RouteBasedIPSecVpnSession

A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.


Properties

integer
_create_time Optional

Timestamp of resource creation


string
_create_user Optional

ID of the user who created this resource


integer
_last_modified_time Optional

Timestamp of last modification


string
_last_modified_user Optional

ID of the user who last modified this resource


array of ResourceLink
_links Optional

The server will populate this field when returing the resource. Ignored on PUT and POST.


string
_protection Optional

Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.


integer
_revision Optional

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other’s changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.


string
_schema Optional

Schema for this resource


_self Optional

Link to this resource


boolean
_system_owned Optional

Indicates system owned resource


string
authentication_mode Optional

Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication.

Possible values are: PSKCERTIFICATE


children Optional

subtree for this type within policy tree containing nested elements.


string
compliance_suite Optional

Compliance suite.

Possible values are: CNSASUITE_B_GCM_128SUITE_B_GCM_256PRIMEFOUNDATIONFIPSNONE


string
connection_initiation_mode Optional

Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.

Possible values are: INITIATORRESPOND_ONLYON_DEMAND


string
description Optional

Description of this resource


string
display_name Optional

Defaults to ID if not set


string
dpd_profile_path Optional

Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.


boolean
enabled Optional

Enable/Disable IPSec VPN session.


boolean
force_whitelisting Optional

If true the default firewall rule Action is set to DROP, otherwise set to ALLOW. This filed is deprecated and recommended to change Rule action filed. Note that this filed is not synchornied with default rule field.


string
id Optional

Unique identifier of this resource


string
ike_profile_path Optional

Policy path referencing IKE profile to be used. Default is set according to system default profile.


string
local_endpoint_path Optional

Policy path referencing Local endpoint.


boolean
marked_for_delete Optional

Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.


string
parent_path Optional

Path of its parent


string
path Optional

Absolute path of this object


string
peer_address Optional

Public IPV4 address of the remote device terminating the VPN connection.


string
peer_id Optional

Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.


string
psk Optional

IPSec Pre-shared key. Maximum length of this field is 128 characters.


string
relative_path Optional

Path relative from its parent


string
resource_type Optional

The type of this resource.


array of Tag
tags Optional

Opaque identifiers meaningful to the API user


tcp_mss_clamping Optional

TCP Maximum Segment Size Clamping Direction and Value.


tunnel_interfaces Optional

IP Tunnel interfaces.


string
tunnel_profile_path Optional

Policy path referencing Tunnel profile to be used. Default is set to system default profile.

Extends

IPSecVpnSession

JSON Example

{
    "_create_time": 0,
    "_create_user": "string",
    "_last_modified_time": 0,
    "_last_modified_user": "string",
    "_links": [
        {
            "action": "string",
            "href": "string",
            "rel": "string"
        }
    ],
    "_protection": "string",
    "_revision": 0,
    "_schema": "string",
    "_self": {
        "action": "string",
        "href": "string",
        "rel": "string"
    },
    "_system_owned": false,
    "authentication_mode": "string",
    "children": [
        {
            "_create_time": 0,
            "_create_user": "string",
            "_last_modified_time": 0,
            "_last_modified_user": "string",
            "_links": [
                {
                    "action": "string",
                    "href": "string",
                    "rel": "string"
                }
            ],
            "_protection": "string",
            "_revision": 0,
            "_schema": "string",
            "_self": {
                "action": "string",
                "href": "string",
                "rel": "string"
            },
            "_system_owned": false,
            "description": "string",
            "display_name": "string",
            "id": "string",
            "marked_for_delete": false,
            "resource_type": "string",
            "tags": [
                {
                    "scope": "string",
                    "tag": "string"
                }
            ]
        }
    ],
    "compliance_suite": "string",
    "connection_initiation_mode": "string",
    "description": "string",
    "display_name": "string",
    "dpd_profile_path": "string",
    "enabled": false,
    "force_whitelisting": false,
    "id": "string",
    "ike_profile_path": "string",
    "local_endpoint_path": "string",
    "marked_for_delete": false,
    "parent_path": "string",
    "path": "string",
    "peer_address": "string",
    "peer_id": "string",
    "psk": "string",
    "relative_path": "string",
    "resource_type": "string",
    "tags": [
        {
            "scope": "string",
            "tag": "string"
        }
    ],
    "tcp_mss_clamping": {
        "direction": "string",
        "max_segment_size": 0
    },
    "tunnel_interfaces": [
        {
            "_create_time": 0,
            "_create_user": "string",
            "_last_modified_time": 0,
            "_last_modified_user": "string",
            "_links": [
                {
                    "action": "string",
                    "href": "string",
                    "rel": "string"
                }
            ],
            "_protection": "string",
            "_revision": 0,
            "_schema": "string",
            "_self": {
                "action": "string",
                "href": "string",
                "rel": "string"
            },
            "_system_owned": false,
            "children": [
                {
                    "_create_time": 0,
                    "_create_user": "string",
                    "_last_modified_time": 0,
                    "_last_modified_user": "string",
                    "_links": [
                        {
                            "action": "string",
                            "href": "string",
                            "rel": "string"
                        }
                    ],
                    "_protection": "string",
                    "_revision": 0,
                    "_schema": "string",
                    "_self": {
                        "action": "string",
                        "href": "string",
                        "rel": "string"
                    },
                    "_system_owned": false,
                    "description": "string",
                    "display_name": "string",
                    "id": "string",
                    "marked_for_delete": false,
                    "resource_type": "string",
                    "tags": [
                        {
                            "scope": "string",
                            "tag": "string"
                        }
                    ]
                }
            ],
            "description": "string",
            "display_name": "string",
            "id": "string",
            "ip_subnets": [
                {
                    "ip_addresses": [
                        "string"
                    ],
                    "prefix_length": 0
                }
            ],
            "marked_for_delete": false,
            "parent_path": "string",
            "path": "string",
            "relative_path": "string",
            "resource_type": "string",
            "tags": [
                {
                    "scope": "string",
                    "tag": "string"
                }
            ]
        }
    ],
    "tunnel_profile_path": "string"
}
Feedback

Was this page helpful?