ipsecSite
NSX Edge IPsec Site configuration details.
{
"psk": "string",
"localId": "string",
"enablePfs": false,
"authenticationMode": "string",
"peerSubnets": {
"subnets": [
"string"
]
},
"dhGroup": "string",
"siteId": "string",
"description": "string",
"peerIp": "string",
"name": "string",
"certificate": "string",
"localIp": "string",
"encryptionAlgorithm": "string",
"enabled": false,
"mtu": 0,
"extension": "string",
"peerId": "string",
"localSubnets": {
"subnets": [
"string"
]
}
}Pre Shared Key for the IPsec Site. Required if Site peerIp is not 'any'. Global PSK is used when Authentication mode is PSK and Site peerIp is 'any'.
Local ID of the IPsec Site. Defaults to the local IP.
Enable/disable Perfect Forward Secrecy. Default is true.
Authentication mode for the IPsec Site. Valid values are psk and x.509, with psk as default.
Diffie-Hellman algorithm group. Defaults to DH14 for FIPS enabled NSX Edge. DH2 and DH5 are not supported when FIPS is enabled on NSX Edge. Valid values are DH2, DH5, DH14, DH15, DH16.
ID of the IPsec Site configuration provided by NSX Manager.
Description of the IPsec Site.
IP (IPv4) address or FQDN of the Peer. Can also be specified as 'any'. Required.
Name of the IPsec Site.
certificate
Local IP of the IPsec Site. Should be one of the IP addresses configured on the uplink interfaces of the NSX Edge. Required.
IPsec encryption algorithm with default as aes256. Valid values are 'aes', 'aes256', '3des', 'aes-gcm'.
Enable/disable IPsec Site.
MTU for the IPsec site. Defaults to the mtu of the NSX Edge vnic specified by the localIp. Optional.
extension
Peer ID. Should be unique for all IPsec Site's configured for an NSX Edge.