counter32, 1471 natSessionStatus RowStatus 1472 } 1473 natSessionBindId OBJECT-TYPE 1474 SYNTAX Unsigned32 1475 MAX-ACCESS not-accessible 1476 STATUS current 1477 DESCRIPTION 1478 "This object represents a BIND id that is dynamically 1479 assigned to each BIND by a NAT enabled device. This 1480 bind id is that same as represented by the BindId 1481 objects in the Address bind and Address-Port bind 1482 tables." 1483 ::= { natSessionEntry 1 } 1485 natSessionId OBJECT-TYPE 1486 SYNTAX Unsigned32 1487 MAX-ACCESS not-accessible 1488 STATUS current 1489 DESCRIPTION 1490 "The session ID for this NAT session." 1491 ::= { natSessionEntry 2 } 1493 natSessionDirection OBJECT-TYPE 1494 SYNTAX INTEGER { 1495 inbound (1), 1496 outbound (2) 1497 } 1498 MAX-ACCESS read-create 1499 STATUS current 1500 DESCRIPTION 1501 "The direction of this session with respect to the 1502 local network. 'inbound' indicates that this session 1503 was initiated from the public network into the private 1504 network. 'outbound' indicates that this session was 1505 initiated from the private network into the public 1506 network." 1507 ::= { natSessionEntry 3 } 1509 natSessionUpTime OBJECT-TYPE 1510 SYNTAX TimeTicks 1511 MAX-ACCESS read-only 1512 STATUS current 1513 DESCRIPTION 1514 "The up time of this session in one-hundredths of a 1515 second." 1516 ::= { natSessionEntry 4 } 1518 natSessionProtocolType OBJECT-TYPE 1519 SYNTAX NATProtocolType 1520 MAX-ACCESS read-create 1521 STATUS current 1522 DESCRIPTION 1523 "The protocol type of this session. 1525 TCP and UDP sessions are uniquely identified by the 1526 tuple of (source IP address, source TCP/UDP port, 1527 destination IP address, destination TCP/UDP port). 1528 ICMP query sessions are identified by the tuple of 1529 (source IP address, ICMP query ID, destination IP 1530 address)." 1531 ::= { natSessionEntry 5 } 1533 natSessionOrigPrivateAddrType OBJECT-TYPE 1534 SYNTAX InetAddressType 1535 MAX-ACCESS read-create 1536 STATUS current 1537 DESCRIPTION 1538 "This object specifies the address type used for 1539 natSessionOrigPrivateAddr." 1540 ::= { natSessionEntry 6 } 1542 natSessionOrigPrivateAddr OBJECT-TYPE 1543 SYNTAX InetAddress (SIZE (0..20)) 1544 MAX-ACCESS read-create 1545 STATUS current 1546 DESCRIPTION 1547 "The original IP address of the session endpoint that 1548 lies in the private network." 1549 ::= { natSessionEntry 7 } 1551 natSessionTransPrivateAddrType OBJECT-TYPE 1552 SYNTAX InetAddressType 1553 MAX-ACCESS read-create 1554 STATUS current 1555 DESCRIPTION 1556 "This object specifies the address type used for 1557 natSessionTransPrivateAddr." 1558 ::= { natSessionEntry 8 } 1560 natSessionTransPrivateAddr OBJECT-TYPE 1561 SYNTAX InetAddress (SIZE (0..20)) 1562 MAX-ACCESS read-create 1563 STATUS current 1564 DESCRIPTION 1565 "The translated IP address of the session endpoint that 1566 lies in the private network. The value of this object 1567 is equal to that of the original private IP Address 1568 (natSessionOrigPrivateAddr) when there is no 1569 translation." 1571 ::= { natSessionEntry 9 } 1573 natSessionOrigPrivatePort OBJECT-TYPE 1574 SYNTAX Integer32 (0..65535) 1575 MAX-ACCESS read-create 1576 STATUS current 1577 DESCRIPTION 1578 "The original transport port of the session endpoint that 1579 belongs to the private network. If this is an ICMP 1580 session then the value is the ICMP request ID. The value 1581 of this object should be 0 when ports are not involved 1582 in the translation." 1583 ::= { natSessionEntry 10 } 1585 natSessionTransPrivatePort OBJECT-TYPE 1586 SYNTAX Integer32 (0..65535) 1587 MAX-ACCESS read-create 1588 STATUS current 1589 DESCRIPTION 1590 "The translated transport port of the session that lies in 1591 the private network.The value of this object is equal to 1592 that of the original transport port 1593 (natSessionOrigPrivatePort) when there is no 1594 translation." 