Skip to main content

Create IPSEC Profile (v2.0)

POST 

https://api.sase.paloaltonetworks.com/sdwan/v2.0/api/ipsecprofiles

Create a new IPsec profile.

Request

Body

Details of the IPSEC profile to be created

    authentication IPSECAuthenticationV1required

    The details of the authentication mode for the IPsec Profile.

    certificatestring

    The certificate authentication for the IPsec Profile.

    certificate_profile_idstring

    Certificate Profile Id

    commentstring

    Comment

    ikev1_params IKEV1Params

    Ikev1 Params: Valid

    xauth_idstring

    The xauth ID.

    xauth_secretstring

    The authentication secret. Length must be between 4-128.

    xauth_secret_encryptedstring

    The xauth secret. Value = True.

    xauth_secret_hashstring

    The xauth hash. Value = True.

    xauth_typestringrequired

    The xauth type.

    Possible values: [NONE, SECRET]

    local_ca_certificatestring

    The local CA certificate uploaded for certificate authentication.

    local_idstringrequired

    The local ID type.

    Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM, NONE]

    local_id_customstring

    The custom local ID.

    local_pa_certificate_idstring

    Local Pa Certificate Id

    pa_master_key_idstring

    Pa Master Key Id

    passphrasestring

    Passphrase

    passphrase_encryptedstring

    Passphrase Encrypted: JsonIgnore(value = true)

    peer_id_checkstring

    Peer Id Check

    Possible values: [EXACT, WILDCARD]

    permit_peer_id_mismatchboolean

    Permit Peer Id Mismatch

    private_keystring

    The private key file uploaded for certificate authentication.

    private_key_encryptedstring

    Private Key Encrypted: JsonIgnore(value = true)

    remote_ca_certificatestring

    The standard VPN endpoint CA certificate uploaded.

    remote_idstring

    The ID for the standard VPN endpoint in the Remote ID field.

    secretstring

    The password for PSK authentication.

    secret_encryptedstring

    Secret Encrypted: JsonIgnore(value = true)

    secret_hashstring

    Secret Hash: JsonIgnore(value = true)

    strict_validation_peer_extended_key_useboolean

    Strict Validation Peer Extended Key Use

    typestringrequired

    The authentication type = PSK or Certificates.

    Possible values: [NONE, PSK, X509]

    x509Objects X509Objects

    X509Objects: JsonIgnore(value = true)

    certHolderobject
    certificatestring

    Certificate

    is_local_ca_cert_setboolean

    Is Local Ca Cert Set

    is_remote_ca_cert_setboolean

    Is Remote Ca Cert Set

    keyPairobject
    local_ca_certificatestring

    Local Ca Certificate

    local_ca_certs_setobject[]

    Local Ca Certs Set

    passphrasestring

    Passphrase

    private_keystring

    Private Key

    remote_ca_certificatestring

    Remote Ca Certificate

    remote_ca_certs_setobject[]

    Remote Ca Certs Set

    description

    The description of the IPsec profile. Max size = 256.

    dpd_delayint32

    The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.

    dpd_enableboolean

    If DPD is enabled for the IPsec profile.

    dpd_timeoutint32

    The configured DPD timeout period.

    esp_group ESPGrouprequired

    The ESP group defined for the IPsec profile.

    lifetimeint32

    The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.

    proposals Proposals[]required

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.

  • Array [
  • dh_groupsstringrequired

    The DH group values.

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    encryptionstringrequired

    The encryption values.

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    hashstringrequired

    The hash values.

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

  • ]
  • idstring

    The ID of the IPsec profile.

    ike_group IKEGrouprequired

    The IKE group defined on the IPsec profile.

    lifetimeint32

    The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.

    proposals Proposals[]required

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.

  • Array [
  • dh_groupsstringrequired

    The DH group values.

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    encryptionstringrequired

    The encryption values.

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    hashstringrequired

    The hash values.

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

  • ]
  • namestringrequired

    The name of the IPsec profile. Max size = 128.

    tagsstring[]

    An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

Responses

Successful Operation

Schema
    authentication IPSECAuthenticationV1required

    The details of the authentication mode for the IPsec Profile.

    certificatestring

    The certificate authentication for the IPsec Profile.

    certificate_profile_idstring

    Certificate Profile Id

    commentstring

    Comment

    ikev1_params IKEV1Params

    Ikev1 Params: Valid

    xauth_idstring

    The xauth ID.

    xauth_secretstring

    The authentication secret. Length must be between 4-128.

    xauth_secret_encryptedstring

    The xauth secret. Value = True.

    xauth_secret_hashstring

    The xauth hash. Value = True.

    xauth_typestringrequired

    The xauth type.

    Possible values: [NONE, SECRET]

    local_ca_certificatestring

    The local CA certificate uploaded for certificate authentication.

    local_idstringrequired

    The local ID type.

    Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM, NONE]

    local_id_customstring

    The custom local ID.

    local_pa_certificate_idstring

    Local Pa Certificate Id

    pa_master_key_idstring

    Pa Master Key Id

    passphrasestring

    Passphrase

    passphrase_encryptedstring

    Passphrase Encrypted: JsonIgnore(value = true)

    peer_id_checkstring

    Peer Id Check

    Possible values: [EXACT, WILDCARD]

    permit_peer_id_mismatchboolean

    Permit Peer Id Mismatch

    private_keystring

    The private key file uploaded for certificate authentication.

    private_key_encryptedstring

    Private Key Encrypted: JsonIgnore(value = true)

    remote_ca_certificatestring

    The standard VPN endpoint CA certificate uploaded.

    remote_idstring

    The ID for the standard VPN endpoint in the Remote ID field.

    secretstring

    The password for PSK authentication.

    secret_encryptedstring

    Secret Encrypted: JsonIgnore(value = true)

    secret_hashstring

    Secret Hash: JsonIgnore(value = true)

    strict_validation_peer_extended_key_useboolean

    Strict Validation Peer Extended Key Use

    typestringrequired

    The authentication type = PSK or Certificates.

