Create IPSEC Profile (v2.1)

POST 
/sdwan/v2.1/api/ipsecprofiles

Create a new IPsec profile.

Request

application/json

Body

Details of the IPSEC profile to be created

authentication IPSECAuthenticationV1required

The details of the authentication mode for the IPsec Profile.

certificate string

The certificate authentication for the IPsec Profile.

certificate_profile_id string

Certificate Profile Id

comment string

Comment

ikev1_params IKEV1Params

Ikev1 Params: Valid

xauth_id string

The xauth ID.

xauth_secret string

The authentication secret. Length must be between 4-128.

xauth_secret_encrypted string

The xauth secret. Value = True.

xauth_secret_hash string

The xauth hash. Value = True.

xauth_type stringrequired

Possible values: [NONE, SECRET]

The xauth type.

local_ca_certificate string

The local CA certificate uploaded for certificate authentication.

local_id stringrequired

Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM, NONE]

The local ID type.

local_id_custom string

The custom local ID.

local_pa_certificate_id string

Local Pa Certificate Id

pa_master_key_id string

Pa Master Key Id

passphrase string

Passphrase

passphrase_encrypted string

Passphrase Encrypted: JsonIgnore(value = true)

peer_id_check string

Possible values: [EXACT, WILDCARD]

Peer Id Check

permit_peer_id_mismatch boolean

Permit Peer Id Mismatch

private_key string

The private key file uploaded for certificate authentication.

private_key_encrypted string

Private Key Encrypted: JsonIgnore(value = true)

remote_ca_certificate string

The standard VPN endpoint CA certificate uploaded.

remote_id string

The ID for the standard VPN endpoint in the Remote ID field.

secret string

The password for PSK authentication.

secret_encrypted string

Secret Encrypted: JsonIgnore(value = true)

secret_hash string

Secret Hash: JsonIgnore(value = true)

strict_validation_peer_extended_key_use boolean

Strict Validation Peer Extended Key Use

type stringrequired

Possible values: [NONE, PSK, X509]

The authentication type = PSK or Certificates.

x509Objects X509Objects

X509Objects: JsonIgnore(value = true)

certHolder object

certificate string

Certificate

is_local_ca_cert_set boolean

Is Local Ca Cert Set

is_remote_ca_cert_set boolean

Is Remote Ca Cert Set

keyPair object

local_ca_certificate string

Local Ca Certificate

local_ca_certs_set object[]

Local Ca Certs Set

passphrase string

Passphrase

private_key string

Private Key

remote_ca_certificate string

Remote Ca Certificate

remote_ca_certs_set object[]

Remote Ca Certs Set

description

The description of the IPsec profile. Max size = 256.

dpd_delay int32

The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.

dpd_enable boolean

If DPD is enabled for the IPsec profile.

dpd_timeout int32

The configured DPD timeout period.

esp_group ESPGrouprequired
The ESP group defined for the IPsec profile.
lifetime int32
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Array [
dh_groups stringrequired
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
encryption stringrequired
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
hash stringrequired
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
]
id string

The ID of the IPsec profile.

ike_group IKEGrouprequired
The IKE group defined on the IPsec profile.
lifetime int32
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Array [
dh_groups stringrequired
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
encryption stringrequired
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
hash stringrequired
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
]
name stringrequired

The name of the IPsec profile. Max size = 128.

tags string[]

An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

Responses

200

Successful Operation

application/json

Schema

Schema

authentication IPSECAuthenticationV1required

The details of the authentication mode for the IPsec Profile.

certificate string

The certificate authentication for the IPsec Profile.

certificate_profile_id string

Certificate Profile Id

comment string

Comment

ikev1_params IKEV1Params

Ikev1 Params: Valid

xauth_id string

The xauth ID.

xauth_secret string

The authentication secret. Length must be between 4-128.

xauth_secret_encrypted string

The xauth secret. Value = True.

xauth_secret_hash string

The xauth hash. Value = True.

xauth_type stringrequired

Possible values: [NONE, SECRET]

The xauth type.

local_ca_certificate string

The local CA certificate uploaded for certificate authentication.

local_id stringrequired

Possible values: [LOCAL_IP, DN, HOSTNAME, CUSTOM, NONE]

The local ID type.

local_id_custom string

The custom local ID.

local_pa_certificate_id string

Local Pa Certificate Id

pa_master_key_id string

Pa Master Key Id

passphrase string

Passphrase

passphrase_encrypted string

Passphrase Encrypted: JsonIgnore(value = true)

peer_id_check string

Possible values: [EXACT, WILDCARD]

Peer Id Check

permit_peer_id_mismatch boolean

Permit Peer Id Mismatch

private_key string

The private key file uploaded for certificate authentication.

