GatewayIpSecVpnTunnelConfig

GatewayIpSecVpnTunnelConfig
GatewayIpSecVpnTunnelConfig

This configuration captures phase two negotiation parameters and tunnel properties.

JSON Example
{
    "perfectForwardSecrecyActive": false,
    "dfPolicy": "string",
    "dhGroups": [
        "string"
    ],
    "digestAlgorithms": [
        "string"
    ],
    "encryptionAlgorithms": [
        "string"
    ],
    "saLifeTime": 0
}
boolean
perfectForwardSecrecyActive
Optional
Constraints: default: true

If true, perfect forward secrecy is active. The default value is true.

string
dfPolicy
Optional

Policy for handling defragmentation bit. The default is COPY. Below are valid values.

  • COPY
  • CLEAR
array of string
dhGroups
Required
Constraints: minItems: 1

The list of Diffie-Helman groups to be used is PFS is active. Default is GROUP14. Below are valid values.

  • GROUP2
  • GROUP5
  • GROUP14
  • GROUP14
  • GROUP15
  • GROUP16
  • GROUP19
  • GROUP20
  • GROUP21
array of string
digestAlgorithms
Optional

The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128. Below are valid values.

  • SHA1
  • SHA2_256
  • SHA2_384
  • SHA2_512
array of string
encryptionAlgorithms
Required
Constraints: minItems: 1

The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty. Below are valid values.

  • AES_128
  • AES_256
  • AES_GCM_128
  • AES_GCM_192
  • AES_GCM_256
integer
saLifeTime
Optional
Constraints: minimum: 900 maximum: 31536000

The Security Association life time in seconds. Default is 3600 seconds.

Property Of