1595 ::= { natSessionEntry 11 } 1597 natSessionOrigPublicAddrType OBJECT-TYPE 1598 SYNTAX InetAddressType 1599 MAX-ACCESS read-create 1600 STATUS current 1601 DESCRIPTION 1602 "This object specifies the address type used for 1603 natSessionOrigPublicAddr." 1604 ::= { natSessionEntry 12 } 1606 natSessionOrigPublicAddr OBJECT-TYPE 1607 SYNTAX InetAddress (SIZE (0..20)) 1608 MAX-ACCESS read-create 1609 STATUS current 1610 DESCRIPTION 1611 "The original IP address of the session endpoint that lies 1612 in the public network." 1613 ::= { natSessionEntry 13 } 1615 natSessionTransPublicAddrType OBJECT-TYPE 1616 SYNTAX InetAddressType 1617 MAX-ACCESS read-create 1618 STATUS current 1619 DESCRIPTION 1620 "This object specifies the address type used for 1621 natSessionTransPublicAddr." 1622 ::= { natSessionEntry 14 } 1624 natSessionTransPublicAddr OBJECT-TYPE 1625 SYNTAX InetAddress (SIZE (0..20)) 1626 MAX-ACCESS read-create 1627 STATUS current 1628 DESCRIPTION 1629 "The translated IP address of the session endpoint that 1630 belongs to the public network. The value of this object 1631 is equal to that of the original public IP Address 1632 (natSessionOrigPublicAddr) when there is no 1633 translation." 1634 ::= { natSessionEntry 15 } 1636 natSessionOrigPublicPort OBJECT-TYPE 1637 SYNTAX Integer32 (0..65535) 1638 MAX-ACCESS read-create 1639 STATUS current 1640 DESCRIPTION 1641 "The original transport port of the session endpoint that 1642 belongs to the public network. If this is an ICMP 1643 session then the value contains the ICMP request ID. 1644 The value of this object should be 0 when ports are 1645 not involved in the translation." 1646 ::= { natSessionEntry 16 } 1648 natSessionTransPublicPort OBJECT-TYPE 1649 SYNTAX Integer32 (0..65535) 1650 MAX-ACCESS read-create 1651 STATUS current 1652 DESCRIPTION 1653 "The translated transport port of the session endpoint 1654 that belongs to the public network. The value of this 1655 object is equal to that of the original transport port 1656 (natSessionOrigPublicPort) when there is no 1657 translation." 1658 ::= { natSessionEntry 17 } 1660 natSessionCurrentIdletime OBJECT-TYPE 1661 SYNTAX TimeTicks 1662 MAX-ACCESS read-only 1663 STATUS current 1664 DESCRIPTION 1665 "The time in one-hundredths of a second since a packet 1666 belonging to this session was last detected." 1667 ::= { natSessionEntry 18 } 1669 natSessionSecondBindId OBJECT-TYPE 1670 SYNTAX Unsigned32 1671 MAX-ACCESS read-create 1672 STATUS current 1673 DESCRIPTION 1674 "The natBindId of the 'other' NAT binding incase of Twice 1675 NAT. 1677 An instance of this object contains a valid value 1678 only if the binding type for this session is TwiceNAT." 1679 ::= { natSessionEntry 19 } 1681 natSessionInTranslate OBJECT-TYPE 1682 SYNTAX Counter32 1683 MAX-ACCESS read-only 1684 STATUS current 1685 DESCRIPTION 1686 "The number of inbound packets that were translated for 1687 this session." 1688 ::= { natSessionEntry 20 } 1690 natSessionOutTranslate OBJECT-TYPE 1691 SYNTAX Counter32 1692 MAX-ACCESS read-only 1693 STATUS current 1694 DESCRIPTION 1695 "The number of outbound packets that were translated for 1696 this session." 1697 ::= { natSessionEntry 21 } 1699 natSessionStatus OBJECT-TYPE 1700 SYNTAX RowStatus 1701 MAX-ACCESS read-create 1702 STATUS current 1703 DESCRIPTION 1704 "The status of this conceptual row." 1705 ::= { natSessionEntry 22 } 1707 -- 1708 -- natStatistics Group 1709 -- 1711 -- 1712 -- The Protocol Stats table 1713 -- 1714 natProtocolStatsTable OBJECT-TYPE 1715 SYNTAX SEQUENCE OF NatProtocolStatsEntry 1716 MAX-ACCESS not-accessible 1717 STATUS current 1718 DESCRIPTION 1719 "The (conceptual) table containing per protocol NAT 1720 statistics." 1721 ::= { natStatistics 1 } 1723 natProtocolStatsEntry OBJECT-TYPE 1724 SYNTAX NatProtocolStatsEntry 1725 MAX-ACCESS not-accessible 1726 STATUS current 1727 DESCRIPTION 1728 "An entry (conceptual row) containing NAT statistics 1729 pertaining to a particular protocol." 