GatewayIpSecVpnTunnel

GatewayIpSecVpnTunnel
GatewayIpSecVpnTunnel

Specifies the IPSec VPN tunnel configuration.

JSON Example
{
    "id": "string",
    "name": "string",
    "description": "string",
    "active": false,
    "localEndpoint": {
        "localId": "string",
        "localAddress": "string",
        "localNetworks": [
            "string"
        ]
    },
    "remoteEndpoint": {
        "remoteId": "string",
        "remoteAddress": "string",
        "remoteNetworks": [
            "string"
        ]
    },
    "authenticationMode": "string",
    "preSharedKey": "string",
    "certificateRef": {
        "name": "string",
        "id": "string"
    },
    "caCertificateRef": {
        "name": "string",
        "id": "string"
    },
    "connectorInitiationMode": "string",
    "securityType": "string",
    "logging": false,
    "version": {
        "version": 0
    }
}
string
id
Optional

The unique id of this IPSec VPN tunnel. On updates, the id is required for the tunnel, while for create a new id will be generated.

string
name
Required

Name for the tunnel.

string
description
Optional

description

boolean
active
Optional

Described whether the tunnel is active or not. The default is true.

localEndpoint
Required

localEndpoint

remoteEndpoint
Required

remoteEndpoint

string
authenticationMode
Optional

The authentication mode this IPSec tunnel will use to authenticate with the peer endpoint. The default is a pre-shared key (PSK).

  • PSK - A known key is shared between each site before the tunnel is established.
  • CERTIFICATE - Incoming connections are required to present an identifying digital certificate, which VCD verifies has been signed by a trusted certificate authority.
string
preSharedKey
Optional

This is the Pre-shared key used for authentication.

certificateRef
Optional

certificateRef

caCertificateRef
Optional

caCertificateRef

string
connectorInitiationMode
Optional

This is the mode used by the local endpoint to establish an IKE Connection with the remote site. The default is INITIATOR. Below are valid values.

  • INITIATOR
  • RESPOND_ONLY
  • ON_DEMAND
string
securityType
Optional

This is the security type used for the IPSec Tunnel. If nothing is specified, this will be set to 'DEFAULT' in which the default settings in NSX will be used. For custom settings, one should use the connectionProperties endpoint to specify custom settings. The security type will then appropriately reflect itself as 'CUSTOM'.

boolean
logging
Optional

Whether logging for the tunnel is active or not. The default is false.

version
Optional

version

Availability
Added in 38.1