Delete IPSEC Profile (v2.1)
Delete an IPsec Profile.
Path Parameters
- tenant_id string required
The ID of the tenant.
- profile_id string required
The ID of the IPsec profile.
- 200
- 400
Successful Operation
- application/json
- Schema
- Example (from schema)
Schema
authentication IPSECAuthentication required
The details of the authentication mode for the IPsec Profile.
certificate stringThe certificate authentication for the IPsec Profile.
ikev1_params IKEV1Params
Ikev1 Params: Valid
xauth_id stringThe xauth ID.
xauth_secret stringThe authentication secret. Length must be between 4-128.
xauth_secret_encrypted stringThe xauth secret. Value = True.
xauth_secret_hash stringThe xauth hash. Value = True.
xauth_type string requiredPossible values: [
NONE
,SECRET
]The xauth type.
local_ca_certificate stringThe local CA certificate uploaded for certificate authentication.
local_id string requiredPossible values: [
LOCAL_IP
,DN
,HOSTNAME
,CUSTOM
]The local ID type.
local_id_custom stringThe custom local ID.
passphrase stringPassphrase
passphrase_encrypted stringPassphrase Encrypted: JsonIgnore(value = true)
private_key stringThe private key file uploaded for certificate authentication.
private_key_encrypted stringPrivate Key Encrypted: JsonIgnore(value = true)
remote_ca_certificate stringThe standard VPN endpoint CA certificate uploaded.
remote_id stringThe ID for the standard VPN endpoint in the Remote ID field.
secret stringThe password for PSK authentication.
secret_encrypted stringSecret Encrypted: JsonIgnore(value = true)
secret_hash stringSecret Hash: JsonIgnore(value = true)
type string requiredPossible values: [
NONE
,PSK
,X509
]The authentication type = PSK or Certificates.
x509Objects X509Objects
X509Objects: JsonIgnore(value = true)
certHolder objectcertificate stringCertificate
is_local_ca_cert_set booleanIs Local Ca Cert Set
is_remote_ca_cert_set booleanIs Remote Ca Cert Set
keyPair objectlocal_ca_certificate stringLocal Ca Certificate
local_ca_certs_set object[]Local Ca Certs Set
passphrase stringPassphrase
private_key stringPrivate Key
remote_ca_certificate stringRemote Ca Certificate
remote_ca_certs_set object[]Remote Ca Certs Set
- description
The description of the IPsec profile. Max size = 256.
- dpd_delay int32
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
- dpd_enable boolean
If DPD is enabled for the IPsec profile.
- dpd_timeout int32
The configured DPD timeout period.
esp_group ESPGroup required
The ESP group defined for the IPsec profile.
force_encapsulation booleanThe type of encapsulation is force UDP. The type of encapsulation has to match the encapsulation configured at the standard VPN endpoint.
lifetime int32The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
mode string requiredPossible values: [
TUNNEL
,TRANSPORT
]The IPsec config ESP tunnel mode.
proposals Proposals[] required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Array [dh_groups string requiredPossible values: [
NONE
,MODP768
,MODP1024
,MODP1536
,MODP2048
,MODP3072
,MODP4096
,MODP6144
,MODP8192
,MODP1024S160
,MODP2048S224
,MODP2048S256
,ECP192
,ECP224
,ECP256
,ECP384
,ECP521
,ECP224BP
,ECP256BP
,ECP384BP
,ECP512BP
,CURVE25519
]The DH group values.
encryption string requiredPossible values: [
NONE
,AES128
,AES192
,AES256
,AES128CTR
,AES192CTR
,AES256CTR
,AES128CCM64
,AES192CCM64
,AES256CCM64
,AES128CCM96
,AES192CCM96
,AES256CCM96
,AES128CCM128
,AES192CCM128
,AES256CCM128
,AES128GCM64
,AES192GCM64
,AES256GCM64
,AES128GCM96
,AES192GCM96
,AES256GCM96
,AES128GCM128
,AES192GCM128
,AES256GCM128
,AES128GMAC
,AES192GMAC
,AES256GMAC
,TRIPLEDES
,BLOWFISH128
,BLOWFISH192
,BLOWFISH256
,CAMELLIA128
,CAMELLIA192
,CAMELLIA256
,SERPENT128
,SERPENT192
,SERPENT256
,TWOFISH128
,TWOFISH192
,TWOFISH256
]The encryption values.
hash string requiredPossible values: [
MD5
,SHA1
,SHA256
,SHA384
,SHA512
,SHA256_96
,AESXCBC
,AES128GMAC
,AES192GMAC
,AES256GMAC
]The hash values.
