1 NAT-MIB DEFINITIONS ::= BEGIN
26 ifCounterDiscontinuityGroup
29 FROM SNMP-FRAMEWORK-MIB
33 FROM INET-ADDRESS-MIB;
35 natMIB MODULE-IDENTITY
36 LAST-UPDATED "200503210000Z"
37 ORGANIZATION "IETF Transport Area"
42 #59/2 100 ft Ring Road
46 Phone: +91 80 2679 6227
47 Email: rrohit74@hotmail.com
51 1179-A North McDowell Blvd.
54 Email: srisuresh@yahoo.com
60 Phone: +1 408 853 9612
61 Email: raraghun@cisco.com
72 Phone: +91 80 532 1300
80 Phone: +1 614 213 6117
81 Email: cliffwang2000@yahoo.com
84 "This MIB module defines the generic managed objects
87 Copyright (C) The Internet Society (2005). This version
88 of this MIB module is part of RFC 4008; see the RFC
89 itself for full legal notices."
90 REVISION "200503210000Z" -- 21th March 2005
92 "Initial version, published as RFC 4008."
95 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 }
97 NatProtocolType ::= TEXTUAL-CONVENTION
100 "A list of protocols that support the network
101 address translation. Inclusion of the values is
102 not intended to imply that those protocols
103 need to be supported. Any change in this
104 TEXTUAL-CONVENTION should also be reflected in
105 the definition of NatProtocolMap, which is a
106 BITS representation of this."
108 none (1), -- not specified
109 other (2), -- none of the following
115 NatProtocolMap ::= TEXTUAL-CONVENTION
118 "A bitmap of protocol identifiers that support
122 the network address translation. Any change
123 in this TEXTUAL-CONVENTION should also be
124 reflected in the definition of NatProtocolType."
132 NatAddrMapId ::= TEXTUAL-CONVENTION
136 "A unique id that is assigned to each address map
137 by a NAT enabled device."
138 SYNTAX Unsigned32 (1..4294967295)
140 NatBindIdOrZero ::= TEXTUAL-CONVENTION
144 "A unique id that is assigned to each bind by
145 a NAT enabled device. The bind id will be zero
146 in the case of a Symmetric NAT."
147 SYNTAX Unsigned32 (0..4294967295)
149 NatBindId ::= TEXTUAL-CONVENTION
153 "A unique id that is assigned to each bind by
154 a NAT enabled device."
155 SYNTAX Unsigned32 (1..4294967295)
157 NatSessionId ::= TEXTUAL-CONVENTION
161 "A unique id that is assigned to each session by
162 a NAT enabled device."
163 SYNTAX Unsigned32 (1..4294967295)
165 NatBindMode ::= TEXTUAL-CONVENTION
168 "An indication of whether the bind is
169 an address bind or an address port bind."
178 NatAssociationType ::= TEXTUAL-CONVENTION
181 "An indication of whether the association is
188 NatTranslationEntity ::= TEXTUAL-CONVENTION
191 "An indication of a) the direction of a session for
192 which an address map entry, address bind or port
193 bind is applicable, and b) the entity (source or
194 destination) within the session that is subject to
197 inboundSrcEndPoint (0),
198 outboundDstEndPoint(1),
199 inboundDstEndPoint (2),
200 outboundSrcEndPoint(3)
204 -- Default Values for the Bind and NAT Protocol Timers
207 natDefTimeouts OBJECT IDENTIFIER ::= { natMIBObjects 1 }
209 natNotifCtrl OBJECT IDENTIFIER ::= { natMIBObjects 2 }
212 -- Address Bind and Port Bind related NAT configuration
215 natBindDefIdleTimeout OBJECT-TYPE
216 SYNTAX Unsigned32 (0..4294967295)
218 MAX-ACCESS read-write
224 "The default Bind (Address Bind or Port Bind) idle
227 If the agent is capable of storing non-volatile
228 configuration, then the value of this object must be
229 restored after a re-initialization of the management
232 ::= { natDefTimeouts 1 }
235 -- UDP related NAT configuration
238 natUdpDefIdleTimeout OBJECT-TYPE
239 SYNTAX Unsigned32 (1..4294967295)
241 MAX-ACCESS read-write
244 "The default UDP idle timeout parameter.
246 If the agent is capable of storing non-volatile
247 configuration, then the value of this object must be
248 restored after a re-initialization of the management
251 ::= { natDefTimeouts 2 }
254 -- ICMP related NAT configuration
257 natIcmpDefIdleTimeout OBJECT-TYPE
258 SYNTAX Unsigned32 (1..4294967295)
260 MAX-ACCESS read-write
263 "The default ICMP idle timeout parameter.
265 If the agent is capable of storing non-volatile
266 configuration, then the value of this object must be
267 restored after a re-initialization of the management
270 ::= { natDefTimeouts 3 }
276 -- Other protocol parameters
279 natOtherDefIdleTimeout OBJECT-TYPE
280 SYNTAX Unsigned32 (1..4294967295)
282 MAX-ACCESS read-write
285 "The default idle timeout parameter for protocols
286 represented by the value other (2) in
289 If the agent is capable of storing non-volatile
290 configuration, then the value of this object must be
291 restored after a re-initialization of the management
294 ::= { natDefTimeouts 4 }
297 -- TCP related NAT Timers
300 natTcpDefIdleTimeout OBJECT-TYPE
301 SYNTAX Unsigned32 (1..4294967295)
303 MAX-ACCESS read-write
306 "The default time interval that a NAT session for an
307 established TCP connection is allowed to remain
308 valid without any activity on the TCP connection.
310 If the agent is capable of storing non-volatile
311 configuration, then the value of this object must be
312 restored after a re-initialization of the management
315 ::= { natDefTimeouts 5 }
317 natTcpDefNegTimeout OBJECT-TYPE
318 SYNTAX Unsigned32 (1..4294967295)
320 MAX-ACCESS read-write
326 "The default time interval that a NAT session for a TCP
327 connection that is not in the established state
328 is allowed to remain valid without any activity on
331 If the agent is capable of storing non-volatile
332 configuration, then the value of this object must be
333 restored after a re-initialization of the management
336 ::= { natDefTimeouts 6 }
338 natNotifThrottlingInterval OBJECT-TYPE
339 SYNTAX Integer32 (0 | 5..3600)
341 MAX-ACCESS read-write
344 "This object controls the generation of the
345 natPacketDiscard notification.
347 If this object has a value of zero, then no
348 natPacketDiscard notifications will be transmitted by the
351 If this object has a non-zero value, then the agent must
352 not generate more than one natPacketDiscard
353 'notification-event' in the indicated period, where a
354 'notification-event' is the generation of a single
355 notification PDU type to a list of notification
356 destinations. If additional NAT packets are discarded
357 within the throttling period, then notification-events
358 for these changes must be suppressed by the agent until
359 the current throttling period expires.
361 If natNotifThrottlingInterval notification generation
362 is enabled, the suggested default throttling period is
363 60 seconds, but generation of the natPacketDiscard
364 notification should be disabled by default.
366 If the agent is capable of storing non-volatile
367 configuration, then the value of this object must be
368 restored after a re-initialization of the management
371 The actual transmission of notifications is controlled
372 via the MIB modules in RFC 3413."
377 ::= { natNotifCtrl 1 }
380 -- The NAT Interface Table
383 natInterfaceTable OBJECT-TYPE
384 SYNTAX SEQUENCE OF NatInterfaceEntry
385 MAX-ACCESS not-accessible
388 "This table specifies the attributes for interfaces on a
389 device supporting NAT function."
390 ::= { natMIBObjects 3 }
392 natInterfaceEntry OBJECT-TYPE
393 SYNTAX NatInterfaceEntry
394 MAX-ACCESS not-accessible
397 "Each entry in the natInterfaceTable holds a set of
398 parameters for an interface, instantiated by
399 ifIndex. Therefore, the interface index must have been
400 assigned, according to the applicable procedures,
401 before it can be meaningfully used.
402 Generally, this means that the interface must exist.
404 When natStorageType is of type nonVolatile, however,
405 this may reflect the configuration for an interface whose
406 ifIndex has been assigned but for which the supporting
407 implementation is not currently present."
409 ::= { natInterfaceTable 1 }
411 NatInterfaceEntry ::= SEQUENCE {
412 natInterfaceRealm INTEGER,
413 natInterfaceServiceType BITS,
414 natInterfaceInTranslates Counter64,
415 natInterfaceOutTranslates Counter64,
416 natInterfaceDiscards Counter64,
417 natInterfaceStorageType StorageType,
418 natInterfaceRowStatus RowStatus
421 natInterfaceRealm OBJECT-TYPE
429 MAX-ACCESS read-create
432 "This object identifies whether this interface is
433 connected to the private or the public realm."