1730 INDEX { natProtocolStatsName } 1731 ::= { natProtocolStatsTable 1 } 1733 NatProtocolStatsEntry ::= SEQUENCE { 1734 natProtocolStatsName NATProtocolType, 1735 natProtocolStatsInTranslate Counter32, 1736 natProtocolStatsOutTranslate Counter32, 1737 natProtocolStatsRejectCount Counter32 1738 } 1740 natProtocolStatsName OBJECT-TYPE 1741 SYNTAX NATProtocolType 1742 MAX-ACCESS not-accessible 1743 STATUS current 1744 DESCRIPTION 1745 "This object represents the protocol pertaining to which 1746 statistics are reported." 1747 ::= { natProtocolStatsEntry 1 } 1749 natProtocolStatsInTranslate OBJECT-TYPE 1750 SYNTAX Counter32 1751 MAX-ACCESS read-only 1752 STATUS current 1753 DESCRIPTION 1754 "The number of inbound packets, pertaining to the protocol 1755 identified by natProtocolStatsName, that underwent NAT." 1756 ::= { natProtocolStatsEntry 2 } 1758 natProtocolStatsOutTranslate OBJECT-TYPE 1759 SYNTAX Counter32 1760 MAX-ACCESS read-only 1761 STATUS current 1762 DESCRIPTION 1763 "The number of outbound packets, pertaining to the protocol 1764 identified by natProtocolStatsName, that underwent NAT." 1765 ::= { natProtocolStatsEntry 3 } 1767 natProtocolStatsRejectCount OBJECT-TYPE 1768 SYNTAX Counter32 1769 MAX-ACCESS read-only 1770 STATUS current 1771 DESCRIPTION 1772 "The number of packets, pertaining to the protocol 1773 identified by natProtocolStatsName, that had to be 1774 rejected/dropped due to lack of resources. These 1775 rejections could be due to session timeout, resource 1776 unavailability, lack of address space etc." 1777 ::= { natProtocolStatsEntry 4 } 1779 -- 1780 -- The Address Map Stats table 1781 -- 1783 natAddrMapStatsTable OBJECT-TYPE 1784 SYNTAX SEQUENCE OF NatAddrMapStatsEntry 1785 MAX-ACCESS not-accessible 1786 STATUS current 1787 DESCRIPTION 1788 "The (conceptual) table containing per address map NAT 1789 statistics." 1790 ::= { natStatistics 2 } 1792 natAddrMapStatsEntry OBJECT-TYPE 1793 SYNTAX NatAddrMapStatsEntry 1794 MAX-ACCESS not-accessible 1795 STATUS current 1796 DESCRIPTION 1797 "An entry (conceptual row) containing NAT statistics per 1798 address map." 1799 AUGMENTS { natConfAddrMapEntry } 1800 ::= { natAddrMapStatsTable 1 } 1802 NatAddrMapStatsEntry ::= SEQUENCE { 1803 natAddrMapStatsInTranslate Counter32, 1804 natAddrMapStatsOutTranslate Counter32, 1805 natAddrMapStatsNoResource Counter32, 1806 natAddrMapStatsAddrUsed Gauge32 1807 } 1809 natAddrMapStatsInTranslate OBJECT-TYPE 1810 SYNTAX Counter32 1811 MAX-ACCESS read-only 1812 STATUS current 1813 DESCRIPTION 1814 "The number of inbound packets, pertaining to this address 1815 map entry, that were translated." 1816 ::= { natAddrMapStatsEntry 3 } 1818 natAddrMapStatsOutTranslate OBJECT-TYPE 1819 SYNTAX Counter32 1820 MAX-ACCESS read-only 1821 STATUS current 1822 DESCRIPTION 1823 "The number of outbound packets, pertaining to this 1824 address map entry, that were translated." 1825 ::= { natAddrMapStatsEntry 4 } 1827 natAddrMapStatsNoResource OBJECT-TYPE 1828 SYNTAX Counter32 1829 MAX-ACCESS read-only 1830 STATUS current 1831 DESCRIPTION 1832 "The number of packets, pertaining to this address map 1833 entry, that were dropped due to lack of addresses in the 1834 address pool identified by this address map. The value of 1835 this object must always be zero in case of static 1836 address map." 1837 ::= { natAddrMapStatsEntry 5 } 1839 natAddrMapStatsAddrUsed OBJECT-TYPE 1840 SYNTAX Gauge32 1841 MAX-ACCESS read-only 1842 STATUS current 1843 DESCRIPTION 1844 "The number of addresses, pertaining to this address map, 1845 that are currently being used from the nat pool. The 1846 value of this object is irrelevant if the address map in 1847 question is a static address map." 1848 ::= { natAddrMapStatsEntry 6 } 1850 -- 1851 -- The Interface Stats table 1852 -- 1854 natInterfaceStatsTable OBJECT-TYPE 1855 SYNTAX SEQUENCE OF NatInterfaceStatsEntry 1856 MAX-ACCESS not-accessible 1857 STATUS current 1858 DESCRIPTION 1859 "This table provides statistics information per 1860 interface." 