Query DB for IPSEC Profiles (v2.1)
POST/v2.1/api/tenants/:tenant_id/ipsecprofiles/query
Query the DB for limit number of tenant level IPsec profiles that match the query parameters.
Request
Path Parameters
The ID of the tenant.
- application/json
Body
Query Details for IPSECProfile
- Array [
- ]
- Array [
- ]
authentication IPSECAuthenticationrequired
The details of the authentication mode for the IPsec Profile.
The certificate authentication for the IPsec Profile.
Certificate Profile Id
Comment
ikev1_params IKEV1Params
Ikev1 Params: Valid
The xauth ID.
The authentication secret. Length must be between 4-128.
The xauth secret. Value = True.
The xauth hash. Value = True.
Possible values: [NONE
, SECRET
]
The xauth type.
The local CA certificate uploaded for certificate authentication.
Possible values: [LOCAL_IP
, DN
, HOSTNAME
, CUSTOM
, NONE
]
The local ID type.
The custom local ID.
Local Pa Certificate Id
Pa Master Key Id
Passphrase
Passphrase Encrypted: JsonIgnore(value = true)
Possible values: [EXACT
, WILDCARD
]
Peer Id Check
Permit Peer Id Mismatch
The private key file uploaded for certificate authentication.
Private Key Encrypted: JsonIgnore(value = true)
The standard VPN endpoint CA certificate uploaded.
The ID for the standard VPN endpoint in the Remote ID field.
The password for PSK authentication.
Secret Encrypted: JsonIgnore(value = true)
Secret Hash: JsonIgnore(value = true)
Strict Validation Peer Extended Key Use
Possible values: [NONE
, PSK
, X509
]
The authentication type = PSK or Certificates.
x509Objects X509Objects
X509Objects: JsonIgnore(value = true)
Certificate
Is Local Ca Cert Set
Is Remote Ca Cert Set
Local Ca Certificate
Local Ca Certs Set
Passphrase
Private Key
Remote Ca Certificate
Remote Ca Certs Set
The description of the IPsec profile. Max size = 256.
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
The configured DPD timeout period.
esp_group ESPGrouprequired
The ESP group defined for the IPsec profile.
The type of encapsulation is force UDP. The type of encapsulation has to match the encapsulation configured at the standard VPN endpoint.
lifesize Lifesize
Lifesize
Units
Value
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
Lifetime Units
Possible values: [TUNNEL
, TRANSPORT
]
The IPsec config ESP tunnel mode.
proposals Proposals[]
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
responder_sase_proposals ResponderSaseProposals
Responder Sase Proposals
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
Dh Group
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The ID of the IPsec profile.
ike_group IKEGrouprequired
The IKE group defined on the IPsec profile.
If aggressive mode is selecetd, the source interface or endpoint is behind NAT or there are multiple tunnels to the same remote endpoint.
Authentication Multiple
Possible values: [IKEV1
, IKEV2
]
The key exchange for the IKE group = IKEv1 or IKEv2.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
Lifetime Units
The port number of the communication port. The default port is 500. The port number configured in the IKE group has to be the same as the port number configured in the standard VPN endpoint IKE group.
proposals Proposals[]
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The mode for IKEv2. If selected, then a new tunnel has to be re-negotiated when the lifetime is reached.
The name of the IPsec profile. Max size = 128.
An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.
Responses
- 200
- 400
Successful Operation
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- Array [
- ]
- Array [
- ]
- ]
The actual count.
The deleted number.
The deleted IDs.
Description of the query. Max size = 256.
The ID.
Details of the next query.
The tenant ID.
Total number.
items IPSECProfileQueryFilter[]
authentication IPSECAuthenticationrequired
The details of the authentication mode for the IPsec Profile.
The certificate authentication for the IPsec Profile.
Certificate Profile Id
Comment
ikev1_params IKEV1Params
Ikev1 Params: Valid
The xauth ID.
The authentication secret. Length must be between 4-128.
The xauth secret. Value = True.
The xauth hash. Value = True.
Possible values: [NONE
, SECRET
]
The xauth type.
The local CA certificate uploaded for certificate authentication.
Possible values: [LOCAL_IP
, DN
, HOSTNAME
, CUSTOM
, NONE
]
The local ID type.
The custom local ID.
Local Pa Certificate Id
Pa Master Key Id
Passphrase
Passphrase Encrypted: JsonIgnore(value = true)
Possible values: [EXACT
, WILDCARD
]
Peer Id Check
Permit Peer Id Mismatch
The private key file uploaded for certificate authentication.