435 ::= { natInterfaceEntry 1 }
437 natInterfaceServiceType OBJECT-TYPE
441 bidirectionalNat (2),
444 MAX-ACCESS read-create
447 "An indication of the direction in which new sessions
448 are permitted and the extent of translation done within
449 the IP and transport headers."
450 ::= { natInterfaceEntry 2 }
452 natInterfaceInTranslates OBJECT-TYPE
457 "Number of packets received on this interface that
459 Discontinuities in the value of this counter can occur at
460 reinitialization of the management system and at other
461 times as indicated by the value of
462 ifCounterDiscontinuityTime on the relevant interface."
463 ::= { natInterfaceEntry 3 }
465 natInterfaceOutTranslates OBJECT-TYPE
470 "Number of translated packets that were sent out this
473 Discontinuities in the value of this counter can occur at
474 reinitialization of the management system and at other
475 times as indicated by the value of
479 ifCounterDiscontinuityTime on the relevant interface."
480 ::= { natInterfaceEntry 4 }
482 natInterfaceDiscards OBJECT-TYPE
487 "Number of packets that had to be rejected/dropped due to
488 a lack of resources for this interface.
490 Discontinuities in the value of this counter can occur at
491 reinitialization of the management system and at other
492 times as indicated by the value of
493 ifCounterDiscontinuityTime on the relevant interface."
494 ::= { natInterfaceEntry 5 }
496 natInterfaceStorageType OBJECT-TYPE
498 MAX-ACCESS read-create
501 "The storage type for this conceptual row.
502 Conceptual rows having the value 'permanent'
503 need not allow write-access to any columnar objects
506 "Textual Conventions for SMIv2, Section 2."
507 DEFVAL { nonVolatile }
508 ::= { natInterfaceEntry 6 }
510 natInterfaceRowStatus OBJECT-TYPE
512 MAX-ACCESS read-create
515 "The status of this conceptual row.
517 Until instances of all corresponding columns are
518 appropriately configured, the value of the
519 corresponding instance of the natInterfaceRowStatus
520 column is 'notReady'.
523 In particular, a newly created row cannot be made
524 active until the corresponding instance of
525 natInterfaceServiceType has been set.
530 None of the objects in this row may be modified
531 while the value of this object is active(1)."
533 "Textual Conventions for SMIv2, Section 2."
534 ::= { natInterfaceEntry 7 }
537 -- The Address Map Table
540 natAddrMapTable OBJECT-TYPE
541 SYNTAX SEQUENCE OF NatAddrMapEntry
542 MAX-ACCESS not-accessible
545 "This table lists address map parameters for NAT."
546 ::= { natMIBObjects 4 }
548 natAddrMapEntry OBJECT-TYPE
549 SYNTAX NatAddrMapEntry
550 MAX-ACCESS not-accessible
553 "This entry represents an address map to be used for
554 NAT and contributes to the dynamic and/or static
555 address mapping tables of the NAT device."
556 INDEX { ifIndex, natAddrMapIndex }
557 ::= { natAddrMapTable 1 }
559 NatAddrMapEntry ::= SEQUENCE {
560 natAddrMapIndex NatAddrMapId,
561 natAddrMapName SnmpAdminString,
562 natAddrMapEntryType NatAssociationType,
563 natAddrMapTranslationEntity NatTranslationEntity,
564 natAddrMapLocalAddrType InetAddressType,
565 natAddrMapLocalAddrFrom InetAddress,
566 natAddrMapLocalAddrTo InetAddress,
567 natAddrMapLocalPortFrom InetPortNumber,
568 natAddrMapLocalPortTo InetPortNumber,
569 natAddrMapGlobalAddrType InetAddressType,
570 natAddrMapGlobalAddrFrom InetAddress,
571 natAddrMapGlobalAddrTo InetAddress,
572 natAddrMapGlobalPortFrom InetPortNumber,
573 natAddrMapGlobalPortTo InetPortNumber,
574 natAddrMapProtocol NatProtocolMap,
575 natAddrMapInTranslates Counter64,
576 natAddrMapOutTranslates Counter64,
577 natAddrMapDiscards Counter64,
581 natAddrMapAddrUsed Gauge32,
582 natAddrMapStorageType StorageType,
583 natAddrMapRowStatus RowStatus
586 natAddrMapIndex OBJECT-TYPE
588 MAX-ACCESS not-accessible
591 "Along with ifIndex, this object uniquely
592 identifies an entry in the natAddrMapTable.
593 Address map entries are applied in the order
594 specified by natAddrMapIndex."
595 ::= { natAddrMapEntry 1 }
597 natAddrMapName OBJECT-TYPE
598 SYNTAX SnmpAdminString (SIZE(1..32))
599 MAX-ACCESS read-create
602 "Name identifying all map entries in the table associated
603 with the same interface. All map entries with the same
604 ifIndex MUST have the same map name."
605 ::= { natAddrMapEntry 2 }
607 natAddrMapEntryType OBJECT-TYPE
608 SYNTAX NatAssociationType
609 MAX-ACCESS read-create
612 "This parameter can be used to set up static
613 or dynamic address maps."
614 ::= { natAddrMapEntry 3 }
616 natAddrMapTranslationEntity OBJECT-TYPE
617 SYNTAX NatTranslationEntity
618 MAX-ACCESS read-create
621 "The end-point entity (source or destination) in
622 inbound or outbound sessions (i.e., first packets) that
623 may be translated by an address map entry.
625 Session direction (inbound or outbound) is
626 derived from the direction of the first packet
627 of a session traversing a NAT interface.
628 NAT address (and Transport-ID) maps may be defined
632 to effect inbound or outbound sessions.
634 Traditionally, address maps for Basic NAT and NAPT are
635 configured on a public interface for outbound sessions,
636 effecting translation of source end-point. The value of
637 this object must be set to outboundSrcEndPoint for
640 Alternately, if address maps for Basic NAT and NAPT were
641 to be configured on a private interface, the desired
642 value for this object for the map entries
643 would be inboundSrcEndPoint (i.e., effecting translation
644 of source end-point for inbound sessions).
646 If TwiceNAT were to be configured on a private interface,
647 the desired value for this object for the map entries
648 would be a bitmask of inboundSrcEndPoint and
650 ::= { natAddrMapEntry 4 }
652 natAddrMapLocalAddrType OBJECT-TYPE
653 SYNTAX InetAddressType
654 MAX-ACCESS read-create
657 "This object specifies the address type used for
658 natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo."
659 ::= { natAddrMapEntry 5 }
661 natAddrMapLocalAddrFrom OBJECT-TYPE
663 MAX-ACCESS read-create
666 "This object specifies the first IP address of the range
667 of IP addresses mapped by this translation entry. The
668 value of this object must be less than or equal to the
669 value of the natAddrMapLocalAddrTo object.
671 The type of this address is determined by the value of
672 the natAddrMapLocalAddrType object."
673 ::= { natAddrMapEntry 6 }
675 natAddrMapLocalAddrTo OBJECT-TYPE
677 MAX-ACCESS read-create
683 "This object specifies the last IP address of the range of
684 IP addresses mapped by this translation entry. If only
685 a single address is being mapped, the value of this object
686 is equal to the value of natAddrMapLocalAddrFrom. For a
687 static NAT, the number of addresses in the range defined
688 by natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo must
689 be equal to the number of addresses in the range defined by
690 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo.
691 The value of this object must be greater than or equal to
692 the value of the natAddrMapLocalAddrFrom object.
694 The type of this address is determined by the value of
695 the natAddrMapLocalAddrType object."
696 ::= { natAddrMapEntry 7 }
698 natAddrMapLocalPortFrom OBJECT-TYPE
699 SYNTAX InetPortNumber
700 MAX-ACCESS read-create
703 "If this conceptual row describes a Basic NAT address
704 mapping, then the value of this object must be zero. If
705 this conceptual row describes NAPT, then the value of
706 this object specifies the first port number in the range
707 of ports being mapped.
709 The value of this object must be less than or equal to the
710 value of the natAddrMapLocalPortTo object. If the
711 translation specifies a single port, then the value of this
712 object is equal to the value of natAddrMapLocalPortTo."
714 ::= { natAddrMapEntry 8 }
716 natAddrMapLocalPortTo OBJECT-TYPE
717 SYNTAX InetPortNumber
718 MAX-ACCESS read-create
721 "If this conceptual row describes a Basic NAT address
722 mapping, then the value of this object must be zero. If
723 this conceptual row describes NAPT, then the value of
724 this object specifies the last port number in the range
725 of ports being mapped.
727 The value of this object must be greater than or equal to
728 the value of the natAddrMapLocalPortFrom object. If the
729 translation specifies a single port, then the value of this
730 object is equal to the value of natAddrMapLocalPortFrom."
735 ::= { natAddrMapEntry 9 }
737 natAddrMapGlobalAddrType OBJECT-TYPE
738 SYNTAX InetAddressType
739 MAX-ACCESS read-create
742 "This object specifies the address type used for
743 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo."