private_key_encrypted string

Private Key Encrypted: JsonIgnore(value = true)

remote_ca_certificate string

The standard VPN endpoint CA certificate uploaded.

remote_id string

The ID for the standard VPN endpoint in the Remote ID field.

secret string

The password for PSK authentication.

secret_encrypted string

Secret Encrypted: JsonIgnore(value = true)

secret_hash string

Secret Hash: JsonIgnore(value = true)

strict_validation_peer_extended_key_use boolean

Strict Validation Peer Extended Key Use

type stringrequired

Possible values: [NONE, PSK, X509]

The authentication type = PSK or Certificates.

x509Objects X509Objects

X509Objects: JsonIgnore(value = true)

certHolder object

certificate string

Certificate

is_local_ca_cert_set boolean

Is Local Ca Cert Set

is_remote_ca_cert_set boolean

Is Remote Ca Cert Set

keyPair object

local_ca_certificate string

Local Ca Certificate

local_ca_certs_set object[]

Local Ca Certs Set

passphrase string

Passphrase

private_key string

Private Key

remote_ca_certificate string

Remote Ca Certificate

remote_ca_certs_set object[]

Remote Ca Certs Set

description

The description of the IPsec profile. Max size = 256.

dpd_delay int32

The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.

dpd_enable boolean

If DPD is enabled for the IPsec profile.

dpd_timeout int32

The configured DPD timeout period.

esp_group ESPGrouprequired
The ESP group defined for the IPsec profile.
lifetime int32
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Array [
dh_groups stringrequired
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
encryption stringrequired
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
hash stringrequired
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
]
id string

The ID of the IPsec profile.

ike_group IKEGrouprequired
The IKE group defined on the IPsec profile.
lifetime int32
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Array [
dh_groups stringrequired
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
encryption stringrequired
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
hash stringrequired
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
]
name stringrequired

The name of the IPsec profile. Max size = 128.

tags string[]

An information field that can be added to identify the IPsec profile. Maximum 10 unique tags of length 1024 each are allowed.

Example (from schema)

{
  "authentication": {
    "certificate": "string",
    "certificate_profile_id": "string",
    "comment": "string",
    "ikev1_params": {
      "xauth_id": "string",
      "xauth_secret": "string",
      "xauth_secret_encrypted": "string",
      "xauth_secret_hash": "string",
      "xauth_type": "NONE"
    },
    "local_ca_certificate": "string",
    "local_id": "LOCAL_IP",
    "local_id_custom": "string",
    "local_pa_certificate_id": "string",
    "pa_master_key_id": "string",
    "passphrase": "string",
    "passphrase_encrypted": "string",
    "peer_id_check": "EXACT",
    "permit_peer_id_mismatch": true,
    "private_key": "string",
    "private_key_encrypted": "string",
    "remote_ca_certificate": "string",
    "remote_id": "string",
    "secret": "string",
    "secret_encrypted": "string",
    "secret_hash": "string",
    "strict_validation_peer_extended_key_use": true,
    "type": "NONE",
    "x509Objects": {
      "certHolder": {},
      "certificate": "string",
      "is_local_ca_cert_set": true,
      "is_remote_ca_cert_set": true,
      "keyPair": {},
      "local_ca_certificate": "string",
      "local_ca_certs_set": [
        {}
      ],
      "passphrase": "string",
      "private_key": "string",
      "remote_ca_certificate": "string",
      "remote_ca_certs_set": [
        {}
      ]
    }
  },
  "dpd_delay": 0,
  "dpd_enable": true,
  "dpd_timeout": 0,
  "esp_group": {
    "lifetime": 0,
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ]
  },
  "id": "string",
  "ike_group": {
    "lifetime": 0,
    "proposals": [
      {
        "dh_groups": "NONE",
        "encryption": "NONE",
        "hash": "MD5"
      }
    ]
  },
  "name": "string",
  "tags": [
    "string"
  ]
}

400

Bad Request

application/json

Schema

Schema

_error ErrorResponse[]
Array [
code string
The error code.
message string
The error message.
]

Example (from schema)

{
  "_error": [
    {
      "code": "string",
      "message": "string"
    }
  ]
}

Example

{
  "value": {
    "_error": [
      {
        "code": "INVALID_JSON_VALUE"
      },
      {
        "code": "IPSECCONFIG_INVALID_ENCODED_AUTH_SECRET"
      },
      {
        "code": "IPSECCONFIG_IKEGROUP_REQUIRED"
      },
      {
        "code": "IPSECCONFIG_INVALID_DPD_DELAY"
      },
      {
        "code": "IPSECCONFIG_ESPGROUP_REQUIRED"
      },
      {
        "code": "IPSECCONFIG_AUTHENTICATION_REQUIRED"
      },
      {
        "code": "IPSECCONFIG_INVALID_DPD_TIMEOUT"
      }
    ]
  }
}

Loading...