NSX Autonomous Edge REST API
Edit IPSec VPN session
Edit IPSec VPN session.Request:
Method:
PUT
URI Path(s):
/vpn/ipsec/sessions/{ipsec-vpn-session-id}
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
PolicyBasedIPSecVPNSession+
PolicyBasedIPSecVPNSession (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
integer | Readonly |
| _schema | Location of schema for this resource | string | Readonly |
| _self | SelfResourceLink | Readonly | |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Actions applicable to the resource at this time | array of ActionDescriptor | Readonly |
| authentication_mode | Authentication Mode Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_id | Dead peer detection (DPD) profile id Dead peer detection (DPD) profile id. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Readonly Sortable |
| ike_profile_id | Internet key exchange (IKE) profile id IKE profile id to be used. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| ipsec_tunnel_profile_id | IPSec tunnel profile id Tunnel profile id to be used. By default it will point to system default profile. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| local_endpoint | Local endpoint Local endpoint. |
IPSecVPNLocalEndpoint | Required |
| notify_mpa | send notification to MPA about this config change (applicable on edge node) | boolean | Default: "False" |
| peer_address | IPV4 address of peer endpoint on remote site. IPV4 address of peer endpoint on remote site. |
string | Required |
| peer_id | Peer id Peer identifier. |
string | Required |
| policy_rules | Policy rules | array of IPSecVPNPolicyRule | Required |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode. |
string | Minimum: 1 Maximum: 128 |
| resource_type | Must be set to the value PolicyBasedIPSecVPNSession | IPSecVPNSessionResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TcpMssClamping |
RouteBasedIPSecVPNSession+
RouteBasedIPSecVPNSession (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
integer | Readonly |
| _schema | Location of schema for this resource | string | Readonly |
| _self | SelfResourceLink | Readonly | |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Actions applicable to the resource at this time | array of ActionDescriptor | Readonly |
| authentication_mode | Authentication Mode Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_id | Dead peer detection (DPD) profile id Dead peer detection (DPD) profile id. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Readonly Sortable |
| ike_profile_id | Internet key exchange (IKE) profile id IKE profile id to be used. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| ipsec_tunnel_profile_id | IPSec tunnel profile id Tunnel profile id to be used. By default it will point to system default profile. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| local_endpoint | Local endpoint Local endpoint. |
IPSecVPNLocalEndpoint | Required |
| multi_path_group_id | IPSec VPN multiple path group identifier Specify a multiple path group for the IPSec session to join for utilizing multipath functionality. |
string | |
| notify_mpa | send notification to MPA about this config change (applicable on edge node) | boolean | Default: "False" |
| peer_address | IPV4 address of peer endpoint on remote site. IPV4 address of peer endpoint on remote site. |
string | Required |
| peer_id | Peer id Peer identifier. |
string | Required |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode. |
string | Minimum: 1 Maximum: 128 |
| resource_type | Must be set to the value RouteBasedIPSecVPNSession | IPSecVPNSessionResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TcpMssClamping | ||
| tunnel_ports | IP Tunnel ports IP Tunnel ports. |
array of TunnelPortConfig | Required Minimum items: 1 Maximum items: 1 |
Example Request:
PUT https://<ip>/api/v1/vpn/ipsec/sessions/df90e18a-08cc-418a-8c0f-259d9531c207 { "resource_type": "RouteBasedIPSecVPNSession", "display_name": "Route Session", "enabled": true, "tunnel_ports": [ { "ip_subnets": [ { "ip_addresses": [ "192.168.50.1" ], "prefix_length": 24 } ] } ] "local_endpoint": { "local_address": "2.2.2.2", "local_id": "2.2.2.2" }, "peer_id": "4.4.4.1", "peer_address": "4.4.4.1", "psk": "TESTPSK", "connection_initiation_mode": "RESPOND_ONLY", "authentication_mode": "PSK" }Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
PolicyBasedIPSecVPNSession+
PolicyBasedIPSecVPNSession (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
integer | Readonly |
| _schema | Location of schema for this resource | string | Readonly |
| _self | SelfResourceLink | Readonly | |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Actions applicable to the resource at this time | array of ActionDescriptor | Readonly |
| authentication_mode | Authentication Mode Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_id | Dead peer detection (DPD) profile id Dead peer detection (DPD) profile id. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Readonly Sortable |
| ike_profile_id | Internet key exchange (IKE) profile id IKE profile id to be used. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| ipsec_tunnel_profile_id | IPSec tunnel profile id Tunnel profile id to be used. By default it will point to system default profile. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| local_endpoint | Local endpoint Local endpoint. |
IPSecVPNLocalEndpoint | Required |
| notify_mpa | send notification to MPA about this config change (applicable on edge node) | boolean | Default: "False" |
| peer_address | IPV4 address of peer endpoint on remote site. IPV4 address of peer endpoint on remote site. |
string | Required |
| peer_id | Peer id Peer identifier. |
string | Required |
| policy_rules | Policy rules | array of IPSecVPNPolicyRule | Required |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode. |
string | Minimum: 1 Maximum: 128 |
| resource_type | Must be set to the value PolicyBasedIPSecVPNSession | IPSecVPNSessionResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TcpMssClamping |
RouteBasedIPSecVPNSession+
RouteBasedIPSecVPNSession (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
integer | Readonly |
| _schema | Location of schema for this resource | string | Readonly |
| _self | SelfResourceLink | Readonly | |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Actions applicable to the resource at this time | array of ActionDescriptor | Readonly |
| authentication_mode | Authentication Mode Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_id | Dead peer detection (DPD) profile id Dead peer detection (DPD) profile id. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Readonly Sortable |
| ike_profile_id | Internet key exchange (IKE) profile id IKE profile id to be used. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| ipsec_tunnel_profile_id | IPSec tunnel profile id Tunnel profile id to be used. By default it will point to system default profile. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| local_endpoint | Local endpoint Local endpoint. |
IPSecVPNLocalEndpoint | Required |
| multi_path_group_id | IPSec VPN multiple path group identifier Specify a multiple path group for the IPSec session to join for utilizing multipath functionality. |
string | |
| notify_mpa | send notification to MPA about this config change (applicable on edge node) | boolean | Default: "False" |
| peer_address | IPV4 address of peer endpoint on remote site. IPV4 address of peer endpoint on remote site. |
string | Required |
| peer_id | Peer id Peer identifier. |
string | Required |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode. |
string | Minimum: 1 Maximum: 128 |
| resource_type | Must be set to the value RouteBasedIPSecVPNSession | IPSecVPNSessionResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TcpMssClamping | ||
| tunnel_ports | IP Tunnel ports IP Tunnel ports. |
array of TunnelPortConfig | Required Minimum items: 1 Maximum items: 1 |