744 ::= { natAddrMapEntry 10 }
746 natAddrMapGlobalAddrFrom OBJECT-TYPE
748 MAX-ACCESS read-create
751 "This object specifies the first IP address of the range of
752 IP addresses being mapped to. The value of this object
753 must be less than or equal to the value of the
754 natAddrMapGlobalAddrTo object.
756 The type of this address is determined by the value of
757 the natAddrMapGlobalAddrType object."
758 ::= { natAddrMapEntry 11 }
760 natAddrMapGlobalAddrTo OBJECT-TYPE
762 MAX-ACCESS read-create
765 "This object specifies the last IP address of the range of
766 IP addresses being mapped to. If only a single address is
767 being mapped to, the value of this object is equal to the
768 value of natAddrMapGlobalAddrFrom. For a static NAT, the
769 number of addresses in the range defined by
770 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo must be
771 equal to the number of addresses in the range defined by
772 natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo.
773 The value of this object must be greater than or equal to
774 the value of the natAddrMapGlobalAddrFrom object.
776 The type of this address is determined by the value of
777 the natAddrMapGlobalAddrType object."
778 ::= { natAddrMapEntry 12 }
780 natAddrMapGlobalPortFrom OBJECT-TYPE
781 SYNTAX InetPortNumber
785 MAX-ACCESS read-create
788 "If this conceptual row describes a Basic NAT address
789 mapping, then the value of this object must be zero. If
790 this conceptual row describes NAPT, then the value of
791 this object specifies the first port number in the range
792 of ports being mapped to.
795 The value of this object must be less than or equal to the
796 value of the natAddrMapGlobalPortTo object. If the
797 translation specifies a single port, then the value of this
798 object is equal to the value natAddrMapGlobalPortTo."
800 ::= { natAddrMapEntry 13 }
802 natAddrMapGlobalPortTo OBJECT-TYPE
803 SYNTAX InetPortNumber
804 MAX-ACCESS read-create
807 "If this conceptual row describes a Basic NAT address
808 mapping, then the value of this object must be zero. If
809 this conceptual row describes NAPT, then the value of this
810 object specifies the last port number in the range of
811 ports being mapped to.
813 The value of this object must be greater than or equal to
814 the value of the natAddrMapGlobalPortFrom object. If the
815 translation specifies a single port, then the value of this
816 object is equal to the value of natAddrMapGlobalPortFrom."
818 ::= { natAddrMapEntry 14 }
820 natAddrMapProtocol OBJECT-TYPE
821 SYNTAX NatProtocolMap
822 MAX-ACCESS read-create
825 "This object specifies a bitmap of protocol identifiers."
826 ::= { natAddrMapEntry 15 }
828 natAddrMapInTranslates OBJECT-TYPE
836 "The number of inbound packets pertaining to this address
837 map entry that were translated.
839 Discontinuities in the value of this counter can occur at
840 reinitialization of the management system and at other
841 times, as indicated by the value of
842 ifCounterDiscontinuityTime on the relevant interface."
843 ::= { natAddrMapEntry 16 }
845 natAddrMapOutTranslates OBJECT-TYPE
850 "The number of outbound packets pertaining to this
851 address map entry that were translated.
853 Discontinuities in the value of this counter can occur at
854 reinitialization of the management system and at other
855 times, as indicated by the value of
856 ifCounterDiscontinuityTime on the relevant interface."
857 ::= { natAddrMapEntry 17 }
859 natAddrMapDiscards OBJECT-TYPE
864 "The number of packets pertaining to this address map
865 entry that were dropped due to lack of addresses in the
866 address pool identified by this address map. The value of
867 this object must always be zero in case of static
870 Discontinuities in the value of this counter can occur at
871 reinitialization of the management system and at other
872 times, as indicated by the value of
873 ifCounterDiscontinuityTime on the relevant interface."
874 ::= { natAddrMapEntry 18 }
876 natAddrMapAddrUsed OBJECT-TYPE
881 "The number of addresses pertaining to this address map
882 that are currently being used from the NAT pool.
883 The value of this object must always be zero in the case
887 of a static address map."
888 ::= { natAddrMapEntry 19 }
890 natAddrMapStorageType OBJECT-TYPE
892 MAX-ACCESS read-create
895 "The storage type for this conceptual row.
896 Conceptual rows having the value 'permanent'
897 need not allow write-access to any columnar objects
900 "Textual Conventions for SMIv2, Section 2."
901 DEFVAL { nonVolatile }
902 ::= { natAddrMapEntry 20 }
904 natAddrMapRowStatus OBJECT-TYPE
906 MAX-ACCESS read-create
909 "The status of this conceptual row.
911 Until instances of all corresponding columns are
912 appropriately configured, the value of the
913 corresponding instance of the natAddrMapRowStatus
914 column is 'notReady'.
916 None of the objects in this row may be modified
917 while the value of this object is active(1)."
919 "Textual Conventions for SMIv2, Section 2."
920 ::= { natAddrMapEntry 21 }
923 -- Address Bind section
926 natAddrBindNumberOfEntries OBJECT-TYPE
931 "This object maintains a count of the number of entries
932 that currently exist in the natAddrBindTable."
933 ::= { natMIBObjects 5 }
939 -- The NAT Address BIND Table
942 natAddrBindTable OBJECT-TYPE
943 SYNTAX SEQUENCE OF NatAddrBindEntry
944 MAX-ACCESS not-accessible
947 "This table holds information about the currently
949 ::= { natMIBObjects 6 }
951 natAddrBindEntry OBJECT-TYPE
952 SYNTAX NatAddrBindEntry
953 MAX-ACCESS not-accessible
956 "Each entry in this table holds information about
957 an active address BIND. These entries are lost
960 This row has indexing which may create variables with
961 more than 128 subidentifiers. Implementers of this table
962 must be careful not to create entries that would result
963 in OIDs which exceed the 128 subidentifier limit.
964 Otherwise, the information cannot be accessed using
965 SNMPv1, SNMPv2c or SNMPv3."
967 INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr }
968 ::= { natAddrBindTable 1 }
970 NatAddrBindEntry ::= SEQUENCE {
971 natAddrBindLocalAddrType InetAddressType,
972 natAddrBindLocalAddr InetAddress,
973 natAddrBindGlobalAddrType InetAddressType,
974 natAddrBindGlobalAddr InetAddress,
975 natAddrBindId NatBindId,
976 natAddrBindTranslationEntity NatTranslationEntity,
977 natAddrBindType NatAssociationType,
978 natAddrBindMapIndex NatAddrMapId,
979 natAddrBindSessions Gauge32,
980 natAddrBindMaxIdleTime TimeTicks,
981 natAddrBindCurrentIdleTime TimeTicks,
982 natAddrBindInTranslates Counter64,
983 natAddrBindOutTranslates Counter64
989 natAddrBindLocalAddrType OBJECT-TYPE
990 SYNTAX InetAddressType
991 MAX-ACCESS not-accessible
994 "This object specifies the address type used for
995 natAddrBindLocalAddr."
996 ::= { natAddrBindEntry 1 }
998 natAddrBindLocalAddr OBJECT-TYPE
1000 MAX-ACCESS not-accessible
1003 "This object represents the private-realm specific network
1004 layer address, which maps to the public-realm address
1005 represented by natAddrBindGlobalAddr.
1007 The type of this address is determined by the value of
1008 the natAddrBindLocalAddrType object."
1009 ::= { natAddrBindEntry 2 }
1011 natAddrBindGlobalAddrType OBJECT-TYPE
1012 SYNTAX InetAddressType
1013 MAX-ACCESS read-only
1016 "This object specifies the address type used for
1017 natAddrBindGlobalAddr."
1018 ::= { natAddrBindEntry 3 }
1020 natAddrBindGlobalAddr OBJECT-TYPE
1022 MAX-ACCESS read-only
1025 "This object represents the public-realm network layer
1026 address that maps to the private-realm network layer
1027 address represented by natAddrBindLocalAddr.
1029 The type of this address is determined by the value of
1030 the natAddrBindGlobalAddrType object."
1031 ::= { natAddrBindEntry 4 }
1033 natAddrBindId OBJECT-TYPE
1035 MAX-ACCESS read-only
1041 "This object represents a bind id that is dynamically
1042 assigned to each bind by a NAT enabled device. Each
1043 bind is represented by a bind id that is
1044 unique across both, the natAddrBindTable and the
1045 natAddrPortBindTable."
1046 ::= { natAddrBindEntry 5 }
1048 natAddrBindTranslationEntity OBJECT-TYPE
1049 SYNTAX NatTranslationEntity
1050 MAX-ACCESS read-only
1053 "This object represents the direction of sessions
1054 for which this bind is applicable and the endpoint entity
1055 (source or destination) within the sessions that is
1056 subject to translation using the BIND.
1058 Orientation of the bind can be a superset of
1059 translationEntity of the address map entry which
1060 forms the basis for this bind.
