NSX Autonomous Edge REST API
RouteBasedIPSecVPNSession (schema)
Route based VPN session
A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
integer | Readonly |
| _schema | Location of schema for this resource | string | Readonly |
| _self | SelfResourceLink | Readonly | |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Actions applicable to the resource at this time | array of ActionDescriptor | Readonly |
| authentication_mode | Authentication Mode Authentication mode used for the peer authentication. For PSK (Pre Shared Key) authentication mode, 'psk' property is mandatory and for the CERTIFICATE authentication mode, 'peer_id' property is mandatory. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer endpoint. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_id | Dead peer detection (DPD) profile id Dead peer detection (DPD) profile id. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Readonly Sortable |
| ike_profile_id | Internet key exchange (IKE) profile id IKE profile id to be used. Default will be set according to system default policy. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| ipsec_tunnel_profile_id | IPSec tunnel profile id Tunnel profile id to be used. By default it will point to system default profile. |
string | Pattern: "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$" |
| local_endpoint | Local endpoint Local endpoint. |
IPSecVPNLocalEndpoint | Required |
| multi_path_group_id | IPSec VPN multiple path group identifier Specify a multiple path group for the IPSec session to join for utilizing multipath functionality. |
string | |
| notify_mpa | send notification to MPA about this config change (applicable on edge node) | boolean | Default: "False" |
| peer_address | IPV4 address of peer endpoint on remote site. IPV4 address of peer endpoint on remote site. |
string | Required |
| peer_id | Peer id Peer identifier. |
string | Required |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. Its required input in PSK authentication mode. |
string | Minimum: 1 Maximum: 128 |
| resource_type | Must be set to the value RouteBasedIPSecVPNSession | IPSecVPNSessionResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TcpMssClamping | ||
| tunnel_ports | IP Tunnel ports IP Tunnel ports. |
array of TunnelPortConfig | Required Minimum items: 1 Maximum items: 1 |