Get IPSEC Profile (v2.1)

GET /v2.1/api/tenants/:tenant_id/ipsecprofiles/:profile_id

List a specific IPsec Profile.

Request

Path Parameters

tenant_id stringrequired

The ID of the tenant.

profile_id stringrequired

The ID of the IPsec profile.

Responses

Successful Operation

application/json

Schema
Example (from schema)

Schema

authentication IPSECAuthenticationrequired

The details of the authentication mode for the IPsec Profile.

certificate string

The certificate authentication for the IPsec Profile.

ikev1_params IKEV1Params

Ikev1 Params: Valid

xauth_id string

The xauth ID.

xauth_secret string

The authentication secret. Length must be between 4-128.

xauth_secret_encrypted string

The xauth secret. Value = True.

xauth_secret_hash string

The xauth hash. Value = True.

xauth_type stringrequired

Possible values: [NONE, SECRET]

The xauth type.

local_ca_certificate string

The local CA certificate uploaded for certificate authentication.

local_id stringrequired

Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM]

The local ID type.

local_id_custom string

The custom local ID.

passphrase string

Passphrase

passphrase_encrypted string

Passphrase Encrypted: JsonIgnore(value = true)

private_key string

The private key file uploaded for certificate authentication.

private_key_encrypted string

Private Key Encrypted: JsonIgnore(value = true)

remote_ca_certificate string

The standard VPN endpoint CA certificate uploaded.

remote_id string

The ID for the standard VPN endpoint in the Remote ID field.

secret string

The password for PSK authentication.

secret_encrypted string

Secret Encrypted: JsonIgnore(value = true)

secret_hash string

Secret Hash: JsonIgnore(value = true)

type stringrequired

Possible values: [NONE, PSK, X509]

The authentication type = PSK or Certificates.

x509Objects X509Objects

X509Objects: JsonIgnore(value = true)

certHolder object

certificate string

Certificate

is_local_ca_cert_set boolean

Is Local Ca Cert Set

is_remote_ca_cert_set boolean

Is Remote Ca Cert Set

keyPair object

local_ca_certificate string

Local Ca Certificate

local_ca_certs_set object[]

Local Ca Certs Set

passphrase string

Passphrase

private_key string

Private Key

remote_ca_certificate string

Remote Ca Certificate

remote_ca_certs_set object[]

Remote Ca Certs Set

description

The description of the IPsec profile. Max size = 256.

dpd_delay int32

The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.

dpd_enable boolean

If DPD is enabled for the IPsec profile.

dpd_timeout int32

The configured DPD timeout period.

esp_group ESPGrouprequired

The ESP group defined for the IPsec profile.

force_encapsulation boolean

The type of encapsulation is force UDP. The type of encapsulation has to match the encapsulation configured at the standard VPN endpoint.

lifetime int32

The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.

mode stringrequired

Possible values: [TUNNEL, TRANSPORT]

The IPsec config ESP tunnel mode.

proposals Proposals[]required

Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.

Array [

dh_groups stringrequired

Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

The DH group values.

encryption stringrequired

Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM64, AES192GCM64, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

The encryption values.

hash stringrequired

Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC]

The hash values.

]

id string

The ID of the IPsec profile.

ike_group IKEGrouprequired

The IKE group defined on the IPsec profile.

aggressive boolean

If aggressive mode is selecetd, the source interface or endpoint is behind NAT or there are multiple tunnels to the same remote endpoint.

key_exchange stringrequired

Possible values: [IKEV1, IKEV2]

The key exchange for the IKE group = IKEv1 or IKEv2.

lifetime int32

The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.

port int32

The port number of the communication port. The default port is 500. The port number configured in the IKE group has to be the same as the port number configured in the standard VPN endpoint IKE group.

proposals Proposals[]required

Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.

Array [

dh_groups stringrequired

The DH group values.

encryption stringrequired

The encryption values.

hash stringrequired

Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC]

The hash values.

]

reauth boolean

The mode for IKEv2. If selected, then a new tunnel has to be re-negotiated when the lifetime is reached.

name stringrequired

The name of the IPsec profile. Max size = 128.

tags string[]

An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

{
  "authentication": {
    "certificate": "string",
    "ikev1_params": {
      "xauth_id": "string",
      "xauth_secret": "string",
      "xauth_secret_encrypted": "string",
      "xauth_secret_hash": "string",
      "xauth_type": "NONE"
    },
    "local_ca_certificate": "string",
    "local_id": "LOCAL_IP",
    "local_id_custom": "string",
    "passphrase": "string",
    "passphrase_encrypted": "string",
    "private_key": "string",
    "private_key_encrypted": "string",
    "remote_ca_certificate": "string",
    "remote_id": "string",
    "secret": "string",
    "secret_encrypted": "string",
    "secret_hash": "string",
    "type": "NONE",
    "x509Objects": {
      "certHolder": {},
      "certificate": "string",
      "is_local_ca_cert_set": true,
      "is_remote_ca_cert_set": true,
      "keyPair": {},
      "local_ca_certificate": "string",
      "local_ca_certs_set": [
        {}
      ],
      "passphrase": "string",
      "private_key": "string",
      "remote_ca_certificate": "string",
      "remote_ca_certs_set": [
        {}
      ]
    }
  },
  "dpd_delay": 0,
  "dpd_enable": true,
  "dpd_timeout": 0,
  "esp_group": {
    "force_encapsulation": true,
    "lifetime": 0,
    "mode": "TUNNEL",
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ]
  },
  "id": "string",
  "ike_group": {
    "aggressive": true,
    "key_exchange": "IKEV1",
    "lifetime": 0,
    "port": 0,
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ],
    "reauth": true
  },
  "name": "string",
  "tags": [
    "string"
  ]
}

Get IPSEC Profile (v2.1)

/v2.1/api/tenants/:tenant_id/ipsecprofiles/:profile_id

Request​

Path Parameters

Responses​

Request

Responses