GatewayIpSecVpnTunnelConfig

GatewayIpSecVpnTunnelConfig
GatewayIpSecVpnTunnelConfig

This configuration captures phase two negotiation parameters and tunnel properties.

JSON Example
{
    "perfectForwardSecrecyActive": false,
    "dfPolicy": "string",
    "dhGroups": [
        "string"
    ],
    "digestAlgorithms": [
        "string"
    ],
    "encryptionAlgorithms": [
        "string"
    ],
    "saLifeTime": 0
}
boolean
perfectForwardSecrecyActive
Optional

If true, perfect forward secrecy is active. The default value is true.

string
dfPolicy
Optional

Policy for handling defragmentation bit. The default is COPY. Below are valid values.

  • COPY
  • CLEAR
array of string
dhGroups
Required

The list of Diffie-Helman groups to be used is PFS is active. Default is GROUP14. Below are valid values.

  • GROUP2
  • GROUP5
  • GROUP14
  • GROUP14
  • GROUP15
  • GROUP16
  • GROUP19
  • GROUP20
  • GROUP21
array of string
digestAlgorithms
Optional

The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128. Below are valid values.

  • SHA1
  • SHA2_256
  • SHA2_384
  • SHA2_512
array of string
encryptionAlgorithms
Required

The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty. Below are valid values.

  • AES_128
  • AES_256
  • AES_GCM_128
  • AES_GCM_192
  • AES_GCM_256
integer
saLifeTime
Optional

The Security Association life time in seconds. Default is 3600 seconds.

Availability
Added in 38.1