1062 For example, if the translationEntity of an
1063 address map entry is outboundSrcEndPoint, the
1064 translationEntity of a bind derived from this
1065 map entry may either be outboundSrcEndPoint or
1066 it may be bidirectional (a bitmask of
1067 outboundSrcEndPoint and inboundDstEndPoint)."
1068 ::= { natAddrBindEntry 6 }
1070 natAddrBindType OBJECT-TYPE
1071 SYNTAX NatAssociationType
1072 MAX-ACCESS read-only
1075 "This object indicates whether the bind is static or
1077 ::= { natAddrBindEntry 7 }
1079 natAddrBindMapIndex OBJECT-TYPE
1081 MAX-ACCESS read-only
1084 "This object is a pointer to the natAddrMapTable entry
1085 (and the parameters of that entry) which was used in
1086 creating this BIND. This object, in conjunction with the
1087 ifIndex (which identifies a unique addrMapName) points to
1091 a unique entry in the natAddrMapTable."
1092 ::= { natAddrBindEntry 8 }
1094 natAddrBindSessions OBJECT-TYPE
1096 MAX-ACCESS read-only
1099 "Number of sessions currently using this BIND."
1100 ::= { natAddrBindEntry 9 }
1102 natAddrBindMaxIdleTime OBJECT-TYPE
1104 MAX-ACCESS read-only
1107 "This object indicates the maximum time for
1108 which this bind can be idle with no sessions
1111 The value of this object is of relevance only for
1113 ::= { natAddrBindEntry 10 }
1115 natAddrBindCurrentIdleTime OBJECT-TYPE
1117 MAX-ACCESS read-only
1120 "At any given instance, this object indicates the
1121 time that this bind has been idle without any sessions
1124 The value of this object is of relevance only for
1126 ::= { natAddrBindEntry 11 }
1128 natAddrBindInTranslates OBJECT-TYPE
1130 MAX-ACCESS read-only
1133 "The number of inbound packets that were successfully
1134 translated by using this bind entry.
1136 Discontinuities in the value of this counter can occur at
1137 reinitialization of the management system and at other
1138 times, as indicated by the value of
1142 ifCounterDiscontinuityTime on the relevant interface."
1143 ::= { natAddrBindEntry 12 }
1145 natAddrBindOutTranslates OBJECT-TYPE
1147 MAX-ACCESS read-only
1150 "The number of outbound packets that were successfully
1151 translated using this bind entry.
1153 Discontinuities in the value of this counter can occur at
1154 reinitialization of the management system and at other
1155 times as indicated by the value of
1156 ifCounterDiscontinuityTime on the relevant interface."
1157 ::= { natAddrBindEntry 13 }
1160 -- Address Port Bind section
1163 natAddrPortBindNumberOfEntries OBJECT-TYPE
1165 MAX-ACCESS read-only
1168 "This object maintains a count of the number of entries
1169 that currently exist in the natAddrPortBindTable."
1170 ::= { natMIBObjects 7 }
1173 -- The NAT Address Port Bind Table
1176 natAddrPortBindTable OBJECT-TYPE
1177 SYNTAX SEQUENCE OF NatAddrPortBindEntry
1178 MAX-ACCESS not-accessible
1181 "This table holds information about the currently
1183 ::= { natMIBObjects 8 }
1185 natAddrPortBindEntry OBJECT-TYPE
1186 SYNTAX NatAddrPortBindEntry
1187 MAX-ACCESS not-accessible
1193 "Each entry in the this table holds information
1194 about a NAPT bind that is currently active.
1195 These entries are lost upon agent restart.
1197 This row has indexing which may create variables with
1198 more than 128 subidentifiers. Implementers of this table
1199 must be careful not to create entries which would result
1200 in OIDs that exceed the 128 subidentifier limit.
1201 Otherwise, the information cannot be accessed using
1202 SNMPv1, SNMPv2c or SNMPv3."
1203 INDEX { ifIndex, natAddrPortBindLocalAddrType,
1204 natAddrPortBindLocalAddr, natAddrPortBindLocalPort,
1205 natAddrPortBindProtocol }
1206 ::= { natAddrPortBindTable 1 }
1208 NatAddrPortBindEntry ::= SEQUENCE {
1209 natAddrPortBindLocalAddrType InetAddressType,
1210 natAddrPortBindLocalAddr InetAddress,
1211 natAddrPortBindLocalPort InetPortNumber,
1212 natAddrPortBindProtocol NatProtocolType,
1213 natAddrPortBindGlobalAddrType InetAddressType,
1214 natAddrPortBindGlobalAddr InetAddress,
1215 natAddrPortBindGlobalPort InetPortNumber,
1216 natAddrPortBindId NatBindId,
1217 natAddrPortBindTranslationEntity NatTranslationEntity,
1218 natAddrPortBindType NatAssociationType,
1219 natAddrPortBindMapIndex NatAddrMapId,
1220 natAddrPortBindSessions Gauge32,
1221 natAddrPortBindMaxIdleTime TimeTicks,
1222 natAddrPortBindCurrentIdleTime TimeTicks,
1223 natAddrPortBindInTranslates Counter64,
1224 natAddrPortBindOutTranslates Counter64
1227 natAddrPortBindLocalAddrType OBJECT-TYPE
1228 SYNTAX InetAddressType
1229 MAX-ACCESS not-accessible
1232 "This object specifies the address type used for
1233 natAddrPortBindLocalAddr."
1234 ::= { natAddrPortBindEntry 1 }
1236 natAddrPortBindLocalAddr OBJECT-TYPE
1238 MAX-ACCESS not-accessible
1244 "This object represents the private-realm specific network
1245 layer address which, in conjunction with
1246 natAddrPortBindLocalPort, maps to the public-realm
1247 network layer address and transport id represented by
1248 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort
1252 The type of this address is determined by the value of
1253 the natAddrPortBindLocalAddrType object."
1254 ::= { natAddrPortBindEntry 2 }
1256 natAddrPortBindLocalPort OBJECT-TYPE
1257 SYNTAX InetPortNumber
1258 MAX-ACCESS not-accessible
1261 "For a protocol value TCP or UDP, this object represents
1262 the private-realm specific port number. On the other
1263 hand, for ICMP a bind is created only for query/response
1264 type ICMP messages such as ICMP echo, Timestamp, and
1265 Information request messages, and this object represents
1266 the private-realm specific identifier in the ICMP
1267 message, as defined in RFC 792 for ICMPv4 and in RFC
1270 This object, together with natAddrPortBindProtocol,
1271 natAddrPortBindLocalAddrType, and natAddrPortBindLocalAddr,
1272 constitutes a session endpoint in the private realm. A
1273 bind entry binds a private realm specific endpoint to a
1274 public realm specific endpoint, as represented by the
1275 tuple of (natAddrPortBindGlobalPort,
1276 natAddrPortBindProtocol, natAddrPortBindGlobalAddrType,
1277 and natAddrPortBindGlobalAddr)."
1278 ::= { natAddrPortBindEntry 3 }
1280 natAddrPortBindProtocol OBJECT-TYPE
1281 SYNTAX NatProtocolType
1282 MAX-ACCESS not-accessible
1285 "This object specifies a protocol identifier. If the
1286 value of this object is none(1), then this bind entry
1287 applies to all IP traffic. Any other value of this object
1288 specifies the class of IP traffic to which this BIND
1290 ::= { natAddrPortBindEntry 4 }
1295 natAddrPortBindGlobalAddrType OBJECT-TYPE
1296 SYNTAX InetAddressType
1297 MAX-ACCESS read-only
1300 "This object specifies the address type used for
1301 natAddrPortBindGlobalAddr."
1302 ::= { natAddrPortBindEntry 5 }
1304 natAddrPortBindGlobalAddr OBJECT-TYPE
1306 MAX-ACCESS read-only
1309 "This object represents the public-realm specific network
1310 layer address that, in conjunction with
1311 natAddrPortBindGlobalPort, maps to the private-realm
1313 network layer address and transport id represented by
1314 natAddrPortBindLocalAddr and natAddrPortBindLocalPort,
1317 The type of this address is determined by the value of
1318 the natAddrPortBindGlobalAddrType object."
1319 ::= { natAddrPortBindEntry 6 }
1321 natAddrPortBindGlobalPort OBJECT-TYPE
1322 SYNTAX InetPortNumber
1323 MAX-ACCESS read-only
1326 "For a protocol value TCP or UDP, this object represents
1327 the public-realm specific port number. On the other
1328 hand, for ICMP a bind is created only for query/response
1329 type ICMP messages such as ICMP echo, Timestamp, and
1330 Information request messages, and this object represents
1331 the public-realm specific identifier in the ICMP message,
1332 as defined in RFC 792 for ICMPv4 and in RFC 2463 for
1335 This object, together with natAddrPortBindProtocol,
1336 natAddrPortBindGlobalAddrType, and
1337 natAddrPortBindGlobalAddr, constitutes a session endpoint
1338 in the public realm. A bind entry binds a public realm
1339 specific endpoint to a private realm specific endpoint,
1340 as represented by the tuple of
1341 (natAddrPortBindLocalPort, natAddrPortBindProtocol,
1342 natAddrPortBindLocalAddrType, and
1346 natAddrPortBindLocalAddr)."
