ipsec_tunnel¶
Overview¶
API to add, modify, delete, and get configuration for ipsec tunnels
Version information¶
Version : v2
URI scheme¶
Host :
BasePath : /sdwan/nitro/v2/config_editor/
Schemes : HTTP
Tags¶
- ipsec_tunnel : Operations related to ipsec_tunnel
Paths¶
POST operation for ipsec_tunnel¶
POST /ipsec_tunnel
Description¶
Use this operation to add ipsec tunnel
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Resource successfully added | ipsec_tunnel_post_success_schema |
| 400 | Failed: bad input parameter | ErrorSchema |
| 401 | Unauthorized: Failed Authentication | ErrorSchema |
| 403 | Unauthorized: Forbidden | ErrorSchema |
| 405 | Failed: Data format unacceptable | ErrorSchema |
| 415 | Failed: Data format unacceptable | ErrorSchema |
| 500 | Failed: Internal Server Error | ErrorSchema |
Produces¶
application/json
Tags¶
- ipsec_tunnel
Get operation for ipsec_tunnel¶
GET /ipsec_tunnel
Description¶
Use this operation to get the list of ipsec tunnels
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | API Successfully executed | ipsec_tunnel_response_schema |
| 400 | Failed: bad input parameter | ErrorSchema |
| 401 | Unauthorized: Failed Authentication | ErrorSchema |
| 403 | Unauthorized: Forbidden | ErrorSchema |
| 405 | Failed: Data format unacceptable | ErrorSchema |
| 415 | Failed: Data format unacceptable | ErrorSchema |
| 500 | Failed: Internal Server Error | ErrorSchema |
Produces¶
application/json
Tags¶
- ipsec_tunnel
PUT operation for ipsec_tunnel¶
PUT /ipsec_tunnel
Description¶
Use this operation to modify a ipsec tunnel
Parameters¶
| Type | Name | Schema |
|---|---|---|
| Body | body optional |
ipsec_tunnel_request_schema |
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Resource modified added | ipsec_tunnel_put_success_schema |
| 400 | Failed: bad input parameter | ErrorSchema |
| 401 | Unauthorized: Failed Authentication | ErrorSchema |
| 403 | Unauthorized: Forbidden | ErrorSchema |
| 405 | Failed: Data format unacceptable | ErrorSchema |
| 415 | Failed: Data format unacceptable | ErrorSchema |
| 500 | Failed: Internal Server Error | ErrorSchema |
Consumes¶
application/json
Produces¶
application/json
Tags¶
- ipsec_tunnel
DELETE operation for ipsec_tunnel¶
DELETE /ipsec_tunnel/{deletePathParam}
Description¶
Use this operation to delete a ipsec tunnel
Parameters¶
| Type | Name | Description | Schema |
|---|---|---|---|
| Path | deletePathParam required |
Object Primary Key for DELETE operation | object |
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Resource delete added | ipsec_tunnel_delete_success_schema |
| 400 | Failed: bad input parameter | ErrorSchema |
| 401 | Unauthorized: Failed Authentication | ErrorSchema |
| 403 | Unauthorized: Forbidden | ErrorSchema |
| 405 | Failed: Data format unacceptable | ErrorSchema |
| 415 | Failed: Data format unacceptable | ErrorSchema |
| 500 | Failed: Internal Server Error | ErrorSchema |
Produces¶
application/json
Tags¶
- ipsec_tunnel
Definitions¶
ErrorSchema¶
| Name | Schema |
|---|---|
| errorcode optional |
integer |
| errormessage optional |
string |
id¶
Auto-generated ID. Use this ID to modify or delete a IPSec Tunnel
Type : integer
ike_authentication¶
Type of authentication
Type : enum (PSK, Certificate)
ike_dh_group¶
DH group to use for IKE Key Generation
Type : enum (Group1, Group2, Group5, Group14, Group15, Group16, Group19, Group20, Group21)
ike_dpd_timeout_s¶
Time, in seconds, after receiving no packets or DPD replies to consider an IKE peer DEAD
Type : integer
ike_encryption¶
Encryption Mode for IKE messages
Type : enum (AES128, AES192, AES256)
ike_hash_algo¶
HASH algorithm used to authenticate IKE Messages
Type : enum (MD5, SHA1, SHA256)
ike_identity¶
Method by which to identify the peer
Type : enum (Auto, IP Address, User_fqdn)
ike_identity_data¶
Ike identity data for Manual-ipaddress and user_fqdn
Type : string
ike_integ_algo¶
HASH algorithm used to authenticate IKE Messages
Type : enum (MD5, SHA1, SHA256)
