Update IPsec VPN Tunnel Profile

Create or patch custom IPSec tunnel profile. IPSec tunnel profile is a reusable profile that captures phase two negotiation parameters and tunnel properties. System will be provisioned with system owned editable default IPSec tunnel profile. Any change in profile affects all sessions consuming this profile.

Request

URL

PATCH

https://nsxmanager.your.domain/policy/api/v1/infra/ipsec-vpn-tunnel-profiles/{tunnel-profile-id}

Path Parameters

Required	Parameter Name	Type	Description
required	tunnel-profile-id	string	Not available

Request Body

Contains IPSecVpnTunnelProfile (required)

{
    "_create_time": 0,
    "_create_user": "string",
    "_last_modified_time": 0,
    "_last_modified_user": "string",
    "_links": [
        {
            "action": "string",
            "href": "string",
            "rel": "string"
        }
    ],
    "_protection": "string",
    "_revision": 0,
    "_schema": "string",
    "_self": {
        "action": "string",
        "href": "string",
        "rel": "string"
    },
    "_system_owned": false,
    "children": [
        {
            "_create_time": 0,
            "_create_user": "string",
            "_last_modified_time": 0,
            "_last_modified_user": "string",
            "_links": [
                {
                    "action": "string",
                    "href": "string",
                    "rel": "string"
                }
            ],
            "_protection": "string",
            "_revision": 0,
            "_schema": "string",
            "_self": {
                "action": "string",
                "href": "string",
                "rel": "string"
            },
            "_system_owned": false,
            "description": "string",
            "display_name": "string",
            "id": "string",
            "marked_for_delete": false,
            "resource_type": "string",
            "tags": [
                {
                    "scope": "string",
                    "tag": "string"
                }
            ]
        }
    ],
    "description": "string",
    "df_policy": "string",
    "dh_groups": [
        "string"
    ],
    "digest_algorithms": [
        "string"
    ],
    "display_name": "string",
    "enable_perfect_forward_secrecy": false,
    "encryption_algorithms": [
        "string"
    ],
    "id": "string",
    "marked_for_delete": false,
    "parent_path": "string",
    "path": "string",
    "relative_path": "string",
    "resource_type": "string",
    "sa_life_time": 0,
    "tags": [
        {
            "scope": "string",
            "tag": "string"
        }
    ]
}

Required	Property Name	Type	Description
optional	_create_time	integer	Timestamp of resource creation
optional	_create_user	string	ID of the user who created this resource
optional	_last_modified_time	integer	Timestamp of last modification
optional	_last_modified_user	string	ID of the user who last modified this resource
optional	_links	array of ResourceLink	The server will populate this field when returing the resource. Ignored on PUT and POST.
optional	_protection	string	Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.
optional	_revision	integer	The _revision property describes the current revision of the resource. To prevent clients from overwriting each other’s changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.
optional	_schema	string	Schema for this resource
optional	_self	SelfResourceLink	Link to this resource
optional	_system_owned	boolean	Indicates system owned resource
optional	children	array of ChildPolicyConfigResource	subtree for this type within policy tree containing nested elements.
optional	description	string	Description of this resource
optional	df_policy	string	Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet. Possible values are: CLEAR, COPY
optional	dh_groups	array of string	Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. Possible values are: GROUP14, GROUP15, GROUP16, GROUP19, GROUP2, GROUP20, GROUP21, GROUP5
optional	digest_algorithms	array of string	Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm “AES_GCM_128”. Possible values are: SHA1, SHA2_256, SHA2_384, SHA2_512
optional	display_name	string	Defaults to ID if not set
optional	enable_perfect_forward_secrecy	boolean	If true, perfect forward secrecy (PFS) is enabled.
optional	encryption_algorithms	array of string	Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. Possible values are: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256
optional	id	string	Unique identifier of this resource
optional	marked_for_delete	boolean	Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.
optional	parent_path	string	Path of its parent
optional	path	string	Absolute path of this object
optional	relative_path	string	Path relative from its parent
optional	resource_type	string	The type of this resource.
optional	sa_life_time	integer	SA life time specifies the expiry time of security association. Default is 3600 seconds.
optional	tags	array of Tag	Opaque identifiers meaningful to the API user

Response

200 OK

Operation doesn't return any data structure.

Errors

Code	Returns	Description
412	PreconditionFailed	Not available
500	InternalServerError	The server encountered an unexpected condition which prevented it from fulfilling the request.
503	ServiceUnavailable	The server is currently unavailable (because it is overloaded or down for maintenance).
400	BadRequest	The request cannot be fulfilled due to bad syntax.
403	Forbidden	The server understood the request, but is refusing to fulfill it.
404	NotFound	The requested resource could not be found but may be available again in the future.

IPsec VPN Tunnel Profiles Operations

put

Create IPsec VPN Tunnel Profile

delete

Delete IPsec VPN Tunnel Profile

get

Get IPsec VPN Tunnel Profile

get

List IPsec VPN Tunnel Profile

patch

Update IPsec VPN Tunnel Profile

Update IPsec VPN Tunnel Profile

On This Page

Request

URL

Path Parameters

Request Body

Response

Errors

On This Page

IPsec VPN Tunnel Profiles Operations

Was this page helpful?