GatewayIpSecVpnTunnelConfig
This configuration captures phase two negotiation parameters and tunnel properties.
{
"perfectForwardSecrecyActive": false,
"dfPolicy": "string",
"dhGroups": [
"string"
],
"digestAlgorithms": [
"string"
],
"encryptionAlgorithms": [
"string"
],
"saLifeTime": 0
}
If true, perfect forward secrecy is active. The default value is true.
Policy for handling defragmentation bit. The default is COPY. Below are valid values.
COPY
CLEAR
The list of Diffie-Helman groups to be used is PFS is active. Default is GROUP14. Below are valid values.
GROUP2
GROUP5
GROUP14
GROUP14
GROUP15
GROUP16
GROUP19
GROUP20
GROUP21
The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128. Below are valid values.
SHA1
SHA2_256
SHA2_384
SHA2_512
The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty. Below are valid values.
AES_128
AES_256
AES_GCM_128
AES_GCM_192
AES_GCM_256
The Security Association life time in seconds. Default is 3600 seconds.