Get IPSEC Profile (v2.1)

List a specific IPsec Profile.

Path Parameters

tenant_id string required
The ID of the tenant.
profile_id string required
The ID of the IPsec profile.

Responses

Successful Operation

application/json

Schema
Example (from schema)

Schema

authentication IPSECAuthentication required
The details of the authentication mode for the IPsec Profile.
certificate string
The certificate authentication for the IPsec Profile.
ikev1_params IKEV1Params
Ikev1 Params: Valid
xauth_id string
The xauth ID.
xauth_secret string
The authentication secret. Length must be between 4-128.
xauth_secret_encrypted string
The xauth secret. Value = True.
xauth_secret_hash string
The xauth hash. Value = True.
xauth_type string required
Possible values: [NONE, SECRET]
The xauth type.
local_ca_certificate string
The local CA certificate uploaded for certificate authentication.
local_id string required
Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM]
The local ID type.
local_id_custom string
The custom local ID.
passphrase string
Passphrase
passphrase_encrypted string
Passphrase Encrypted: JsonIgnore(value = true)
private_key string
The private key file uploaded for certificate authentication.
private_key_encrypted string
Private Key Encrypted: JsonIgnore(value = true)
remote_ca_certificate string
The standard VPN endpoint CA certificate uploaded.
remote_id string
The ID for the standard VPN endpoint in the Remote ID field.
secret string
The password for PSK authentication.
secret_encrypted string
Secret Encrypted: JsonIgnore(value = true)
secret_hash string
Secret Hash: JsonIgnore(value = true)
type string required
Possible values: [NONE, PSK, X509]
The authentication type = PSK or Certificates.
x509Objects X509Objects
X509Objects: JsonIgnore(value = true)
certHolder object
certificate string
Certificate
is_local_ca_cert_set boolean
Is Local Ca Cert Set
is_remote_ca_cert_set boolean
Is Remote Ca Cert Set
keyPair object
local_ca_certificate string
Local Ca Certificate
local_ca_certs_set object[]
Local Ca Certs Set
passphrase string
Passphrase
private_key string
Private Key
remote_ca_certificate string
Remote Ca Certificate
remote_ca_certs_set object[]
Remote Ca Certs Set
description
The description of the IPsec profile. Max size = 256.
dpd_delay int32
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
dpd_enable boolean
If DPD is enabled for the IPsec profile.
dpd_timeout int32
The configured DPD timeout period.
esp_group ESPGroup required
The ESP group defined for the IPsec profile.
force_encapsulation boolean
The type of encapsulation is force UDP. The type of encapsulation has to match the encapsulation configured at the standard VPN endpoint.
lifetime int32
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
mode string required
Possible values: [TUNNEL, TRANSPORT]
The IPsec config ESP tunnel mode.
proposals Proposals[] required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Array [
dh_groups string required
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
encryption string required
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM64, AES192GCM64, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
hash string required
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC]
The hash values.
]
id string
The ID of the IPsec profile.
ike_group IKEGroup required
The IKE group defined on the IPsec profile.
aggressive boolean
If aggressive mode is selecetd, the source interface or endpoint is behind NAT or there are multiple tunnels to the same remote endpoint.
key_exchange string required
Possible values: [IKEV1, IKEV2]
The key exchange for the IKE group = IKEv1 or IKEv2.
lifetime int32
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
port int32
The port number of the communication port. The default port is 500. The port number configured in the IKE group has to be the same as the port number configured in the standard VPN endpoint IKE group.
proposals Proposals[] required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Array [
dh_groups string required
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
encryption string required
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM64, AES192GCM64, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
hash string required
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC]
The hash values.
]
reauth boolean
The mode for IKEv2. If selected, then a new tunnel has to be re-negotiated when the lifetime is reached.
name string required
The name of the IPsec profile. Max size = 128.
tags string[]
An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

{
  "authentication": {
    "certificate": "string",
    "ikev1_params": {
      "xauth_id": "string",
      "xauth_secret": "string",
      "xauth_secret_encrypted": "string",
      "xauth_secret_hash": "string",
      "xauth_type": "NONE"
    },
    "local_ca_certificate": "string",
    "local_id": "LOCAL_IP",
    "local_id_custom": "string",
    "passphrase": "string",
    "passphrase_encrypted": "string",
    "private_key": "string",
    "private_key_encrypted": "string",
    "remote_ca_certificate": "string",
    "remote_id": "string",
    "secret": "string",
    "secret_encrypted": "string",
    "secret_hash": "string",
    "type": "NONE",
    "x509Objects": {
      "certHolder": {},
      "certificate": "string",
      "is_local_ca_cert_set": true,
      "is_remote_ca_cert_set": true,
      "keyPair": {},
      "local_ca_certificate": "string",
      "local_ca_certs_set": [
        {}
      ],
      "passphrase": "string",
      "private_key": "string",
      "remote_ca_certificate": "string",
      "remote_ca_certs_set": [
        {}
      ]
    }
  },
  "dpd_delay": 0,
  "dpd_enable": true,
  "dpd_timeout": 0,
  "esp_group": {
    "force_encapsulation": true,
    "lifetime": 0,
    "mode": "TUNNEL",
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ]
  },
  "id": "string",
  "ike_group": {
    "aggressive": true,
    "key_exchange": "IKEV1",
    "lifetime": 0,
    "port": 0,
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ],
    "reauth": true
  },
  "name": "string",
  "tags": [
    "string"
  ]
}

Get IPSEC Profile (v2.1)​

Get IPSEC Profile (v2.1)