1347 ::= { natAddrPortBindEntry 7 }
1349 natAddrPortBindId OBJECT-TYPE
1351 MAX-ACCESS read-only
1354 "This object represents a bind id that is dynamically
1355 assigned to each bind by a NAT enabled device. Each
1356 bind is represented by a unique bind id across both
1357 the natAddrBindTable and the natAddrPortBindTable."
1358 ::= { natAddrPortBindEntry 8 }
1360 natAddrPortBindTranslationEntity OBJECT-TYPE
1361 SYNTAX NatTranslationEntity
1362 MAX-ACCESS read-only
1365 "This object represents the direction of sessions
1366 for which this bind is applicable and the entity
1367 (source or destination) within the sessions that is
1368 subject to translation with the BIND.
1370 Orientation of the bind can be a superset of the
1371 translationEntity of the address map entry that
1372 forms the basis for this bind.
1374 For example, if the translationEntity of an
1375 address map entry is outboundSrcEndPoint, the
1376 translationEntity of a bind derived from this
1377 map entry may either be outboundSrcEndPoint or
1378 may be bidirectional (a bitmask of
1379 outboundSrcEndPoint and inboundDstEndPoint)."
1380 ::= { natAddrPortBindEntry 9 }
1382 natAddrPortBindType OBJECT-TYPE
1383 SYNTAX NatAssociationType
1384 MAX-ACCESS read-only
1387 "This object indicates whether the bind is static or
1389 ::= { natAddrPortBindEntry 10 }
1391 natAddrPortBindMapIndex OBJECT-TYPE
1393 MAX-ACCESS read-only
1399 "This object is a pointer to the natAddrMapTable entry
1400 (and the parameters of that entry) used in
1401 creating this BIND. This object, in conjunction with the
1402 ifIndex (which identifies a unique addrMapName), points
1403 to a unique entry in the natAddrMapTable."
1404 ::= { natAddrPortBindEntry 11 }
1406 natAddrPortBindSessions OBJECT-TYPE
1408 MAX-ACCESS read-only
1411 "Number of sessions currently using this BIND."
1412 ::= { natAddrPortBindEntry 12 }
1414 natAddrPortBindMaxIdleTime OBJECT-TYPE
1416 MAX-ACCESS read-only
1420 "This object indicates the maximum time for
1421 which this bind can be idle without any sessions
1423 The value of this object is of relevance
1424 only for dynamic NAT."
1425 ::= { natAddrPortBindEntry 13 }
1427 natAddrPortBindCurrentIdleTime OBJECT-TYPE
1429 MAX-ACCESS read-only
1432 "At any given instance, this object indicates the
1433 time that this bind has been idle without any sessions
1436 The value of this object is of relevance
1437 only for dynamic NAT."
1438 ::= { natAddrPortBindEntry 14 }
1440 natAddrPortBindInTranslates OBJECT-TYPE
1442 MAX-ACCESS read-only
1448 "The number of inbound packets that were translated as per
1451 Discontinuities in the value of this counter can occur at
1452 reinitialization of the management system and at other
1453 times, as indicated by the value of
1454 ifCounterDiscontinuityTime on the relevant interface."
1455 ::= { natAddrPortBindEntry 15 }
1457 natAddrPortBindOutTranslates OBJECT-TYPE
1459 MAX-ACCESS read-only
1462 "The number of outbound packets that were translated as per
1465 Discontinuities in the value of this counter can occur at
1466 reinitialization of the management system and at other
1467 times, as indicated by the value of
1468 ifCounterDiscontinuityTime on the relevant interface."
1469 ::= { natAddrPortBindEntry 16 }
1472 -- The Session Table
1475 natSessionTable OBJECT-TYPE
1476 SYNTAX SEQUENCE OF NatSessionEntry
1477 MAX-ACCESS not-accessible
1480 "The (conceptual) table containing one entry for each
1481 NAT session currently active on this NAT device."
1482 ::= { natMIBObjects 9 }
1484 natSessionEntry OBJECT-TYPE
1485 SYNTAX NatSessionEntry
1486 MAX-ACCESS not-accessible
1489 "An entry (conceptual row) containing information
1490 about an active NAT session on this NAT device.
1491 These entries are lost upon agent restart."
1492 INDEX { ifIndex, natSessionIndex }
1493 ::= { natSessionTable 1 }
1495 NatSessionEntry ::= SEQUENCE {
1499 natSessionIndex NatSessionId,
1500 natSessionPrivateSrcEPBindId NatBindIdOrZero,
1501 natSessionPrivateSrcEPBindMode NatBindMode,
1502 natSessionPrivateDstEPBindId NatBindIdOrZero,
1503 natSessionPrivateDstEPBindMode NatBindMode,
1504 natSessionDirection INTEGER,
1505 natSessionUpTime TimeTicks,
1506 natSessionAddrMapIndex NatAddrMapId,
1507 natSessionProtocolType NatProtocolType,
1508 natSessionPrivateAddrType InetAddressType,
1509 natSessionPrivateSrcAddr InetAddress,
1510 natSessionPrivateSrcPort InetPortNumber,
1511 natSessionPrivateDstAddr InetAddress,
1512 natSessionPrivateDstPort InetPortNumber,
1513 natSessionPublicAddrType InetAddressType,
1514 natSessionPublicSrcAddr InetAddress,
1515 natSessionPublicSrcPort InetPortNumber,
1516 natSessionPublicDstAddr InetAddress,
1517 natSessionPublicDstPort InetPortNumber,
1518 natSessionMaxIdleTime TimeTicks,
1519 natSessionCurrentIdleTime TimeTicks,
1520 natSessionInTranslates Counter64,
1521 natSessionOutTranslates Counter64
1524 natSessionIndex OBJECT-TYPE
1526 MAX-ACCESS not-accessible
1529 "The session ID for this NAT session."
1530 ::= { natSessionEntry 1 }
1532 natSessionPrivateSrcEPBindId OBJECT-TYPE
1533 SYNTAX NatBindIdOrZero
1534 MAX-ACCESS read-only
1537 "The bind id associated between private and public
1538 source end points. In the case of Symmetric-NAT,
1539 this should be set to zero."
1540 ::= { natSessionEntry 2 }
1542 natSessionPrivateSrcEPBindMode OBJECT-TYPE
1544 MAX-ACCESS read-only
1550 "This object indicates whether the bind indicated
1551 by the object natSessionPrivateSrcEPBindId
1552 is an address bind or an address port bind."
1553 ::= { natSessionEntry 3 }
1555 natSessionPrivateDstEPBindId OBJECT-TYPE
1556 SYNTAX NatBindIdOrZero
1557 MAX-ACCESS read-only
1560 "The bind id associated between private and public
1561 destination end points."
1562 ::= { natSessionEntry 4 }
1564 natSessionPrivateDstEPBindMode OBJECT-TYPE
1566 MAX-ACCESS read-only
1569 "This object indicates whether the bind indicated
1570 by the object natSessionPrivateDstEPBindId
1571 is an address bind or an address port bind."
1572 ::= { natSessionEntry 5 }
1574 natSessionDirection OBJECT-TYPE
1580 MAX-ACCESS read-only
1583 "The direction of this session with respect to the
1584 local network. 'inbound' indicates that this session
1585 was initiated from the public network into the private
1586 network. 'outbound' indicates that this session was
1587 initiated from the private network into the public
1589 ::= { natSessionEntry 6 }
1591 natSessionUpTime OBJECT-TYPE
1593 MAX-ACCESS read-only
1596 "The up time of this session in one-hundredths of a
1601 ::= { natSessionEntry 7 }
1603 natSessionAddrMapIndex OBJECT-TYPE
1605 MAX-ACCESS read-only
1608 "This object is a pointer to the natAddrMapTable entry
1609 (and the parameters of that entry) used in
1610 creating this session. This object, in conjunction with
1611 the ifIndex (which identifies a unique addrMapName), points
1612 to a unique entry in the natAddrMapTable."
1613 ::= { natSessionEntry 8 }
1615 natSessionProtocolType OBJECT-TYPE
1616 SYNTAX NatProtocolType
1617 MAX-ACCESS read-only
1620 "The protocol type of this session."
1621 ::= { natSessionEntry 9 }
1623 natSessionPrivateAddrType OBJECT-TYPE
1624 SYNTAX InetAddressType
1625 MAX-ACCESS read-only
1628 "This object specifies the address type used for
1629 natSessionPrivateSrcAddr and natSessionPrivateDstAddr."