1861 ::= { natStatistics 3 } 1863 natInterfaceStatsEntry OBJECT-TYPE 1864 SYNTAX NatInterfaceStatsEntry 1865 MAX-ACCESS not-accessible 1866 STATUS current 1867 DESCRIPTION 1868 "Each entry of the natInterfaceStatsTable represents stats 1869 pertaining to one interface, which is identified by its 1870 ifIndex." 1871 AUGMENTS { natConfEntry } 1872 ::= { natInterfaceStatsTable 1 } 1874 NatInterfaceStatsEntry ::= SEQUENCE { 1875 natInterfacePktsIn Counter32, 1876 natInterfacePktsOut Counter32 1877 } 1879 natInterfacePktsIn OBJECT-TYPE 1880 SYNTAX Counter32 1881 MAX-ACCESS read-only 1882 STATUS current 1883 DESCRIPTION 1884 "Number of packets received on this interface that 1885 were translated." 1886 ::= { natInterfaceStatsEntry 1 } 1888 natInterfacePktsOut OBJECT-TYPE 1889 SYNTAX Counter32 1890 MAX-ACCESS read-only 1891 STATUS current 1892 DESCRIPTION 1893 "Number of translated packets that were sent out this 1894 interface." 1895 ::= { natInterfaceStatsEntry 2 } 1897 -- 1898 -- Notifications section 1899 -- 1901 natNotificationPrefix OBJECT IDENTIFIER ::= { natMIB 2 } 1902 natNotifications OBJECT IDENTIFIER ::= 1903 { natNotificationPrefix 0 } 1905 -- 1906 -- Notification objects i.e. objects accessible only for notification 1907 -- purpose. 1908 -- 1910 natNotificationObjects OBJECT IDENTIFIER ::= 1911 { natNotificationPrefix 1 } 1913 natAddrMapName OBJECT-TYPE 1914 SYNTAX SnmpAdminString 1915 MAX-ACCESS accessible-for-notify 1916 STATUS current 1917 DESCRIPTION 1918 "This object represent the address map corresponding to 1919 which the addresses/ports have been exhausted, thereby 1920 resulting in a natPacketDiscard notification." 1921 ::= { natNotificationObjects 1 } 1923 natPktDiscardReason OBJECT-TYPE 1924 SYNTAX INTEGER { 1925 other (1), 1926 addressSpaceExhausted (2) 1927 } 1928 MAX-ACCESS accessible-for-notify 1929 STATUS current 1930 DESCRIPTION 1931 "This object represents the reason for which a packet is 1932 discarded by NAT. 1934 addressSpaceExhausted (2) represents a situation wherein 1935 the address space required to do this mapping has been 1936 exhausted (used up by other translations). 1938 other (1) represents a case where the packet was 1939 discarded due to any other reasons." 1940 ::= { natNotificationObjects 2 } 1942 -- 1943 -- Notifications 1944 -- 1946 natAddressUseRising NOTIFICATION-TYPE 1947 OBJECTS { natAddrMapStatsAddrUsed } 1948 STATUS current 1949 DESCRIPTION 1950 "This notification is generated whenever the number of 1951 addresses per address map is equal to or greater than the 1952 configured address rising threshold value. 1954 Note that once this notification is generated, another 1955 notification for the same address map should be generated 1956 only after the address usage falls to/below the defined 1957 falling threshold. 1959 This notification should be generated only for dynamic 1960 address maps, since they do not provide any useful 1961 information for static maps." 1962 ::= { natNotifications 1 } 1964 natPacketDiscard NOTIFICATION-TYPE 1965 OBJECTS { natAddrMapName, natPktDiscardReason } 1966 STATUS current 1967 DESCRIPTION 1968 "This notification is generated whenever packets are 1969 discarded e.g. due to lack of mapping space when we run 1970 out of address/ports in case of Basic NAT/NAPT 1971 respectively. 1973 An agent should not generate more than one 1974 natPacketDiscard 'notification-events' in a given time 1975 interval (five seconds is the suggested default). A 1976 'notification-event' is the transmission of a single 1977 trap or inform PDU to a list of notification 1978 destinations. 1980 If additional nat packets are discarded within the 1981 throttling period, then notification-events for these 1982 changes should be suppressed by the agent until the 1983 current throttling period expires. At the end of a 1984 throttling period, one notification-event should be 1985 generated if any NAT packet was discarded since the 1986 start of the throttling period. In such a case, another 1987 throttling period is started right away." 1988 ::= { natNotifications 2 } 1990 -- 1991 -- Conformance information. 