Skip to main content

Create IPSEC Profile (v2.1)

POST 

/v2.1/api/tenants/:tenant_id/ipsecprofiles

Create a new IPsec profile.

Request

Path Parameters

    tenant_id stringrequired

    The ID of the tenant.

Body

Details of the IPSEC profile to be created

    authentication IPSECAuthenticationrequired

    The details of the authentication mode for the IPsec Profile.

    certificate string

    The certificate authentication for the IPsec Profile.

    certificate_profile_id string

    Certificate Profile Id

    comment string

    Comment

    ikev1_params IKEV1Params

    Ikev1 Params: Valid

    xauth_id string

    The xauth ID.

    xauth_secret string

    The authentication secret. Length must be between 4-128.

    xauth_secret_encrypted string

    The xauth secret. Value = True.

    xauth_secret_hash string

    The xauth hash. Value = True.

    xauth_type stringrequired

    Possible values: [NONE, SECRET]

    The xauth type.

    local_ca_certificate string

    The local CA certificate uploaded for certificate authentication.

    local_id stringrequired

    Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM, NONE]

    The local ID type.

    local_id_custom string

    The custom local ID.

    local_pa_certificate_id string

    Local Pa Certificate Id

    pa_master_key_id string

    Pa Master Key Id

    passphrase string

    Passphrase

    passphrase_encrypted string

    Passphrase Encrypted: JsonIgnore(value = true)

    peer_id_check string

    Possible values: [EXACT, WILDCARD]

    Peer Id Check

    permit_peer_id_mismatch boolean

    Permit Peer Id Mismatch

    private_key string

    The private key file uploaded for certificate authentication.

    private_key_encrypted string

    Private Key Encrypted: JsonIgnore(value = true)

    remote_ca_certificate string

    The standard VPN endpoint CA certificate uploaded.

    remote_id string

    The ID for the standard VPN endpoint in the Remote ID field.

    secret string

    The password for PSK authentication.

    secret_encrypted string

    Secret Encrypted: JsonIgnore(value = true)

    secret_hash string

    Secret Hash: JsonIgnore(value = true)

    strict_validation_peer_extended_key_use boolean

    Strict Validation Peer Extended Key Use

    type stringrequired

    Possible values: [NONE, PSK, X509]

    The authentication type = PSK or Certificates.

    x509Objects X509Objects

    X509Objects: JsonIgnore(value = true)

    certHolder object
    certificate string

    Certificate

    is_local_ca_cert_set boolean

    Is Local Ca Cert Set

    is_remote_ca_cert_set boolean

    Is Remote Ca Cert Set

    keyPair object
    local_ca_certificate string

    Local Ca Certificate

    local_ca_certs_set object[]

    Local Ca Certs Set

    passphrase string

    Passphrase

    private_key string

    Private Key

    remote_ca_certificate string

    Remote Ca Certificate

    remote_ca_certs_set object[]

    Remote Ca Certs Set

    description

    The description of the IPsec profile. Max size = 256.

    dpd_delay int32

    The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.

    dpd_enable boolean

    If DPD is enabled for the IPsec profile.

    dpd_timeout int32

    The configured DPD timeout period.

    esp_group ESPGrouprequired

    The ESP group defined for the IPsec profile.

    force_encapsulation boolean

    The type of encapsulation is force UDP. The type of encapsulation has to match the encapsulation configured at the standard VPN endpoint.

    lifesize Lifesize

    Lifesize

    units string

    Units

    value int32

    Value

    lifetime int32

    The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.

    lifetime_units string

    Lifetime Units

    mode stringrequired

    Possible values: [TUNNEL, TRANSPORT]

    The IPsec config ESP tunnel mode.

    proposals Proposals[]

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.

  • Array [
  • dh_groups stringrequired

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    The DH group values.

    encryption stringrequired

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    The encryption values.

    hash stringrequired

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

    The hash values.

  • ]
  • responder_sase_proposals ResponderSaseProposals

    Responder Sase Proposals

    dh_group string[]

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    Dh Group

    encryption string[]

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    The encryption values.

    hash string[]

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

    The hash values.

    id string

    The ID of the IPsec profile.

    ike_group IKEGrouprequired

    The IKE group defined on the IPsec profile.

    aggressive boolean

    If aggressive mode is selecetd, the source interface or endpoint is behind NAT or there are multiple tunnels to the same remote endpoint.

    authentication_multiple integer

    Authentication Multiple

    key_exchange stringrequired

    Possible values: [IKEV1, IKEV2]

    The key exchange for the IKE group = IKEv1 or IKEv2.

    lifetime int32

    The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.

    lifetime_units string

    Lifetime Units

    port int32

    The port number of the communication port. The default port is 500. The port number configured in the IKE group has to be the same as the port number configured in the standard VPN endpoint IKE group.

    proposals Proposals[]

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.

  • Array [
  • dh_groups stringrequired

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    The DH group values.

    encryption stringrequired

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    The encryption values.

    hash stringrequired

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

    The hash values.

