Developer Documentation


NSX Edge IPsec Site configuration details.


Required Property Name Type Description
optional authenticationMode string

Authentication mode for the IPsec Site. Valid values are psk and x.509, with psk as default.

optional certificate string Not available
optional description string

Description of the IPsec Site.

optional dhGroup string

Diffie-Hellman algorithm group. Defaults to DH14 for FIPS enabled NSX Edge. DH2 and DH5 are not supported when FIPS is enabled on NSX Edge. Valid values are DH2, DH5, DH14, DH15, DH16.

optional enablePfs boolean

Enable/disable Perfect Forward Secrecy. Default is true.

optional enabled boolean

Enable/disable IPsec Site.

optional encryptionAlgorithm string

IPsec encryption algorithm with default as aes256. Valid values are ‘aes’, ‘aes256’, ‘3des’, ‘aes-gcm’.

optional extension string Not available
optional localId string

Local ID of the IPsec Site. Defaults to the local IP.

optional localIp string

Local IP of the IPsec Site. Should be one of the IP addresses configured on the uplink interfaces of the NSX Edge. Required.

optional localSubnets Subnets

Local subnets for which IPsec VPN is configured.

optional mtu integer

MTU for the IPsec site. Defaults to the mtu of the NSX Edge vnic specified by the localIp. Optional.

optional name string

Name of the IPsec Site.

optional peerId string

Peer ID. Should be unique for all IPsec Site’s configured for an NSX Edge.

optional peerIp string

IP (IPv4) address or FQDN of the Peer. Can also be specified as ‘any’. Required.

optional peerSubnets Subnets

Peer subnets for which IPsec VPN is configured.

optional psk string

Pre Shared Key for the IPsec Site. Required if Site peerIp is not ‘any’. Global PSK is used when Authentication mode is PSK and Site peerIp is ‘any’.

optional siteId string

ID of the IPsec Site configuration provided by NSX Manager.

Property of


Was this page helpful?