1992 -- 1994 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 3 } 1996 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } 1997 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } 1999 -- 2000 -- Units of conformance 2001 -- 2003 natConfigGroup OBJECT-GROUP 2004 OBJECTS { natConfInterfaceRealm, 2005 natConfServiceType, 2006 natConfAddrMapConfigName, 2007 natConfStorageType, 2008 natConfStatus, 2009 natConfAddrMapEntryType, 2010 natConfAddrMapDirection, 2011 natConfLocalAddrType, 2012 natConfLocalAddrFrom, 2013 natConfLocalAddrTo, 2014 natConfLocalPortFrom, 2015 natConfLocalPortTo, 2016 natConfGlobalAddrType, 2017 natConfGlobalAddrFrom, 2018 natConfGlobalAddrTo, 2019 natConfGlobalPortFrom, 2020 natConfGlobalPortTo, 2021 natConfProtocol, 2022 natConfAddrMapStorageType, 2023 natConfAddrMapStatus, 2024 natConfUdpDefIdleTimeout, 2025 natConfIcmpDefIdleTimeout, 2026 natConfOtherDefIdleTimeout, 2027 natConfTcpDefIdleTimeout, 2028 natConfTcpDefNegTimeout } 2029 STATUS current 2030 DESCRIPTION 2031 "A collection of configuration-related information 2032 required to support management of devices supporting 2033 NAT." 2034 ::= { natMIBGroups 1 } 2036 natTranslationGroup OBJECT-GROUP 2037 OBJECTS { natAddrBindNumberOfEntries, 2038 natAddrBindGlobalAddrType, 2039 natAddrBindGlobalAddr, 2040 natAddrBindId, 2041 natAddrBindDirection, 2042 natAddrBindType, 2043 natAddrBindAddrMapName, 2044 natAddrBindSessionCount, 2045 natAddrBindCurrentIdleTime, 2046 natAddrBindInTranslate, 2047 natAddrBindOutTranslate, 2048 natAddrBindStatus, 2049 natAddrPortBindNumberOfEntries, 2050 natAddrPortBindGlobalAddrType, 2051 natAddrPortBindGlobalAddr, 2052 natAddrPortBindGlobalPort, 2053 natAddrPortBindId, 2054 natAddrPortBindDirection, 2055 natAddrPortBindType, 2056 natAddrPortBindAddrMapName, 2057 natAddrPortBindSessionCount, 2058 natAddrPortBindCurrentIdleTime, 2059 natAddrPortBindInTranslate, 2060 natAddrPortBindOutTranslate, 2061 natAddrPortBindStatus, 2062 natSessionDirection, 2063 natSessionUpTime, 2064 natSessionProtocolType, 2065 natSessionOrigPrivateAddrType, 2066 natSessionOrigPrivateAddr, 2067 natSessionTransPrivateAddrType, 2068 natSessionTransPrivateAddr, 2069 natSessionOrigPrivatePort, 2070 natSessionTransPrivatePort, 2071 natSessionOrigPublicAddrType, 2072 natSessionOrigPublicAddr, 2073 natSessionTransPublicAddrType, 2074 natSessionTransPublicAddr, 2075 natSessionOrigPublicPort, 2076 natSessionTransPublicPort, 2077 natSessionCurrentIdletime, 2078 natSessionSecondBindId, 2079 natSessionInTranslate, 2080 natSessionOutTranslate, 2081 natSessionStatus } 2082 STATUS current 2083 DESCRIPTION 2084 "A collection of BIND-related objects required to support 2085 management of devices supporting NAT." 2086 ::= { natMIBGroups 2 } 2088 natStatsGroup OBJECT-GROUP 2089 OBJECTS { natProtocolStatsInTranslate, 2090 natProtocolStatsOutTranslate, 2091 natProtocolStatsRejectCount, 2092 natAddrMapStatsInTranslate, 2093 natAddrMapStatsOutTranslate, 2094 natAddrMapStatsNoResource, 2095 natAddrMapStatsAddrUsed, 2096 natInterfacePktsIn, 2097 natInterfacePktsOut } 2098 STATUS current 2099 DESCRIPTION 2100 "A collection of NAT statistics related objects required 2101 to support troubleshooting/monitoring NAT operation." 2102 ::= { natMIBGroups 3 } 2104 natConfProtGroup OBJECT-GROUP 2105 OBJECTS { natConfProtConfigName 2106 natConfProtSpecName, 2107 natConfProtIdleTimeout, 2108 natConfProtRowStatus } 2109 STATUS current 2110 DESCRIPTION 2111 "A collection of objects to facilitate protocol related 2112 NAT configuration." 2113 ::= { natMIBGroups 4 } 2115 natConfTcpGroup OBJECT-GROUP 2116 OBJECTS { natConfTcpNegTimeout, 2117 natConfTcpRowStatus } 2118 STATUS current 2119 DESCRIPTION 2120 "A collection of TCP related NAT parameter objects 2121 used for NAT configuration." 