  • ]
  • reauth boolean

    The mode for IKEv2. If selected, then a new tunnel has to be re-negotiated when the lifetime is reached.

    name stringrequired

    The name of the IPsec profile. Max size = 128.

    tags string[]

    An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

Responses

Successful Operation

Schema
    authentication IPSECAuthenticationrequired

    The details of the authentication mode for the IPsec Profile.

    certificate string

    The certificate authentication for the IPsec Profile.

    certificate_profile_id string

    Certificate Profile Id

    comment string

    Comment

    ikev1_params IKEV1Params

    Ikev1 Params: Valid

    xauth_id string

    The xauth ID.

    xauth_secret string

    The authentication secret. Length must be between 4-128.

    xauth_secret_encrypted string

    The xauth secret. Value = True.

    xauth_secret_hash string

    The xauth hash. Value = True.

    xauth_type stringrequired

    Possible values: [NONE, SECRET]

    The xauth type.

    local_ca_certificate string

    The local CA certificate uploaded for certificate authentication.

    local_id stringrequired

    Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM, NONE]

    The local ID type.

    local_id_custom string

    The custom local ID.

    local_pa_certificate_id string

    Local Pa Certificate Id

    pa_master_key_id string

    Pa Master Key Id

    passphrase string

    Passphrase

    passphrase_encrypted string

    Passphrase Encrypted: JsonIgnore(value = true)

    peer_id_check string

    Possible values: [EXACT, WILDCARD]

    Peer Id Check

    permit_peer_id_mismatch boolean

    Permit Peer Id Mismatch

    private_key string

    The private key file uploaded for certificate authentication.

    private_key_encrypted string

    Private Key Encrypted: JsonIgnore(value = true)

    remote_ca_certificate string

    The standard VPN endpoint CA certificate uploaded.

    remote_id string

    The ID for the standard VPN endpoint in the Remote ID field.

    secret string

    The password for PSK authentication.

    secret_encrypted string

    Secret Encrypted: JsonIgnore(value = true)

    secret_hash string

    Secret Hash: JsonIgnore(value = true)

    strict_validation_peer_extended_key_use boolean

    Strict Validation Peer Extended Key Use

    type stringrequired

    Possible values: [NONE, PSK, X509]

    The authentication type = PSK or Certificates.

    x509Objects X509Objects

    X509Objects: JsonIgnore(value = true)

    certHolder object
    certificate string

    Certificate

    is_local_ca_cert_set boolean

    Is Local Ca Cert Set

    is_remote_ca_cert_set boolean

    Is Remote Ca Cert Set

    keyPair object
    local_ca_certificate string

    Local Ca Certificate

    local_ca_certs_set object[]

    Local Ca Certs Set

    passphrase string

    Passphrase

    private_key string

    Private Key

    remote_ca_certificate string

    Remote Ca Certificate

    remote_ca_certs_set object[]

    Remote Ca Certs Set

    description

    The description of the IPsec profile. Max size = 256.

    dpd_delay int32

    The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.

    dpd_enable boolean

    If DPD is enabled for the IPsec profile.

    dpd_timeout int32

    The configured DPD timeout period.

    esp_group ESPGrouprequired

    The ESP group defined for the IPsec profile.

    force_encapsulation boolean

    The type of encapsulation is force UDP. The type of encapsulation has to match the encapsulation configured at the standard VPN endpoint.

    lifesize Lifesize

    Lifesize

    units string

    Units

    value int32

    Value

    lifetime int32

    The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.

    lifetime_units string

    Lifetime Units

    mode stringrequired

    Possible values: [TUNNEL, TRANSPORT]

    The IPsec config ESP tunnel mode.

    proposals Proposals[]

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.

  • Array [
  • dh_groups stringrequired

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    The DH group values.

    encryption stringrequired

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    The encryption values.

    hash stringrequired

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

    The hash values.

  • ]
  • responder_sase_proposals ResponderSaseProposals

    Responder Sase Proposals

    dh_group string[]

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    Dh Group

    encryption string[]

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    The encryption values.

    hash string[]

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

    The hash values.

    id string

    The ID of the IPsec profile.

    ike_group IKEGrouprequired

    The IKE group defined on the IPsec profile.

    aggressive boolean

    If aggressive mode is selecetd, the source interface or endpoint is behind NAT or there are multiple tunnels to the same remote endpoint.

    authentication_multiple integer

    Authentication Multiple

    key_exchange stringrequired

    Possible values: [IKEV1, IKEV2]

    The key exchange for the IKE group = IKEv1 or IKEv2.

    lifetime int32

    The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.

    lifetime_units string

    Lifetime Units

    port int32

    The port number of the communication port. The default port is 500. The port number configured in the IKE group has to be the same as the port number configured in the standard VPN endpoint IKE group.

    proposals Proposals[]

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.

  • Array [
  • dh_groups stringrequired

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    The DH group values.

    encryption stringrequired

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    The encryption values.

    hash stringrequired

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

    The hash values.

  • ]
  • reauth boolean

    The mode for IKEv2. If selected, then a new tunnel has to be re-negotiated when the lifetime is reached.

    name stringrequired

    The name of the IPsec profile. Max size = 128.

    tags string[]

    An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

Loading...