Create Ip Sec Vpn Tunnel
Creates an IPSec tunnel on the Edge Gateway.
externalNetworkId
externalNetworkId
{
"id": "string",
"name": "string",
"description": "string",
"active": false,
"localEndpoint": {
"localId": "string",
"localAddress": "string",
"localNetworks": [
"string"
]
},
"remoteEndpoint": {
"remoteId": "string",
"remoteAddress": "string",
"remoteNetworks": [
"string"
]
},
"authenticationMode": "string",
"preSharedKey": "string",
"certificateRef": {
"name": "string",
"id": "string"
},
"caCertificateRef": {
"name": "string",
"id": "string"
},
"connectorInitiationMode": "string",
"securityType": "string",
"logging": false,
"version": {
"version": 0
},
"tunnelInterfaces": [
"string"
],
"tunnelType": "string",
"connectivityStatus": "string"
}
The unique id of this IPSec VPN tunnel. On updates, the id is required for the tunnel, while for create a new id will be generated.
Name for the tunnel.
description
Described whether the tunnel is active or not. The default is true.
This represents the endpoint/IP Address on the Gateway where the tunnel needs to be terminated.
This represents the remote endpoint i.e. the endpoint which the tunnel from the Gateway will connect to.
The authentication mode this IPSec tunnel will use to authenticate with the peer endpoint. The default is a pre-shared key (PSK).
- PSK - A known key is shared between each site before the tunnel is established.
- CERTIFICATE - Incoming connections are required to present an identifying digital certificate, which VCD verifies has been signed by a trusted certificate authority.
This is the Pre-shared key used for authentication.
This is the mode used by the local endpoint to establish an IKE Connection with the remote site. The default is INITIATOR. Below are valid values.
INITIATOR
RESPOND_ONLY
ON_DEMAND
This is the security type used for the IPSec Tunnel. If nothing is specified, this will be set to 'DEFAULT' in which the default settings in backing network manager will be used. Specifying 'PROVIDER_PREFERRED' will use the IKE, Tunnel, and DPD security profiles named 'vcd-default-profile' if they exist in the backing network manager (if any of the profiles do not exist, we will fallback to the profile for DEFAULT for the missing profile only. For custom settings, one should use the connectionProperties endpoint to specify custom settings. The security type will then appropriately reflect itself as 'CUSTOM'.
DEFAULT
PROVIDER_PREFERRED
CUSTOM
CNSA
FIPS
FOUNDATION
PRIME
SUITE_B_GCM_128
SUITE_B_GCM_256
Whether logging for the tunnel is active or not. The default is false.
This property describes the current version of the entity. To prevent clients from overwriting each other's changes, update operations must include the version which can be obtained by issuing a GET operation. If the version number on an update call is missing, the operation will be rejected. This is only needed on update calls.
Virtual Tunnel Interfaces (VTI). In route-based IPSec, the interface that traffic is routed through. This property is required when the tunnelType field is set to "ROUTE_BASED", and is ignored when the tunnelType field is set to "POLICY_BASED". A list containing a single IPv4 CIDR, an IPv6 CIDR, or one of each, is acceptable.
The type of the IPSec VPN Tunnel. Possible values are:
- POLICY_BASED
- ROUTE_BASED
Gives the overall IPSec VPN Tunnel Status. If IKE is properly set and the tunnel is up, the tunnel status will be UP. Below are valid values.
UP
DOWN
DEGRADED
UNKNOWN
The request have been accepted and the task to monitor the request is in the Location header.