Private Key Encrypted: JsonIgnore(value = true)
The standard VPN endpoint CA certificate uploaded.
The ID for the standard VPN endpoint in the Remote ID field.
The password for PSK authentication.
Secret Encrypted: JsonIgnore(value = true)
Secret Hash: JsonIgnore(value = true)
Strict Validation Peer Extended Key Use
Possible values: [NONE
, PSK
, X509
]
The authentication type = PSK or Certificates.
x509Objects X509Objects
X509Objects: JsonIgnore(value = true)
Certificate
Is Local Ca Cert Set
Is Remote Ca Cert Set
Local Ca Certificate
Local Ca Certs Set
Passphrase
Private Key
Remote Ca Certificate
Remote Ca Certs Set
The description of the IPsec profile. Max size = 256.
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
The configured DPD timeout period.
esp_group ESPGrouprequired
The ESP group defined for the IPsec profile.
The type of encapsulation is force UDP. The type of encapsulation has to match the encapsulation configured at the standard VPN endpoint.
lifesize Lifesize
Lifesize
Units
Value
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
Lifetime Units
Possible values: [TUNNEL
, TRANSPORT
]
The IPsec config ESP tunnel mode.
proposals Proposals[]
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
responder_sase_proposals ResponderSaseProposals
Responder Sase Proposals
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
Dh Group
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The ID of the IPsec profile.
ike_group IKEGrouprequired
The IKE group defined on the IPsec profile.
If aggressive mode is selecetd, the source interface or endpoint is behind NAT or there are multiple tunnels to the same remote endpoint.
Authentication Multiple
Possible values: [IKEV1
, IKEV2
]
The key exchange for the IKE group = IKEv1 or IKEv2.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
Lifetime Units
The port number of the communication port. The default port is 500. The port number configured in the IKE group has to be the same as the port number configured in the standard VPN endpoint IKE group.
proposals Proposals[]
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The mode for IKEv2. If selected, then a new tunnel has to be re-negotiated when the lifetime is reached.
The name of the IPsec profile. Max size = 128.
An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.
{
"count": 0,
"deleted_count": 0,
"deleted_ids": [
"string"
],
"id": "string",
"next_query": {},
"tenant_id": "string",
"total_count": 0,
"items": [
{
"authentication": {
"certificate": "string",
"certificate_profile_id": "string",
"comment": "string",
"ikev1_params": {
"xauth_id": "string",
"xauth_secret": "string",
"xauth_secret_encrypted": "string",
"xauth_secret_hash": "string",
"xauth_type": "NONE"
},
"local_ca_certificate": "string",
"local_id": "LOCAL_IP",
"local_id_custom": "string",
"local_pa_certificate_id": "string",
"pa_master_key_id": "string",
"passphrase": "string",
"passphrase_encrypted": "string",
"peer_id_check": "EXACT",
"permit_peer_id_mismatch": true,
"private_key": "string",
"private_key_encrypted": "string",
"remote_ca_certificate": "string",
"remote_id": "string",
"secret": "string",
"secret_encrypted": "string",
"secret_hash": "string",
"strict_validation_peer_extended_key_use": true,
"type": "NONE",
"x509Objects": {
"certHolder": {},
"certificate": "string",
"is_local_ca_cert_set": true,
"is_remote_ca_cert_set": true,
"keyPair": {},
"local_ca_certificate": "string",
"local_ca_certs_set": [
{}
],
"passphrase": "string",
"private_key": "string",
"remote_ca_certificate": "string",
"remote_ca_certs_set": [
{}
]
}
},
"dpd_delay": 0,
"dpd_enable": true,
"dpd_timeout": 0,
"esp_group": {
"force_encapsulation": true,
"lifesize": {
"units": "string",
"value": 0
},
"lifetime": 0,
"lifetime_units": "string",
"mode": "TUNNEL",
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
],
"responder_sase_proposals": {
"dh_group": [
"NONE"
],
"encryption": [
"NONE"
],
"hash": [
"MD5"
]
}
},
"id": "string",
"ike_group": {
"aggressive": true,
"authentication_multiple": 0,
"key_exchange": "IKEV1",
"lifetime": 0,
"lifetime_units": "string",
"port": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
],
"reauth": true
},
"name": "string",
"tags": [
"string"
]
}
]
}
Bad Request
- application/json
- Schema
- Example (from schema)
- Example
Schema
- Array [
- ]
_error ErrorResponse[]
The error code.
The error message.
{
"_error": [
{
"code": "string",
"message": "string"
}
]
}
{
"value": {
"_error": [
{
"code": "BAD_QUERY_REQUEST"
}
]
}
}