NSX Autonomous Edge REST API
RouteBasedIPSecVPNSession (type)
{
"additionalProperties": false,
"description": "A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.",
"extends": {
"$ref": "IPSecVPNSession
},
"id": "RouteBasedIPSecVPNSession",
"polymorphic-type-descriptor": {
"type-identifier": "RouteBasedIPSecVPNSession"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"readonly": true,
"title": "Generation of this resource config",
"type": "integer"
},
"_schema": {
"display": {
"hidden": true
},
"readonly": true,
"title": "Location of schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"actions": {
"items": {
"$ref": "ActionDescriptor
},
"readonly": true,
"title": "Actions applicable to the resource at this time",
"type": "array"
},
"authentication_mode": {
"default": "PSK",
"description": "Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory.",
"enum": [
"PSK",
"CERTIFICATE"
],
"title": "Authentication Mode",
"type": "string"
},
"connection_initiation_mode": {
"default": "INITIATOR",
"description": "Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.",
"enum": [
"INITIATOR",
"RESPOND_ONLY",
"ON_DEMAND"
],
"title": "Connection initiation mode",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dpd_profile_id": {
"description": "Dead peer detection (DPD) profile id. Default will be set according to system default policy.",
"pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
"title": "Dead peer detection (DPD) profile id",
"type": "string"
},
"enabled": {
"default": true,
"description": "Enable/Disable IPSec VPN session.",
"title": "Enable/Disable IPSec VPN session",
"type": "boolean"
},
"id": {
"can_sort": true,
"readonly": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_profile_id": {
"description": "IKE profile id to be used. Default will be set according to system default policy.",
"pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
"title": "Internet key exchange (IKE) profile id",
"type": "string"
},
"ipsec_tunnel_profile_id": {
"description": "Tunnel profile id to be used. By default it will point to system default profile.",
"pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
"title": "IPSec tunnel profile id",
"type": "string"
},
"local_endpoint": {
"$ref": "IPSecVPNLocalEndpoint,
"description": "Local endpoint.",
"required": true,
"title": "Local endpoint"
},
"multi_path_group_id": {
"description": "Specify a multiple path group for the IPSec session to join for utilizing multipath functionality.",
"title": "IPSec VPN multiple path group identifier",
"type": "string"
},
"notify_mpa": {
"default": false,
"description": "send notification to MPA about this config change (applicable on edge node)",
"display": {
"hidden": true
},
"readonly": false,
"type": "boolean"
},
"peer_address": {
"description": "IPV4 address of peer endpoint on remote site.",
"required": true,
"title": "IPV4 address of peer endpoint on remote site.",
"type": "string"
},
"peer_id": {
"description": "Peer identifier.",
"required": true,
"title": "Peer id",
"type": "string"
},
"psk": {
"description": "IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode.",
"maximum": 128,
"minimum": 1,
"required": false,
"sensitive": true,
"title": "Pre-shared key",
"type": "string"
},
"resource_type": {
"$ref": "IPSecVPNSessionResourceType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_mss_clamping": {
"$ref": "TcpMssClamping,
"required": false
},
"tunnel_ports": {
"description": "IP Tunnel ports.",
"items": {
"$ref": "TunnelPortConfig
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "IP Tunnel ports",
"type": "array"
}
},
"title": "Route based VPN session",
"type": "object"
}