Query DB for IPSEC Profiles (v2.1)
POST/v2.1/api/tenants/:tenant_id/ipsecprofiles/query
Query the DB for limit number of tenant level IPsec profiles that match the query parameters.
Request
Path Parameters
The ID of the tenant.
- application/json
Body
Query Details for IPSECProfile
- Array [
- ]
- Array [
- ]
authentication IPSECAuthenticationV1required
The details of the authentication mode for the IPsec Profile.
The certificate authentication for the IPsec Profile.
Certificate Profile Id
Comment
ikev1_params IKEV1Params
Ikev1 Params: Valid
The xauth ID.
The authentication secret. Length must be between 4-128.
The xauth secret. Value = True.
The xauth hash. Value = True.
Possible values: [NONE
, SECRET
]
The xauth type.
The local CA certificate uploaded for certificate authentication.
Possible values: [LOCAL_IP
, DN
, HOSTNAME
, CUSTOM
, NONE
]
The local ID type.
The custom local ID.
Local Pa Certificate Id
Pa Master Key Id
Passphrase
Passphrase Encrypted: JsonIgnore(value = true)
Possible values: [EXACT
, WILDCARD
]
Peer Id Check
Permit Peer Id Mismatch
The private key file uploaded for certificate authentication.
Private Key Encrypted: JsonIgnore(value = true)
The standard VPN endpoint CA certificate uploaded.
The ID for the standard VPN endpoint in the Remote ID field.
The password for PSK authentication.
Secret Encrypted: JsonIgnore(value = true)
Secret Hash: JsonIgnore(value = true)
Strict Validation Peer Extended Key Use
Possible values: [NONE
, PSK
, X509
]
The authentication type = PSK or Certificates.
x509Objects X509Objects
X509Objects: JsonIgnore(value = true)
Certificate
Is Local Ca Cert Set
Is Remote Ca Cert Set
Local Ca Certificate
Local Ca Certs Set
Passphrase
Private Key
Remote Ca Certificate
Remote Ca Certs Set
The description of the IPsec profile. Max size = 256.
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
The configured DPD timeout period.
esp_group ESPGrouprequired
The ESP group defined for the IPsec profile.
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The ID of the IPsec profile.
ike_group IKEGrouprequired
The IKE group defined on the IPsec profile.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The name of the IPsec profile. Max size = 128.
An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.
Responses
- 200
- 400
Successful Operation
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- Array [
- ]
- Array [
- ]
- ]
The actual count.
The deleted number.
The deleted IDs.
Description of the query. Max size = 256.
The ID.
Details of the next query.
The tenant ID.
Total number.
items IPSECProfileQueryFilter[]
authentication IPSECAuthenticationV1required
The details of the authentication mode for the IPsec Profile.
The certificate authentication for the IPsec Profile.
Certificate Profile Id
Comment
ikev1_params IKEV1Params
Ikev1 Params: Valid
The xauth ID.
The authentication secret. Length must be between 4-128.
The xauth secret. Value = True.
The xauth hash. Value = True.
Possible values: [NONE
, SECRET
]
The xauth type.
The local CA certificate uploaded for certificate authentication.
Possible values: [LOCAL_IP
, DN
, HOSTNAME
, CUSTOM
, NONE
]
The local ID type.
The custom local ID.
Local Pa Certificate Id
Pa Master Key Id
Passphrase
Passphrase Encrypted: JsonIgnore(value = true)
Possible values: [EXACT
, WILDCARD
]
Peer Id Check
Permit Peer Id Mismatch
The private key file uploaded for certificate authentication.
Private Key Encrypted: JsonIgnore(value = true)
The standard VPN endpoint CA certificate uploaded.
The ID for the standard VPN endpoint in the Remote ID field.
The password for PSK authentication.
Secret Encrypted: JsonIgnore(value = true)
Secret Hash: JsonIgnore(value = true)
Strict Validation Peer Extended Key Use
Possible values: [NONE
, PSK
, X509
]
The authentication type = PSK or Certificates.
x509Objects X509Objects
X509Objects: JsonIgnore(value = true)
Certificate
Is Local Ca Cert Set
Is Remote Ca Cert Set
Local Ca Certificate
Local Ca Certs Set
Passphrase
Private Key
Remote Ca Certificate
Remote Ca Certs Set
The description of the IPsec profile. Max size = 256.
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
The configured DPD timeout period.
esp_group ESPGrouprequired
The ESP group defined for the IPsec profile.
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The ID of the IPsec profile.
ike_group IKEGrouprequired
The IKE group defined on the IPsec profile.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The name of the IPsec profile. Max size = 128.
An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.
{
"count": 0,
"deleted_count": 0,
"deleted_ids": [
"string"
],
"id": "string",
"next_query": {},
"tenant_id": "string",
"total_count": 0,
"items": [
{
"authentication": {
"certificate": "string",
"certificate_profile_id": "string",
"comment": "string",
"ikev1_params": {
"xauth_id": "string",
"xauth_secret": "string",
"xauth_secret_encrypted": "string",
"xauth_secret_hash": "string",
"xauth_type": "NONE"
},
"local_ca_certificate": "string",
"local_id": "LOCAL_IP",
"local_id_custom": "string",
"local_pa_certificate_id": "string",
"pa_master_key_id": "string",
"passphrase": "string",
"passphrase_encrypted": "string",
"peer_id_check": "EXACT",
"permit_peer_id_mismatch": true,
"private_key": "string",
"private_key_encrypted": "string",
"remote_ca_certificate": "string",
"remote_id": "string",
"secret": "string",
"secret_encrypted": "string",
"secret_hash": "string",
"strict_validation_peer_extended_key_use": true,
"type": "NONE",
"x509Objects": {
"certHolder": {},
"certificate": "string",
"is_local_ca_cert_set": true,
"is_remote_ca_cert_set": true,
"keyPair": {},
"local_ca_certificate": "string",
"local_ca_certs_set": [
{}
],
"passphrase": "string",
"private_key": "string",
"remote_ca_certificate": "string",
"remote_ca_certs_set": [
{}
]
}
},
"dpd_delay": 0,
"dpd_enable": true,
"dpd_timeout": 0,
"esp_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
},
"id": "string",
"ike_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
},
"name": "string",
"tags": [
"string"
]
}
]
}
Bad Request
- application/json
- Schema
- Example (from schema)
- Example
Schema
- Array [
- ]
_error ErrorResponse[]
The error code.
The error message.
{
"_error": [
{
"code": "string",
"message": "string"
}
]
}
{
"value": {
"_error": [
{
"code": "BAD_QUERY_REQUEST"
}
]
}
}