2122 ::= { natMIBGroups 5 } 2124 natMIBNotifConfigGroup OBJECT-GROUP 2125 OBJECTS { natConfAddressRiseThreshold, 2126 natConfAddressFallThreshold } 2127 STATUS current 2128 DESCRIPTION 2129 "A collection of configuration objects required to support 2130 the threshold-based notifications." 2131 ::= { natMIBGroups 6 } 2133 natMIBNotificationObjectsGroup OBJECT-GROUP 2134 OBJECTS { natAddrMapName, 2135 natPktDiscardReason } 2136 STATUS current 2137 DESCRIPTION 2138 "A collection of objects required to support NAT 2139 notifications." 2140 ::= { natMIBGroups 7 } 2142 natMIBNotificationGroup NOTIFICATION-GROUP 2143 NOTIFICATIONS { natAddressUseRising, 2144 natPacketDiscard } 2145 STATUS current 2146 DESCRIPTION 2147 "A collection of notifications which are generated by 2148 devices supporting this MIB." 2149 ::= { natMIBGroups 8 } 2151 -- 2152 -- Compliance statements 2153 -- 2155 natMIBCompliance MODULE-COMPLIANCE 2156 STATUS current 2157 DESCRIPTION 2158 "The compliance statement for devices running NAT." 2159 MODULE -- this module 2160 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup } 2161 GROUP natConfProtGroup 2162 DESCRIPTION 2163 "This group is mandatory if any of the protocol 2164 specific tables (below) are supported." 2166 GROUP natConfTcpGroup 2167 DESCRIPTION 2168 "This group is mandatory if tcp is supported over nat." 2169 GROUP natStatsGroup 2170 DESCRIPTION 2171 "This group is optional." 2172 GROUP natMIBNotifConfigGroup 2173 DESCRIPTION 2174 "This group is optional." 2175 GROUP natMIBNotificationObjectsGroup 2176 DESCRIPTION 2177 "This group is optional." 2178 GROUP natMIBNotificationGroup 2179 DESCRIPTION 2180 "This group is optional." 2181 OBJECT natConfInterfaceRealm 2182 MIN-ACCESS read-only 2183 DESCRIPTION 2184 "Write access is not required." 2185 ::= { natMIBCompliances 1 } 2187 END 2188 NAT-TC DEFINITIONS ::= BEGIN 2190 IMPORTS 2191 MODULE-IDENTITY, 2192 mib-2 2193 FROM SNMPv2-SMI 2194 TEXTUAL-CONVENTION 2195 FROM SNMPv2-TC; 2197 natTextualConventions MODULE-IDENTITY 2198 LAST-UPDATED "200111090000Z" 2199 ORGANIZATION "IETF NAT Working Group" 2200 CONTACT-INFO 2201 " Rohit 2202 World Wide Packets 2203 115 North Sullivan Road 2204 Veradale, Spokane, WA 99037 2205 Phone: +1 509 242 9320 2206 Email: Rohit.Rohit@worldwidepackets.com 2208 Nalinaksh Pai 2209 Cisco Systems, Inc. 2210 Prestige Waterford 2211 No. 9, Brunton Road 2212 Bangalore - 560 025 2213 India 2214 Phone: +91 80 532 1300 2215 Email: npai@cisco.com 2217 Rajiv Raghunarayan 2218 Cisco Systems Inc. 2219 170 West Tasman Drive 2220 San Jose, CA 95134 2221 Phone: +1 408 853 9612 2222 Email: raraghun@cisco.com 2224 Cliff Wang 2225 SmartPipes Inc. 2226 Suite 300, 565 Metro Place South 2227 Dublin, OH 43017 2228 Phone: +1 614 923 6241 2229 Email: CWang@smartpipes.com 2231 P. Srisuresh 2232 Kuokoa networks 2233 2901 Tasman Drive, Suite 202 2234 Santa Clara, CA 95054 2235 Phone: +1 408 970 0000 2236 Email: srisuresh@yahoo.com 2237 " 2239 DESCRIPTION 2240 "This MIB module defines the NATProtocolType textual 2241 convention for use in MIBs that need to identify the 2242 protocols which support network address translation." 2244 REVISION "200111090000Z" -- 9th Nov. 2001 2245 DESCRIPTION 2246 "Initial version of this MIB module." 2247 ::= { mib-2 xx } -- to be assigned by RFC-editor 2249 NATProtocolType ::= TEXTUAL-CONVENTION 2250 STATUS current 2251 DESCRIPTION 2252 "A list of protocols that are affected/support 2253 network address translation. Inclusion of values is 2254 not intended to imply that those protocols need be 2255 supported." 2256 SYNTAX INTEGER { 2257 none (1), -- not specified 2258 other (2), -- none of the following 2259 icmp (3), 2260 udp (4), 2261 tcp (5) 2262 } 2264 END 2265 7. Security Considerations 2267 This MIB contains readable objects whose values provide information 2268 related to nat binds and sessions. Some of these objects could 2269 contain sensitive information e.g. bind information. There are 2270 a number of management objects defined in this MIB that have a 2271 MAX-ACCESS clause of read-write and/or read-create. Such objects 2272 may be considered sensitive or vulnerable in some network 2273 environments. 