]- id string
The ID of the IPsec profile.
ike_group IKEGroup required
The IKE group defined on the IPsec profile.
aggressive booleanIf aggressive mode is selecetd, the source interface or endpoint is behind NAT or there are multiple tunnels to the same remote endpoint.
key_exchange string requiredPossible values: [
IKEV1
,IKEV2
]The key exchange for the IKE group = IKEv1 or IKEv2.
lifetime int32The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
port int32The port number of the communication port. The default port is 500. The port number configured in the IKE group has to be the same as the port number configured in the standard VPN endpoint IKE group.
proposals Proposals[] required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Array [dh_groups string requiredPossible values: [
NONE
,MODP768
,MODP1024
,MODP1536
,MODP2048
,MODP3072
,MODP4096
,MODP6144
,MODP8192
,MODP1024S160
,MODP2048S224
,MODP2048S256
,ECP192
,ECP224
,ECP256
,ECP384
,ECP521
,ECP224BP
,ECP256BP
,ECP384BP
,ECP512BP
,CURVE25519
]The DH group values.
encryption string requiredPossible values: [
NONE
,AES128
,AES192
,AES256
,AES128CTR
,AES192CTR
,AES256CTR
,AES128CCM64
,AES192CCM64
,AES256CCM64
,AES128CCM96
,AES192CCM96
,AES256CCM96
,AES128CCM128
,AES192CCM128
,AES256CCM128
,AES128GCM64
,AES192GCM64
,AES256GCM64
,AES128GCM96
,AES192GCM96
,AES256GCM96
,AES128GCM128
,AES192GCM128
,AES256GCM128
,AES128GMAC
,AES192GMAC
,AES256GMAC
,TRIPLEDES
,BLOWFISH128
,BLOWFISH192
,BLOWFISH256
,CAMELLIA128
,CAMELLIA192
,CAMELLIA256
,SERPENT128
,SERPENT192
,SERPENT256
,TWOFISH128
,TWOFISH192
,TWOFISH256
]The encryption values.
hash string requiredPossible values: [
MD5
,SHA1
,SHA256
,SHA384
,SHA512
,SHA256_96
,AESXCBC
,AES128GMAC
,AES192GMAC
,AES256GMAC
]The hash values.
]reauth booleanThe mode for IKEv2. If selected, then a new tunnel has to be re-negotiated when the lifetime is reached.
- name string required
The name of the IPsec profile. Max size = 128.
- tags string[]
An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.
{
"authentication": {
"certificate": "string",
"ikev1_params": {
"xauth_id": "string",
"xauth_secret": "string",
"xauth_secret_encrypted": "string",
"xauth_secret_hash": "string",
"xauth_type": "NONE"
},
"local_ca_certificate": "string",
"local_id": "LOCAL_IP",
"local_id_custom": "string",
"passphrase": "string",
"passphrase_encrypted": "string",
"private_key": "string",
"private_key_encrypted": "string",
"remote_ca_certificate": "string",
"remote_id": "string",
"secret": "string",
"secret_encrypted": "string",
"secret_hash": "string",
"type": "NONE",
"x509Objects": {
"certHolder": {},
"certificate": "string",
"is_local_ca_cert_set": true,
"is_remote_ca_cert_set": true,
"keyPair": {},
"local_ca_certificate": "string",
"local_ca_certs_set": [
{}
],
"passphrase": "string",
"private_key": "string",
"remote_ca_certificate": "string",
"remote_ca_certs_set": [
{}
]
}
},
"dpd_delay": 0,
"dpd_enable": true,
"dpd_timeout": 0,
"esp_group": {
"force_encapsulation": true,
"lifetime": 0,
"mode": "TUNNEL",
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
},
"id": "string",
"ike_group": {
"aggressive": true,
"key_exchange": "IKEV1",
"lifetime": 0,
"port": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
],
"reauth": true
},
"name": "string",
"tags": [
"string"
]
}
Bad Request
- application/json
- Schema
- Example (from schema)
- Example
Schema
_error ErrorResponse[]
Array [code stringmessage string]
{
"_error": [
{
"code": "string",
"message": "string"
}
]
}
{
"value": {
"_error": [
{
"code": "INVALID_JSON_VALUE"
}
]
}
}