1630 ::= { natSessionEntry 10 }
1632 natSessionPrivateSrcAddr OBJECT-TYPE
1634 MAX-ACCESS read-only
1637 "The source IP address of the session endpoint that
1638 lies in the private network.
1640 The value of this object must be zero only when the
1641 natSessionPrivateSrcEPBindId object has a zero value.
1642 When the value of this object is zero, the NAT session
1643 lookup will match any IP address to this field.
1645 The type of this address is determined by the value of
1646 the natSessionPrivateAddrType object."
1647 ::= { natSessionEntry 11 }
1652 natSessionPrivateSrcPort OBJECT-TYPE
1653 SYNTAX InetPortNumber
1654 MAX-ACCESS read-only
1657 "When the value of protocol is TCP or UDP, this object
1658 represents the source port in the first packet of session
1659 while in private-realm. On the other hand, when the
1660 protocol is ICMP, a NAT session is created only for
1661 query/response type ICMP messages such as ICMP echo,
1662 Timestamp, and Information request messages, and this
1663 object represents the private-realm specific identifier
1664 in the ICMP message, as defined in RFC 792 for ICMPv4
1665 and in RFC 2463 for ICMPv6.
1667 The value of this object must be zero when the
1668 natSessionPrivateSrcEPBindId object has zero value
1669 and value of natSessionPrivateSrcEPBindMode is
1670 addressPortBind(2). In such a case, the NAT session
1671 lookup will match any port number to this field.
1673 The value of this object must be zero when the object
1674 is not a representative field (SrcPort, DstPort, or
1675 ICMP identifier) of the session tuple in either the
1676 public realm or the private realm."
1677 ::= { natSessionEntry 12 }
1679 natSessionPrivateDstAddr OBJECT-TYPE
1681 MAX-ACCESS read-only
1684 "The destination IP address of the session endpoint that
1685 lies in the private network.
1687 The value of this object must be zero when the
1688 natSessionPrivateDstEPBindId object has a zero value.
1689 In such a scenario, the NAT session lookup will match
1690 any IP address to this field.
1692 The type of this address is determined by the value of
1693 the natSessionPrivateAddrType object."
1694 ::= { natSessionEntry 13 }
1696 natSessionPrivateDstPort OBJECT-TYPE
1697 SYNTAX InetPortNumber
1698 MAX-ACCESS read-only
1704 "When the value of protocol is TCP or UDP, this object
1705 represents the destination port in the first packet
1706 of session while in private-realm. On the other hand,
1707 when the protocol is ICMP, this object is not relevant
1708 and should be set to zero.
1710 The value of this object must be zero when the
1711 natSessionPrivateDstEPBindId object has a zero
1712 value and natSessionPrivateDstEPBindMode is set to
1713 addressPortBind(2). In such a case, the NAT session
1714 lookup will match any port number to this field.
1716 The value of this object must be zero when the object
1717 is not a representative field (SrcPort, DstPort, or
1718 ICMP identifier) of the session tuple in either the
1719 public realm or the private realm."
1720 ::= { natSessionEntry 14 }
1722 natSessionPublicAddrType OBJECT-TYPE
1723 SYNTAX InetAddressType
1724 MAX-ACCESS read-only
1727 "This object specifies the address type used for
1728 natSessionPublicSrcAddr and natSessionPublicDstAddr."
1729 ::= { natSessionEntry 15 }
1731 natSessionPublicSrcAddr OBJECT-TYPE
1733 MAX-ACCESS read-only
1736 "The source IP address of the session endpoint that
1737 lies in the public network.
1739 The value of this object must be zero when the
1740 natSessionPrivateSrcEPBindId object has a zero value.
1741 In such a scenario, the NAT session lookup will match
1742 any IP address to this field.
1744 The type of this address is determined by the value of
1745 the natSessionPublicAddrType object."
1746 ::= { natSessionEntry 16 }
1748 natSessionPublicSrcPort OBJECT-TYPE
1749 SYNTAX InetPortNumber
1750 MAX-ACCESS read-only
1756 "When the value of protocol is TCP or UDP, this object
1757 represents the source port in the first packet of
1758 session while in public-realm. On the other hand, when
1759 protocol is ICMP, a NAT session is created only for
1760 query/response type ICMP messages such as ICMP echo,
1761 Timestamp, and Information request messages, and this
1762 object represents the public-realm specific identifier
1763 in the ICMP message, as defined in RFC 792 for ICMPv4
1764 and in RFC 2463 for ICMPv6.
1766 The value of this object must be zero when the
1767 natSessionPrivateSrcEPBindId object has a zero value
1768 and natSessionPrivateSrcEPBindMode is set to
1769 addressPortBind(2). In such a scenario, the NAT
1770 session lookup will match any port number to this
1773 The value of this object must be zero when the object
1774 is not a representative field (SrcPort, DstPort or
1775 ICMP identifier) of the session tuple in either the
1776 public realm or the private realm."
1777 ::= { natSessionEntry 17 }
1779 natSessionPublicDstAddr OBJECT-TYPE
1781 MAX-ACCESS read-only
1784 "The destination IP address of the session endpoint that
1785 lies in the public network.
1787 The value of this object must be non-zero when the
1788 natSessionPrivateDstEPBindId object has a non-zero
1789 value. If the value of this object and the
1790 corresponding natSessionPrivateDstEPBindId object value
1791 is zero, then the NAT session lookup will match any IP
1792 address to this field.
1794 The type of this address is determined by the value of
1795 the natSessionPublicAddrType object."
1796 ::= { natSessionEntry 18 }
1798 natSessionPublicDstPort OBJECT-TYPE
1799 SYNTAX InetPortNumber
1800 MAX-ACCESS read-only
1806 "When the value of protocol is TCP or UDP, this object
1807 represents the destination port in the first packet of
1808 session while in public-realm. On the other hand, when
1809 the protocol is ICMP, this object is not relevant for
1810 translation and should be zero.
1812 The value of this object must be zero when the
1813 natSessionPrivateDstEPBindId object has a zero value
1814 and natSessionPrivateDstEPBindMode is
1815 addressPortBind(2). In such a scenario, the NAT
1816 session lookup will match any port number to this
1819 The value of this object must be zero when the object
1820 is not a representative field (SrcPort, DstPort, or
1821 ICMP identifier) of the session tuple in either the
1822 public realm or the private realm."
1823 ::= { natSessionEntry 19 }
1825 natSessionMaxIdleTime OBJECT-TYPE
1827 MAX-ACCESS read-only
1830 "The max time for which this session can be idle
1831 without detecting a packet."
1832 ::= { natSessionEntry 20 }
1834 natSessionCurrentIdleTime OBJECT-TYPE
1836 MAX-ACCESS read-only
1839 "The time since a packet belonging to this session was
1841 ::= { natSessionEntry 21 }
1843 natSessionInTranslates OBJECT-TYPE
1845 MAX-ACCESS read-only
1848 "The number of inbound packets that were translated for
1851 Discontinuities in the value of this counter can occur at
1852 reinitialization of the management system and at other
1856 times, as indicated by the value of
1857 ifCounterDiscontinuityTime on the relevant interface."
1858 ::= { natSessionEntry 22 }
1860 natSessionOutTranslates OBJECT-TYPE
1862 MAX-ACCESS read-only
1865 "The number of outbound packets that were translated for
1868 Discontinuities in the value of this counter can occur at
1869 reinitialization of the management system and at other
1870 times, as indicated by the value of
1871 ifCounterDiscontinuityTime on the relevant interface."
1872 ::= { natSessionEntry 23 }
1875 -- The Protocol table
1878 natProtocolTable OBJECT-TYPE
1879 SYNTAX SEQUENCE OF NatProtocolEntry
1880 MAX-ACCESS not-accessible
1883 "The (conceptual) table containing per protocol NAT
1885 ::= { natMIBObjects 10 }
1887 natProtocolEntry OBJECT-TYPE
1888 SYNTAX NatProtocolEntry
1889 MAX-ACCESS not-accessible
1892 "An entry (conceptual row) containing NAT statistics
1893 pertaining to a particular protocol."
1894 INDEX { natProtocol }
1895 ::= { natProtocolTable 1 }
1897 NatProtocolEntry ::= SEQUENCE {
1898 natProtocol NatProtocolType,
1899 natProtocolInTranslates Counter64,
1900 natProtocolOutTranslates Counter64,
1901 natProtocolDiscards Counter64
1907 natProtocol OBJECT-TYPE
1908 SYNTAX NatProtocolType
1909 MAX-ACCESS not-accessible
1912 "This object represents the protocol pertaining to which
1913 parameters are reported."
1914 ::= { natProtocolEntry 1 }
1916 natProtocolInTranslates OBJECT-TYPE
1918 MAX-ACCESS read-only
1921 "The number of inbound packets pertaining to the protocol
1922 identified by natProtocol that underwent NAT.
