TunnelConfig
TunnelConfig
This configuration captures phase two negotiation parameters and tunnel properties.
JSON Example
{
"perfectForwardSecrecyEnabled": false,
"dhGroups": [
{}
],
"digestAlgorithms": [
{}
],
"encryptionAlgorithms": [
{}
],
"saLifeTime": 0
}boolean
perfectForwardSecrecyEnabled
Optional
If true, perfect forward secrecy is enabled. The default value is true.
array of DhGroupType
dhGroups
Required
The list of Diffie-Helman groups to be used is PFS is enabled. Default is GROUP14.
array of TunnelDigestAlgorithmType
digestAlgorithms
Optional
The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128.
array of TunnelEncryptionAlgorithmType
encryptionAlgorithms
Required
The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty.
integer
saLifeTime
Optional
The Security Association life time in seconds. Default is 3600 seconds.