This configuration captures phase two negotiation parameters and tunnel properties.


dfPolicy Optional

Policy for handling degragmentation bit. The default is COPY.

array of DhGroupType
dhGroups Required

The list of Diffie-Helman groups to be used is PFS is enabled. Default is GROUP14.

digestAlgorithms Optional

The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128.

encryptionAlgorithms Required

The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AESGMAC* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty.

perfectForwardSecrecyEnabled Optional

If true, perfect forward secrecy is enabled. The default value is true.

saLifeTime Optional

The Security Association life time in seconds. Default is 3600 seconds.

JSON Example

	"dhGroups": "enum",
	"encryptionAlgorithms": "enum"
Added in 33.0
Property Of



Was this page helpful?