ike_lifetime_s¶
Preferred duration in seconds, for an IKE association to exist
Type : integer
ike_lifetime_s_max¶
Maximum preferred duration in seconds, to allow for an IKE association to exist
Type : integer
ike_mode¶
Mode of IKE negotiation to use
Type : enum (Main, Aggressive)
ike_peer_authentication¶
Type of authentication
Type : enum (Mirrored, PSK, Certificate)
ike_peer_preshared_key¶
Peer's Pre-Shared Key to use for IKE Authentication
Type : string
ike_preshared_key¶
Pre-Shared Key to use for IKE Authentication
Type : string
ike_version¶
Version of the IKE protocol to use
Type : enum (IKEv1, IKEv2)
intranet_service_type¶
Choose the service type to associate with the intranet service type
Type : enum (0, 1, 2, 3)
ipsec_dest_protected_network¶
Destination network IP and prefix of traffic to be protected by the Tunnel
Type : string
ipsec_encryption¶
Encryption type for IPsec messages
Type : enum (AES128, AES192, AES256, AES128GCM64, AES192GCM64, AES256GCM64, AES128GCM64, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128)
ipsec_hash_algo¶
HASH algorithm used to authenticate IKE Messages
Type : enum (MD5, SHA1, SHA256)
ipsec_lifetime_kb¶
Amount of data in kb, for an IPsec association to exist
Type : integer
ipsec_lifetime_kb_max¶
Maximum amount of data in kb, to allow for an IPsec association to exist
Type : integer
ipsec_lifetime_s¶
Preferred duration in seconds, for an IPsec association to exist
Type : integer
ipsec_lifetime_s_max¶
Maximum preferred duration in seconds, to allow for an IPsec association to exist
Type : integer
ipsec_mismatch_behaviour¶
Action to take if a packet does not match the IPsec tunnels protected network
Type : enum (Drop, Send UnEncrypted, Use Non IPsec route)
ipsec_pfs_group¶
PFS group to use for perfect forward secrecy Key Generation
Type : enum (None, Group1, Group2, Group5, Group14, Group15, Group16, Group19, Group20, Group21)
ipsec_service_type¶
Choose the service type to associate with the ipsec tunnel
Type : enum (Intranet, LAN)
ipsec_source_protected_network¶
Source network IP and prefix of traffic to be protected by the Tunnel
Type : string
ipsec_tunnel¶
| Name | Schema |
|---|---|
| id optional |
id |
| ike_authentication optional |
ike_authentication |
| ike_dh_group optional |
ike_dh_group |
| ike_dpd_timeout_s optional |
ike_dpd_timeout_s |
| ike_encryption optional |
ike_encryption |
| ike_hash_algo optional |
ike_hash_algo |
| ike_identity optional |
ike_identity |
| ike_identity_data optional |
ike_identity_data |
| ike_integ_algo optional |
ike_integ_algo |
| ike_lifetime_s optional |
ike_lifetime_s |
| ike_lifetime_s_max optional |
ike_lifetime_s_max |
| ike_mode optional |
ike_mode |
| ike_peer_authentication optional |
ike_peer_authentication |
| ike_peer_preshared_key optional |
ike_peer_preshared_key |
| ike_preshared_key optional |
ike_preshared_key |
| ike_version optional |
ike_version |
| intranet_service_type optional |
intranet_service_type |
| ipsec_dest_protected_network optional |
ipsec_dest_protected_network |
| ipsec_encryption optional |
ipsec_encryption |
| ipsec_hash_algo optional |
ipsec_hash_algo |
| ipsec_lifetime_kb optional |
ipsec_lifetime_kb |
| ipsec_lifetime_kb_max optional |
ipsec_lifetime_kb_max |
| ipsec_lifetime_s optional |
ipsec_lifetime_s |
| ipsec_lifetime_s_max optional |
ipsec_lifetime_s_max |
| ipsec_mismatch_behaviour optional |
ipsec_mismatch_behaviour |
| ipsec_pfs_group optional |
ipsec_pfs_group |
| ipsec_service_type optional |
ipsec_service_type |
| ipsec_source_protected_network optional |
ipsec_source_protected_network |
| ipsec_tunnel_additional_protected_network optional |
ipsec_tunnel_additional_protected_network |
| ipsec_tunnel_firewall_zone optional |
ipsec_tunnel_firewall_zone |
| ipsec_tunnel_type optional |
ipsec_tunnel_type |
| ipsec_tunnel_via_api optional |
ipsec_tunnel_via_api |
| keepalive optional |
keepalive |
| local_ip optional |
local_ip |
| mtu optional |
mtu |
| package_name optional |