    Possible values: [NONE, PSK, X509]

    x509Objects X509Objects

    X509Objects: JsonIgnore(value = true)

    certHolderobject
    certificatestring

    Certificate

    is_local_ca_cert_setboolean

    Is Local Ca Cert Set

    is_remote_ca_cert_setboolean

    Is Remote Ca Cert Set

    keyPairobject
    local_ca_certificatestring

    Local Ca Certificate

    local_ca_certs_setobject[]

    Local Ca Certs Set

    passphrasestring

    Passphrase

    private_keystring

    Private Key

    remote_ca_certificatestring

    Remote Ca Certificate

    remote_ca_certs_setobject[]

    Remote Ca Certs Set

    description

    The description of the IPsec profile. Max size = 256.

    dpd_delayint32

    The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.

    dpd_enableboolean

    If DPD is enabled for the IPsec profile.

    dpd_timeoutint32

    The configured DPD timeout period.

    esp_group ESPGrouprequired

    The ESP group defined for the IPsec profile.

    lifetimeint32

    The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.

    proposals Proposals[]required

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.

  • Array [
  • dh_groupsstringrequired

    The DH group values.

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    encryptionstringrequired

    The encryption values.

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    hashstringrequired

    The hash values.

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

  • ]
  • idstring

    The ID of the IPsec profile.

    ike_group IKEGrouprequired

    The IKE group defined on the IPsec profile.

    lifetimeint32

    The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.

    proposals Proposals[]required

    Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.

  • Array [
  • dh_groupsstringrequired

    The DH group values.

    Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]

    encryptionstringrequired

    The encryption values.

    Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]

    hashstringrequired

    The hash values.

    Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]

  • ]
  • namestringrequired

    The name of the IPsec profile. Max size = 128.

    tagsstring[]

    An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

curl -L 'https://api.sase.paloaltonetworks.com/sdwan/v2.0/api/ipsecprofiles' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"authentication": {
"certificate": "string",
"certificate_profile_id": "string",
"comment": "string",
"ikev1_params": {
"xauth_id": "string",
"xauth_secret": "string",
"xauth_secret_encrypted": "string",
"xauth_secret_hash": "string",
"xauth_type": "NONE"
},
"local_ca_certificate": "string",
"local_id": "LOCAL_IP",
"local_id_custom": "string",
"local_pa_certificate_id": "string",
"pa_master_key_id": "string",
"passphrase": "string",
"passphrase_encrypted": "string",
"peer_id_check": "EXACT",
"permit_peer_id_mismatch": true,
"private_key": "string",
"private_key_encrypted": "string",
"remote_ca_certificate": "string",
"remote_id": "string",
"secret": "string",
"secret_encrypted": "string",
"secret_hash": "string",
"strict_validation_peer_extended_key_use": true,
"type": "NONE",
"x509Objects": {
"certHolder": {},
"certificate": "string",
"is_local_ca_cert_set": true,
"is_remote_ca_cert_set": true,
"keyPair": {},
"local_ca_certificate": "string",
"local_ca_certs_set": [
{}
],
"passphrase": "string",
"private_key": "string",
"remote_ca_certificate": "string",
"remote_ca_certs_set": [
{}
]
}
},
"dpd_delay": 0,
"dpd_enable": true,
"dpd_timeout": 0,
"esp_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
},
"id": "string",
"ike_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
},
"name": "string",
"tags": [
"string"
]
}'
Request Collapse all
Base URL
https://api.sase.paloaltonetworks.com
Body
{
  "authentication": {
    "certificate": "string",
    "certificate_profile_id": "string",
    "comment": "string",
    "ikev1_params": {
      "xauth_id": "string",
      "xauth_secret": "string",
      "xauth_secret_encrypted": "string",
      "xauth_secret_hash": "string",
      "xauth_type": "NONE"
    },
    "local_ca_certificate": "string",
    "local_id": "LOCAL_IP",
    "local_id_custom": "string",
    "local_pa_certificate_id": "string",
    "pa_master_key_id": "string",
    "passphrase": "string",
    "passphrase_encrypted": "string",
    "peer_id_check": "EXACT",
    "permit_peer_id_mismatch": true,
    "private_key": "string",
    "private_key_encrypted": "string",
    "remote_ca_certificate": "string",
    "remote_id": "string",
    "secret": "string",
    "secret_encrypted": "string",
    "secret_hash": "string",
    "strict_validation_peer_extended_key_use": true,
    "type": "NONE",
    "x509Objects": {
      "certHolder": {},
      "certificate": "string",
      "is_local_ca_cert_set": true,
      "is_remote_ca_cert_set": true,
      "keyPair": {},
      "local_ca_certificate": "string",
      "local_ca_certs_set": [
        {}
      ],
      "passphrase": "string",
      "private_key": "string",
      "remote_ca_certificate": "string",
      "remote_ca_certs_set": [
        {}
      ]
    }
  },
  "dpd_delay": 0,
  "dpd_enable": true,
  "dpd_timeout": 0,
  "esp_group": {
    "lifetime": 0,
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ]
  },
  "id": "string",
  "ike_group": {
    "lifetime": 0,
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ]
  },
  "name": "string",
  "tags": [
    "string"
  ]
}
ResponseClear

Click the Send API Request button above and see the response here!