1924 Discontinuities in the value of this counter can occur at
1925 reinitialization of the management system and at other
1926 times, as indicated by the value of
1927 ifCounterDiscontinuityTime on the relevant interface."
1928 ::= { natProtocolEntry 2 }
1930 natProtocolOutTranslates OBJECT-TYPE
1932 MAX-ACCESS read-only
1935 "The number of outbound packets pertaining to the protocol
1936 identified by natProtocol that underwent NAT.
1938 Discontinuities in the value of this counter can occur at
1939 reinitialization of the management system and at other
1940 times, as indicated by the value of
1941 ifCounterDiscontinuityTime on the relevant interface."
1942 ::= { natProtocolEntry 3 }
1944 natProtocolDiscards OBJECT-TYPE
1946 MAX-ACCESS read-only
1949 "The number of packets pertaining to the protocol
1950 identified by natProtocol that had to be
1951 rejected/dropped due to lack of resources. These
1952 rejections could be due to session timeout, resource
1953 unavailability, lack of address space, etc.
1958 Discontinuities in the value of this counter can occur at
1959 reinitialization of the management system and at other
1960 times, as indicated by the value of
1961 ifCounterDiscontinuityTime on the relevant interface."
1962 ::= { natProtocolEntry 4 }
1965 -- Notifications section
1968 natMIBNotifications OBJECT IDENTIFIER ::= { natMIB 0 }
1974 natPacketDiscard NOTIFICATION-TYPE
1978 "This notification is generated when IP packets are
1979 discarded by the NAT function; e.g., due to lack of
1980 mapping space when NAT is out of addresses or ports.
1982 Note that the generation of natPacketDiscard
1983 notifications is throttled by the agent, as specified
1984 by the 'natNotifThrottlingInterval' object."
1985 ::= { natMIBNotifications 1 }
1988 -- Conformance information.
1991 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 }
1993 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 }
1994 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 }
1997 -- Units of conformance
2000 natConfigGroup OBJECT-GROUP
2001 OBJECTS { natInterfaceRealm,
2002 natInterfaceServiceType,
2003 natInterfaceStorageType,
2004 natInterfaceRowStatus,
2009 natAddrMapEntryType,
2010 natAddrMapTranslationEntity,
2011 natAddrMapLocalAddrType,
2012 natAddrMapLocalAddrFrom,
2013 natAddrMapLocalAddrTo,
2014 natAddrMapLocalPortFrom,
2015 natAddrMapLocalPortTo,
2016 natAddrMapGlobalAddrType,
2017 natAddrMapGlobalAddrFrom,
2018 natAddrMapGlobalAddrTo,
2019 natAddrMapGlobalPortFrom,
2020 natAddrMapGlobalPortTo,
2022 natAddrMapStorageType,
2023 natAddrMapRowStatus,
2024 natBindDefIdleTimeout,
2025 natUdpDefIdleTimeout,
2026 natIcmpDefIdleTimeout,
2027 natOtherDefIdleTimeout,
2028 natTcpDefIdleTimeout,
2029 natTcpDefNegTimeout,
2030 natNotifThrottlingInterval }
2033 "A collection of configuration-related information
2034 required to support management of devices supporting
2036 ::= { natMIBGroups 1 }
2038 natTranslationGroup OBJECT-GROUP
2039 OBJECTS { natAddrBindNumberOfEntries,
2040 natAddrBindGlobalAddrType,
2041 natAddrBindGlobalAddr,
2043 natAddrBindTranslationEntity,
2045 natAddrBindMapIndex,
2046 natAddrBindSessions,
2047 natAddrBindMaxIdleTime,
2048 natAddrBindCurrentIdleTime,
2049 natAddrBindInTranslates,
2050 natAddrBindOutTranslates,
2051 natAddrPortBindNumberOfEntries,
2052 natAddrPortBindGlobalAddrType,
2053 natAddrPortBindGlobalAddr,
2054 natAddrPortBindGlobalPort,
2056 natAddrPortBindTranslationEntity,
2060 natAddrPortBindType,
2061 natAddrPortBindMapIndex,
2062 natAddrPortBindSessions,
2063 natAddrPortBindMaxIdleTime,
2064 natAddrPortBindCurrentIdleTime,
2065 natAddrPortBindInTranslates,
2066 natAddrPortBindOutTranslates,
2067 natSessionPrivateSrcEPBindId,
2068 natSessionPrivateSrcEPBindMode,
2069 natSessionPrivateDstEPBindId,
2070 natSessionPrivateDstEPBindMode,
2071 natSessionDirection,
2073 natSessionAddrMapIndex,
2074 natSessionProtocolType,
2075 natSessionPrivateAddrType,
2076 natSessionPrivateSrcAddr,
2077 natSessionPrivateSrcPort,
2078 natSessionPrivateDstAddr,
2079 natSessionPrivateDstPort,
2080 natSessionPublicAddrType,
2081 natSessionPublicSrcAddr,
2082 natSessionPublicSrcPort,
2083 natSessionPublicDstAddr,
2084 natSessionPublicDstPort,
2085 natSessionMaxIdleTime,
2086 natSessionCurrentIdleTime,
2087 natSessionInTranslates,
2088 natSessionOutTranslates }
2092 "A collection of BIND-related objects required to support
2093 management of devices supporting NAT."
2094 ::= { natMIBGroups 2 }
2096 natStatsInterfaceGroup OBJECT-GROUP
2097 OBJECTS { natInterfaceInTranslates,
2098 natInterfaceOutTranslates,
2099 natInterfaceDiscards }
2102 "A collection of NAT statistics associated with the
2103 interface on which NAT is configured, to aid
2104 troubleshooting/monitoring of the NAT operation."
2105 ::= { natMIBGroups 3 }
2107 natStatsProtocolGroup OBJECT-GROUP
2111 OBJECTS { natProtocolInTranslates,
2112 natProtocolOutTranslates,
2113 natProtocolDiscards }
2116 "A collection of protocol specific NAT statistics,
2117 to aid troubleshooting/monitoring of NAT operation."
2118 ::= { natMIBGroups 4 }
2120 natStatsAddrMapGroup OBJECT-GROUP
2121 OBJECTS { natAddrMapInTranslates,
2122 natAddrMapOutTranslates,
2124 natAddrMapAddrUsed }
2127 "A collection of address map specific NAT statistics,
2128 to aid troubleshooting/monitoring of NAT operation."
2129 ::= { natMIBGroups 5 }
2131 natMIBNotificationGroup NOTIFICATION-GROUP
2132 NOTIFICATIONS { natPacketDiscard }
2135 "A collection of notifications generated by
2136 devices supporting this MIB."
2137 ::= { natMIBGroups 6 }
2140 -- Compliance statements
2143 natMIBFullCompliance MODULE-COMPLIANCE
2146 "When this MIB is implemented with support for
2147 read-create, then such an implementation can claim
2148 full compliance. Such devices can then be both
2149 monitored and configured with this MIB.
2151 The following index objects cannot be added as OBJECT
2152 clauses but nevertheless have the compliance
2155 -- OBJECT natAddrBindLocalAddrType
2156 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2158 -- "An implementation is required to support
2162 -- global IPv4 and/or IPv6 addresses, depending
2163 -- on its support for IPv4 and IPv6."
2165 -- OBJECT natAddrBindLocalAddr
2166 -- SYNTAX InetAddress (SIZE(4|16))
2168 -- "An implementation is required to support
2169 -- global IPv4 and/or IPv6 addresses, depending
2170 -- on its support for IPv4 and IPv6."
2172 -- OBJECT natAddrPortBindLocalAddrType
2173 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2175 -- "An implementation is required to support
2176 -- global IPv4 and/or IPv6 addresses, depending
2177 -- on its support for IPv4 and IPv6."
2179 -- OBJECT natAddrPortBindLocalAddr
2180 -- SYNTAX InetAddress (SIZE(4|16))
2182 -- "An implementation is required to support
2183 -- global IPv4 and/or IPv6 addresses, depending
2184 -- on its support for IPv4 and IPv6."
2186 MODULE IF-MIB -- The interfaces MIB, RFC2863
2188 ifCounterDiscontinuityGroup
2191 MODULE -- this module
2192 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup,
2193 natStatsInterfaceGroup }
2195 GROUP natStatsProtocolGroup
2197 "This group is optional."
2198 GROUP natStatsAddrMapGroup
2200 "This group is optional."
2201 GROUP natMIBNotificationGroup
2203 "This group is optional."