package_name |
| peer_ip optional |
peer_ip |
| site_name optional |
site_name |
| tunnel_name optional |
tunnel_name |
| validate_peer_identity optional |
validate_peer_identity |
ipsec_tunnel_additional_protected_network¶
Flag to indicate if tunnel created via API
Type : boolean
ipsec_tunnel_delete_success_schema¶
| Name | Schema |
|---|---|
| ipsec_tunnel optional |
ipsec_tunnel |
| Name | Description | Schema |
|---|---|---|
| message optional |
Example : "resource deleted succesfully" |
string |
ipsec_tunnel_firewall_zone¶
ipsec tunnel firewall zone
Type : string
ipsec_tunnel_post_success_schema¶
| Name | Schema |
|---|---|
| ipsec_tunnel optional |
ipsec_tunnel |
| Name | Description | Schema |
|---|---|---|
| message optional |
Example : "resource added succesfully" |
string |
ipsec_tunnel_put_success_schema¶
| Name | Schema |
|---|---|
| ipsec_tunnel optional |
ipsec_tunnel |
| Name | Description | Schema |
|---|---|---|
| message optional |
Example : "resource modified succesfully" |
string |
ipsec_tunnel_request_schema¶
| Name | Schema |
|---|---|
| ipsec_tunnel optional |
ipsec_tunnel |
ipsec_tunnel_response_schema¶
Type : < ipsec_tunnel_response_schema > array
| Name | Schema |
|---|---|
| id optional |
id |
| ike_authentication optional |
ike_authentication |
| ike_dh_group optional |
ike_dh_group |
| ike_dpd_timeout_s optional |
ike_dpd_timeout_s |
| ike_encryption optional |
ike_encryption |
| ike_hash_algo optional |
ike_hash_algo |
| ike_identity optional |
ike_identity |
| ike_identity_data optional |
ike_identity_data |
| ike_integ_algo optional |
ike_integ_algo |
| ike_lifetime_s optional |
ike_lifetime_s |
| ike_lifetime_s_max optional |
ike_lifetime_s_max |
| ike_mode optional |
ike_mode |
| ike_peer_authentication optional |
ike_peer_authentication |
| ike_peer_preshared_key optional |
ike_peer_preshared_key |
| ike_preshared_key optional |
ike_preshared_key |
| ike_version optional |
ike_version |
| intranet_service_type optional |
intranet_service_type |
| ipsec_dest_protected_network optional |
ipsec_dest_protected_network |
| ipsec_encryption optional |
ipsec_encryption |
| ipsec_hash_algo optional |
ipsec_hash_algo |
| ipsec_lifetime_kb optional |
ipsec_lifetime_kb |
| ipsec_lifetime_kb_max optional |
ipsec_lifetime_kb_max |
| ipsec_lifetime_s optional |
ipsec_lifetime_s |
| ipsec_lifetime_s_max optional |
ipsec_lifetime_s_max |
| ipsec_mismatch_behaviour optional |
ipsec_mismatch_behaviour |
| ipsec_pfs_group optional |
ipsec_pfs_group |
| ipsec_service_type optional |
ipsec_service_type |
| ipsec_source_protected_network optional |
ipsec_source_protected_network |
| ipsec_tunnel_additional_protected_network optional |
ipsec_tunnel_additional_protected_network |
| ipsec_tunnel_firewall_zone optional |
ipsec_tunnel_firewall_zone |
| ipsec_tunnel_type optional |
ipsec_tunnel_type |
| ipsec_tunnel_via_api optional |
ipsec_tunnel_via_api |
| keepalive optional |
keepalive |
| local_ip optional |
local_ip |
| mtu optional |
mtu |
| package_name optional |
package_name |
| peer_ip optional |
peer_ip |
| site_name optional |
site_name |
| tunnel_name optional |
tunnel_name |
| validate_peer_identity optional |
validate_peer_identity |
ipsec_tunnel_type¶
IPsec Tunnel Encapsulation Type
Type : enum (ESP, ESP_NULL, ESP_Auth, AH)
ipsec_tunnel_via_api¶
Flag to indicate if tunnel created via API
Type : boolean
keepalive¶
Enable to keep the tunnel active and enable route eligiblity
Type : boolean
local_ip¶
Choose the local IP Address of the IPsec Tunnel
Type : string
mtu¶
Enter the MTU for fragmenting IKE and IPsec packets
Type : integer
package_name¶
Config package name using which the ipsec_tunnel API operation should be performed.
Type : string
peer_ip¶
Enter the peer IP Address of the IPsec Tunnel
Type : string
site_name¶
Site Name
Type : string
tunnel_name¶
IPsec tunnel name or the intranet service name
Type : string
validate_peer_identity¶
Validate the IKE's peer Identity
Type : boolean