Create Ip Sec Vpn Tunnel

Create Ip Sec Vpn Tunnel

Creates an IPSec tunnel on the Edge Gateway.

Request
URI
POST
https://{api_host}/cloudapi/2.0.0/edgeGateways/{gatewayId}/ipsec/tunnels
COPY
Path Parameters
string
externalNetworkId
Required

externalNetworkId

string
externalNetworkId
Required

externalNetworkId


Request Body
GatewayIpSecVpnTunnel of type(s) application/json
Optional
{
    "id": "string",
    "name": "string",
    "description": "string",
    "active": false,
    "localEndpoint": {
        "localId": "string",
        "localAddress": "string",
        "localNetworks": [
            "string"
        ]
    },
    "remoteEndpoint": {
        "remoteId": "string",
        "remoteAddress": "string",
        "remoteNetworks": [
            "string"
        ]
    },
    "authenticationMode": "string",
    "preSharedKey": "string",
    "certificateRef": {
        "name": "string",
        "id": "string"
    },
    "caCertificateRef": {
        "name": "string",
        "id": "string"
    },
    "connectorInitiationMode": "string",
    "securityType": "string",
    "logging": false,
    "version": {
        "version": 0
    },
    "tunnelInterfaces": [
        "string"
    ],
    "tunnelType": "string",
    "connectivityStatus": "string"
}
string
id
Optional

The unique id of this IPSec VPN tunnel. On updates, the id is required for the tunnel, while for create a new id will be generated.

string
name
Required

Name for the tunnel.

string
description
Optional

description

boolean
active
Optional

Described whether the tunnel is active or not. The default is true.

localEndpoint
Required

This represents the endpoint/IP Address on the Gateway where the tunnel needs to be terminated.

remoteEndpoint
Required

This represents the remote endpoint i.e. the endpoint which the tunnel from the Gateway will connect to.

string
authenticationMode
Optional

The authentication mode this IPSec tunnel will use to authenticate with the peer endpoint. The default is a pre-shared key (PSK).

  • PSK - A known key is shared between each site before the tunnel is established.
  • CERTIFICATE - Incoming connections are required to present an identifying digital certificate, which VCD verifies has been signed by a trusted certificate authority.
string
preSharedKey
Optional

This is the Pre-shared key used for authentication.

certificateRef
Optional

Entity reference used to describe VCD entities

caCertificateRef
Optional

Entity reference used to describe VCD entities

string
connectorInitiationMode
Optional

This is the mode used by the local endpoint to establish an IKE Connection with the remote site. The default is INITIATOR. Below are valid values.

  • INITIATOR
  • RESPOND_ONLY
  • ON_DEMAND
string
securityType
Optional

This is the security type used for the IPSec Tunnel. If nothing is specified, this will be set to 'DEFAULT' in which the default settings in backing network manager will be used. Specifying 'PROVIDER_PREFERRED' will use the IKE, Tunnel, and DPD security profiles named 'vcd-default-profile' if they exist in the backing network manager (if any of the profiles do not exist, we will fallback to the profile for DEFAULT for the missing profile only. For custom settings, one should use the connectionProperties endpoint to specify custom settings. The security type will then appropriately reflect itself as 'CUSTOM'.

  • DEFAULT
  • PROVIDER_PREFERRED
  • CUSTOM
  • CNSA
  • FIPS
  • FOUNDATION
  • PRIME
  • SUITE_B_GCM_128
  • SUITE_B_GCM_256
boolean
logging
Optional

Whether logging for the tunnel is active or not. The default is false.

version
Optional

This property describes the current version of the entity. To prevent clients from overwriting each other's changes, update operations must include the version which can be obtained by issuing a GET operation. If the version number on an update call is missing, the operation will be rejected. This is only needed on update calls.

array of string
tunnelInterfaces
Optional

Virtual Tunnel Interfaces (VTI). In route-based IPSec, the interface that traffic is routed through. This property is required when the tunnelType field is set to "ROUTE_BASED", and is ignored when the tunnelType field is set to "POLICY_BASED". A list containing a single IPv4 CIDR, an IPv6 CIDR, or one of each, is acceptable.

string
tunnelType
Optional

The type of the IPSec VPN Tunnel. Possible values are:

  • POLICY_BASED
  • ROUTE_BASED
string
connectivityStatus
Optional

Gives the overall IPSec VPN Tunnel Status. If IKE is properly set and the tunnel is up, the tunnel status will be UP. Below are valid values.

  • UP
  • DOWN
  • DEGRADED
  • UNKNOWN
Authentication
This operation uses the following authentication methods.
Responses
202

The request have been accepted and the task to monitor the request is in the Location header.

Operation doesn't return any data structure