2275 While unauthorized access to the readable objects may be relatively 2276 innocuous, unauthorized access to the write-able objects could 2277 cause a denial of service, and/or widespread network 2278 disturbance. Hence, the support for SET operations in a non-secure 2279 environment without proper protection can have a negative effect on 2280 network operations. 2282 SNMPv1 by itself is not a secure environment. Even if the network 2283 itself is secure, there is no control as to who on the secure 2284 network is allowed to access and GET/SET (read/change/create/delete) 2285 the objects in this MIB. 2287 It is recommended that the implementors consider the security 2288 features as provided by the SNMPv3 framework. Specifically, the use 2289 of the User-based Security Model RFC 2574 [12] and the View-based 2290 Access Control Model RFC 2575 [15] is recommended. 2292 It is then a customer/user responsibility to ensure that the SNMP 2293 entity giving access to an instance of this MIB, is properly 2294 configured to give access to the objects only to those 2295 principals (users) that have legitimate rights to indeed GET or 2296 SET (change/create/delete) them. 2298 8. References 2300 [1] Wijnen, B., Harrington, D. and R. Presuhn, "An Architecture 2301 for Describing SNMP Management Frameworks", RFC 2571, April 2302 1999. 2304 [2] Rose, M. and K. McCloghrie, "Structure and Identification of 2305 Management Information for TCP/IP-based Internets", STD 16, 2306 RFC 1155, May 1990. 2308 [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, 2309 RFC 1212, March 1991. 2311 [4] Rose, M., "A Convention for Defining Traps for use with the 2312 SNMP", RFC 1215, March 1991. 2314 [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2315 Rose, M. and S. Waldbusser, "Structure of Management 2316 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 2318 [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2319 Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", 2320 STD 58, RFC 2579, April 1999. 2322 [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 2323 Rose, M. and S. Waldbusser, "Conformance Statements for 2324 SMIv2", STD 58, RFC 2580, April 1999. 2326 [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple 2327 Network Management Protocol", STD 15, RFC 1157, May 1990. 2329 [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2330 "Introduction to Community-based SNMPv2", RFC 1901, January 2331 1996. 2333 [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2334 "Transport Mappings for Version 2 of the Simple Network 2335 Management Protocol (SNMPv2)", RFC 1906, January 1996. 2337 [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message 2338 Processing and Dispatching for the Simple Network Management 2339 Protocol (SNMP)", RFC 2572, April 1999. 2341 [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) 2342 for version 3 of the Simple Network Management Protocol 2343 (SNMPv3)", RFC 2574, April 1999. 2345 [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 2346 "Protocol Operations for Version 2 of the Simple Network 2347 Management Protocol (SNMPv2)", RFC 1905, January 1996. 2349 [14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 2350 2573, April 1999. 2352 [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access 2353 Control Model (VACM) for the Simple Network Management 2354 Protocol (SNMP)", RFC 2575, April 1999. 2356 [16] Bradner, S., "The Internet Standards Process -- Revision 3", 2357 BCP 9, RFC 2026, October 1996. 2359 [17] Srisuresh, P. and Egevang, K., "Traditional IP Network Address 2360 Translator (Traditional NAT)", RFC 3022, January 2001. 2362 [18] Srisuresh, P. and M. Holdrege, "NAT Terminology and 2363 Considerations", RFC 2663, August 1999. 2365 [19] Daniele, M., Haberman, B., Routhier, S., Schoenwaelder, J., 2366 "Textual Conventions for Internet Network Addresses", RFC 2367 3291, May 2002. 