2205 OBJECT natAddrMapLocalAddrType
2206 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2208 "An implementation is required to support global IPv4
2209 and/or IPv6 addresses, depending on its support
2215 OBJECT natAddrMapLocalAddrFrom
2216 SYNTAX InetAddress (SIZE(4|16))
2218 "An implementation is required to support global IPv4
2219 and/or IPv6 addresses, depending on its support
2222 OBJECT natAddrMapLocalAddrTo
2223 SYNTAX InetAddress (SIZE(4|16))
2225 "An implementation is required to support global IPv4
2226 and/or IPv6 addresses, depending on its support
2229 OBJECT natAddrMapGlobalAddrType
2230 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2232 "An implementation is required to support global IPv4
2233 and/or IPv6 addresses, depending on its support
2236 OBJECT natAddrMapGlobalAddrFrom
2237 SYNTAX InetAddress (SIZE(4|16))
2239 "An implementation is required to support global IPv4
2240 and/or IPv6 addresses, depending on its support
2243 OBJECT natAddrMapGlobalAddrTo
2244 SYNTAX InetAddress (SIZE(4|16))
2246 "An implementation is required to support global IPv4
2247 and/or IPv6 addresses, depending on its support
2250 OBJECT natAddrBindGlobalAddrType
2251 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2253 "An implementation is required to support global IPv4
2254 and/or IPv6 addresses, depending on its support
2257 OBJECT natAddrBindGlobalAddr
2258 SYNTAX InetAddress (SIZE(4|16))
2260 "An implementation is required to support global IPv4
2264 and/or IPv6 addresses, depending on its support
2267 OBJECT natAddrPortBindGlobalAddrType
2268 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2270 "An implementation is required to support global IPv4
2271 and/or IPv6 addresses, depending on its support
2274 OBJECT natAddrPortBindGlobalAddr
2275 SYNTAX InetAddress (SIZE(4|16))
2277 "An implementation is required to support global IPv4
2278 and/or IPv6 addresses, depending on its support
2281 OBJECT natSessionPrivateAddrType
2282 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2284 "An implementation is required to support global IPv4
2285 and/or IPv6 addresses, depending on its support
2288 OBJECT natSessionPrivateSrcAddr
2289 SYNTAX InetAddress (SIZE(4|16))
2291 "An implementation is required to support global IPv4
2292 and/or IPv6 addresses, depending on its support
2296 OBJECT natSessionPrivateDstAddr
2297 SYNTAX InetAddress (SIZE(4|16))
2299 "An implementation is required to support global IPv4
2300 and/or IPv6 addresses, depending on its support
2303 OBJECT natSessionPublicAddrType
2304 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2306 "An implementation is required to support global IPv4
2307 and/or IPv6 addresses, depending on its support
2310 OBJECT natSessionPublicSrcAddr
2311 SYNTAX InetAddress (SIZE(4|16))
2316 "An implementation is required to support global IPv4
2317 and/or IPv6 addresses, depending on its support
2320 OBJECT natSessionPublicDstAddr
2321 SYNTAX InetAddress (SIZE(4|16))
2323 "An implementation is required to support global IPv4
2324 and/or IPv6 addresses, depending on its support
2327 ::= { natMIBCompliances 1 }
2329 natMIBReadOnlyCompliance MODULE-COMPLIANCE
2332 "When this MIB is implemented without support for
2333 read-create (i.e., in read-only mode), then such an
2334 implementation can claim read-only compliance.
2335 Such a device can then be monitored but cannot be
2336 configured with this MIB.
2338 The following index objects cannot be added as OBJECT
2339 clauses but nevertheless have the compliance
2342 -- OBJECT natAddrBindLocalAddrType
2343 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2345 -- "An implementation is required to support
2346 -- global IPv4 and/or IPv6 addresses, depending
2347 -- on its support for IPv4 and IPv6."
2349 -- OBJECT natAddrBindLocalAddr
2350 -- SYNTAX InetAddress (SIZE(4|16))
2353 -- "An implementation is required to support
2354 -- global IPv4 and/or IPv6 addresses, depending
2355 -- on its support for IPv4 and IPv6."
2357 -- OBJECT natAddrPortBindLocalAddrType
2358 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2360 -- "An implementation is required to support
2361 -- global IPv4 and/or IPv6 addresses, depending
2362 -- on its support for IPv4 and IPv6."
2366 -- OBJECT natAddrPortBindLocalAddr
2367 -- SYNTAX InetAddress (SIZE(4|16))
2369 -- "An implementation is required to support
2370 -- global IPv4 and/or IPv6 addresses, depending
2371 -- on its support for IPv4 and IPv6."
2373 MODULE IF-MIB -- The interfaces MIB, RFC2863
2375 ifCounterDiscontinuityGroup
2378 MODULE -- this module
2379 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup,
2380 natStatsInterfaceGroup }
2382 GROUP natStatsProtocolGroup
2384 "This group is optional."
2385 GROUP natStatsAddrMapGroup
2387 "This group is optional."
2388 GROUP natMIBNotificationGroup
2390 "This group is optional."
2391 OBJECT natInterfaceRowStatus
2392 SYNTAX RowStatus { active(1) }
2393 MIN-ACCESS read-only
2395 "Write access is not required, and active is the only
2396 status that needs to be supported."
2398 OBJECT natAddrMapLocalAddrType
2399 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2400 MIN-ACCESS read-only
2402 "Write access is not required. An implementation is
2403 required to support global IPv4 and/or IPv6 addresses,
2404 depending on its support for IPv4 and IPv6."
2406 OBJECT natAddrMapLocalAddrFrom
2407 SYNTAX InetAddress (SIZE(4|16))
2408 MIN-ACCESS read-only
2410 "Write access is not required. An implementation is
2411 required to support global IPv4 and/or IPv6 addresses,
2412 depending on its support for IPv4 and IPv6."
2417 OBJECT natAddrMapLocalAddrTo
2418 SYNTAX InetAddress (SIZE(4|16))
2419 MIN-ACCESS read-only
2421 "Write access is not required. An implementation is
2422 required to support global IPv4 and/or IPv6 addresses,
2423 depending on its support for IPv4 and IPv6."
2425 OBJECT natAddrMapGlobalAddrType
2426 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2427 MIN-ACCESS read-only
2429 "Write access is not required. An implementation is
2430 required to support global IPv4 and/or IPv6 addresses,
2431 depending on its support for IPv4 and IPv6."
2433 OBJECT natAddrMapGlobalAddrFrom
2434 SYNTAX InetAddress (SIZE(4|16))
2435 MIN-ACCESS read-only
2437 "Write access is not required. An implementation is
2438 required to support global IPv4 and/or IPv6 addresses,
2439 depending on its support for IPv4 and IPv6."
2441 OBJECT natAddrMapGlobalAddrTo
2442 SYNTAX InetAddress (SIZE(4|16))
2443 MIN-ACCESS read-only
2445 "Write access is not required. An implementation is
2446 required to support global IPv4 and/or IPv6 addresses,
2447 depending on its support for IPv4 and IPv6."
2449 OBJECT natAddrMapRowStatus
2450 SYNTAX RowStatus { active(1) }
2451 MIN-ACCESS read-only
2453 "Write access is not required, and active is the only
2454 status that needs to be supported."
2456 OBJECT natAddrBindGlobalAddrType
2457 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2459 "An implementation is required to support global IPv4
2460 and/or IPv6 addresses, depending on its support for
2463 OBJECT natAddrBindGlobalAddr
2464 SYNTAX InetAddress (SIZE(4|16))
2469 "An implementation is required to support global IPv4
2470 and/or IPv6 addresses, depending on its support for
2473 OBJECT natAddrPortBindGlobalAddrType
2474 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2476 "An implementation is required to support global IPv4
2477 and/or IPv6 addresses, depending on its support for
2480 OBJECT natAddrPortBindGlobalAddr
2481 SYNTAX InetAddress (SIZE(4|16))
2483 "An implementation is required to support global IPv4
2484 and/or IPv6 addresses, depending on its support for
2487 OBJECT natSessionPrivateAddrType
2488 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2490 "An implementation is required to support global IPv4
2491 and/or IPv6 addresses, depending on its support for
2494 OBJECT natSessionPrivateSrcAddr
2495 SYNTAX InetAddress (SIZE(4|16))
2497 "An implementation is required to support global IPv4
2498 and/or IPv6 addresses, depending on its support for
2501 OBJECT natSessionPrivateDstAddr
2502 SYNTAX InetAddress (SIZE(4|16))
2504 "An implementation is required to support global IPv4
2505 and/or IPv6 addresses, depending on its support for
2508 OBJECT natSessionPublicAddrType
2509 SYNTAX InetAddressType { ipv4(1), ipv6(2) }
2511 "An implementation is required to support global IPv4
2512 and/or IPv6 addresses, depending on its support for
2515 OBJECT natSessionPublicSrcAddr
2519 SYNTAX InetAddress (SIZE(4|16))
2521 "An implementation is required to support global IPv4
2522 and/or IPv6 addresses, depending on its support for
2525 OBJECT natSessionPublicDstAddr
2526 SYNTAX InetAddress (SIZE(4|16))
2528 "An implementation is required to support global IPv4
2529 and/or IPv6 addresses, depending on its support for
2532 ::= { natMIBCompliances 2 }
projects / platform / upstream / libsmi.git / blob