NSX Autonomous Edge REST API
IPSecVPNSession (type)
{
"abstract": true,
"description": "VPN session defines connection between local and peer endpoint. Untill VPN session is defined configuration is not realized.",
"extends": {
"$ref": "ManagedResource"
},
"id": "IPSecVPNSession",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp",
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp",
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink"
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"readonly": true,
"title": "Generation of this resource config",
"type": "integer"
},
"_schema": {
"display": {
"hidden": true
},
"readonly": true,
"title": "Location of schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink",
"readonly": true
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"actions": {
"items": {
"$ref": "ActionDescriptor"
},
"readonly": true,
"title": "Actions applicable to the resource at this time",
"type": "array"
},
"authentication_mode": {
"default": "PSK",
"description": "Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory.",
"enum": [
"PSK",
"CERTIFICATE"
],
"title": "Authentication Mode",
"type": "string"
},
"connection_initiation_mode": {
"default": "INITIATOR",
"description": "Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.",
"enum": [
"INITIATOR",
"RESPOND_ONLY",
"ON_DEMAND"
],
"title": "Connection initiation mode",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dpd_profile_id": {
"description": "Dead peer detection (DPD) profile id. Default will be set according to system default policy.",
"pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
"title": "Dead peer detection (DPD) profile id",
"type": "string"
},
"enabled": {
"default": true,
"description": "Enable/Disable IPSec VPN session.",
"title": "Enable/Disable IPSec VPN session",
"type": "boolean"
},
"id": {
"can_sort": true,
"readonly": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_profile_id": {
"description": "IKE profile id to be used. Default will be set according to system default policy.",
"pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
"title": "Internet key exchange (IKE) profile id",
"type": "string"
},
"ipsec_tunnel_profile_id": {
"description": "Tunnel profile id to be used. By default it will point to system default profile.",
"pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
"title": "IPSec tunnel profile id",
"type": "string"
},
"local_endpoint": {
"$ref": "IPSecVPNLocalEndpoint",
"description": "Local endpoint.",
"required": true,
"title": "Local endpoint"
},
"notify_mpa": {
"default": false,
"description": "send notification to MPA about this config change (applicable on edge node)",
"display": {
"hidden": true
},
"readonly": false,
"type": "boolean"
},
"peer_address": {
"description": "IPV4 address of peer endpoint on remote site.",
"required": true,
"title": "IPV4 address of peer endpoint on remote site.",
"type": "string"
},
"peer_id": {
"description": "Peer identifier.",
"required": true,
"title": "Peer id",
"type": "string"
},
"psk": {
"description": "IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode.",
"maximum": 128,
"minimum": 1,
"required": false,
"sensitive": true,
"title": "Pre-shared key",
"type": "string"
},
"resource_type": {
"$ref": "IPSecVPNSessionResourceType",
"required": true
},
"tags": {
"items": {
"$ref": "Tag"
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_mss_clamping": {
"$ref": "TcpMssClamping",
"required": false
}
},
"title": "IPSec VPN session",
"type": "object"
}