2369 9. Acknowledgements 2371 The authors of this memo would like to thank Randy Turner, Ashwini 2372 S T, Kevin Luehrs and Sam Sankoorikal for their valuable feedback. 2374 10. Author's Addresses 2376 Rohit R. 2377 World Wide Packets 2378 115 North Sullivan Road 2379 Veradale, Spokane, WA 99037 2380 Phone: +1 509 242 9320 2381 Email: Rohit.Rohit@worldwidepackets.com 2383 Nalinaksh Pai 2384 Cisco Systems, Inc. 2385 Prestige Waterford 2386 No. 9, Brunton Road 2387 Bangalore - 560 025 2388 India 2389 Phone: +91 80 532 1300 extn. 6354 2390 Email: npai@cisco.com 2392 Rajiv Raghunarayan 2393 Cisco Systems Inc. 2394 170 West Tasman Drive 2395 San Jose, CA 95134 2396 Phone: +1 408 853 9612 2397 Email: raraghun@cisco.com 2398 Cliff Wang 2399 SmartPipes Inc. 2400 Suite 300, 565 Metro Place South 2401 Dublin, OH 43017 2402 Phone: +1 614 923 6241 2403 Email: CWang@smartpipes.com 2405 P. Srisuresh 2406 Kuokoa networks 2407 2901 Tasman Drive, Suite 202 2408 Santa Clara, CA 95054 2409 Phone: +1 408 970 0000 2410 Email: srisuresh@yahoo.com 2412 11. Change History 2414 A record of changes which will be removed before publication. 2416 10 September 2001 2418 o Added the following objects to support notifications: 2419 natConfAddressRiseThreshold, natConfAddressFallThreshold, 2420 natAddrMapName and natPktDiscardReason. 2422 o Following notifications were added (there are still some 2423 unclear parameters though): 2424 natAddressUseRising and natPacketDiscard. 2426 10 November 2001 2428 o Dynamic and Static Address Map tables are Merged. 2430 o Protocol Extensibility added. 2432 o Rearrangement of OIDs done to get things in proper sequence. 2434 07 February 2002 2436 o Config and Interface Specific tables are Merged. 2438 o MAX-ACCESS for the bind and session entry objects are 2439 changed to be read-create. 2441 o natConfAddrMapType renamed to natConfAddrMapDirection. 2443 14 June 2002 2445 o Changed the syntax of natConfServiceType to BITS and renumbered 2446 the enumeration to start with 0. 2448 o Addressed the warning raised by smilint - all InetAddress values 2449 now restricted to the size range (0..20) i.e. valid InetAddress 2450 types are now ipv4, ipv6, ipv4z and ipv6z. 2452 o MIN-ACCESS for natConfInterfaceRealm restricted to read-only. 2454 o Changed the natConfIcmpDefIdleTimeout default value to be 300. 2456 o natConfProtConfigName made a part of the optional 2457 natConfProtGroup. 2459 o RFC 3291 now referred to instead of RFC 2578 2461 Full Copyright Statement 2462 "Copyright (C) The Internet Society (2000). All Rights Reserved. 2463 This document and translations of it may be copied and furnished to 2464 others, and derivative works that comment on or otherwise explain it 2465 or assist in its implementation may be prepared, copied, published 2466 and distributed, in whole or in part, without restriction of any 2467 kind, provided that the above copyright notice and this paragraph 2468 are included on all such copies and derivative works. However, this 2469 document itself may not be modified in any way, such as by removing 2470 the copyright notice or references to the Internet Society or other 2471 Internet organizations, except as needed for the purpose of 2472 developing Internet standards in which case the procedures for 2473 copyrights defined in the Internet Standards process must be 2474 followed, or as required to translate it into languages other than 2475 English. 2477 The limited permissions granted above are perpetual and will not be 2478 revoked by the Internet Society or its successors or assigns. 2480 This document and the information contained herein is provided on an 2481 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 2482 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 2483 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 2484 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 2485 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.