ipsecSite
NSX Edge IPsec Site configuration details.
{
"peerId": "string",
"extension": "string",
"enablePfs": false,
"peerSubnets": {
"subnets": [
"string"
]
},
"certificate": "string",
"psk": "string",
"description": "string",
"localId": "string",
"encryptionAlgorithm": "string",
"enabled": false,
"mtu": 0,
"peerIp": "string",
"localSubnets": {
"subnets": [
"string"
]
},
"name": "string",
"siteId": "string",
"localIp": "string",
"authenticationMode": "string",
"dhGroup": "string"
}Peer ID. Should be unique for all IPsec Site's configured for an NSX Edge.
extension
Enable/disable Perfect Forward Secrecy. Default is true.
certificate
Pre Shared Key for the IPsec Site. Required if Site peerIp is not 'any'. Global PSK is used when Authentication mode is PSK and Site peerIp is 'any'.
Description of the IPsec Site.
Local ID of the IPsec Site. Defaults to the local IP.
IPsec encryption algorithm with default as aes256. Valid values are 'aes', 'aes256', '3des', 'aes-gcm'.
Enable/disable IPsec Site.
MTU for the IPsec site. Defaults to the mtu of the NSX Edge vnic specified by the localIp. Optional.
IP (IPv4) address or FQDN of the Peer. Can also be specified as 'any'. Required.
Name of the IPsec Site.
ID of the IPsec Site configuration provided by NSX Manager.
Local IP of the IPsec Site. Should be one of the IP addresses configured on the uplink interfaces of the NSX Edge. Required.
Authentication mode for the IPsec Site. Valid values are psk and x.509, with psk as default.
Diffie-Hellman algorithm group. Defaults to DH14 for FIPS enabled NSX Edge. DH2 and DH5 are not supported when FIPS is enabled on NSX Edge. Valid values are DH2, DH5, DH14, DH15, DH16.