NSX Autonomous Edge REST API
PolicyBasedIPSecVPNSession (schema)
Policy based VPN session
A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
integer | Readonly |
| _schema | Location of schema for this resource | string | Readonly |
| _self | SelfResourceLink | Readonly | |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Actions applicable to the resource at this time | array of ActionDescriptor | Readonly |
| authentication_mode | Authentication Mode Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_id | Dead peer detection (DPD) profile id Dead peer detection (DPD) profile id. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Readonly Sortable |
| ike_profile_id | Internet key exchange (IKE) profile id IKE profile id to be used. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| ipsec_tunnel_profile_id | IPSec tunnel profile id Tunnel profile id to be used. By default it will point to system default profile. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| local_endpoint | Local endpoint Local endpoint. |
IPSecVPNLocalEndpoint | Required |
| notify_mpa | send notification to MPA about this config change (applicable on edge node) | boolean | Default: "False" |
| peer_address | IPV4 address of peer endpoint on remote site. IPV4 address of peer endpoint on remote site. |
string | Required |
| peer_id | Peer id Peer identifier. |
string | Required |
| policy_rules | Policy rules | array of IPSecVPNPolicyRule | Required |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode. |
string | Minimum: 1 Maximum: 128 |
| resource_type | Must be set to the value PolicyBasedIPSecVPNSession | IPSecVPNSessionResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TcpMssClamping |