InlineIPSecVpnTunnelProfile

Description not available

Properties

string
df_policy Optional

Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet.

Possible values are: COPYCLEAR


array of string
dh_groups Optional

Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.

Possible values are: GROUP2GROUP5GROUP14GROUP15GROUP16GROUP19GROUP20GROUP21


array of string
digest_algorithms Optional

Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm “AES_GCM_128”.

Possible values are: SHA1SHA2_256SHA2_384SHA2_512


boolean
enable_perfect_forward_secrecy Optional

If true, perfect forward secrecy (PFS) is enabled.


array of string
encryption_algorithms Optional

Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128.

Possible values are: AES_128AES_256AES_GCM_128AES_GCM_192AES_GCM_256NO_ENCRYPTION_AUTH_AES_GMAC_128NO_ENCRYPTION_AUTH_AES_GMAC_192NO_ENCRYPTION_AUTH_AES_GMAC_256NO_ENCRYPTION


integer as int64
sa_life_time Optional

SA life time specifies the expiry time of security association. Default is 3600 seconds.

JSON Example

{
	"df_policy": "COPY",
	"dh_groups": [
		"GROUP2"
	],
	"digest_algorithms": [
		"SHA1"
	],
	"enable_perfect_forward_secrecy": false,
	"encryption_algorithms": [
		"AES_128"
	],
	"sa_life_time": 0
}

Vendor Extensions

This class contains the following vendor extensions defined in the spec:
x-vmw-nsx-module: PolicyIPSecVpn

Feedback

Was this page helpful?