TunnelConfig

This configuration captures phase two negotiation parameters and tunnel properties.


Properties

dfPolicy Optional

Policy for handling degragmentation bit. The default is COPY.

Possible values are: COPYCLEAR


array of DhGroupType
dhGroups Required

The list of Diffie-Helman groups to be used is PFS is enabled. Default is GROUP14.

Possible values are: GROUP2GROUP5GROUP14GROUP15GROUP16GROUP19GROUP20GROUP21


digestAlgorithms Optional

The list of Digest algorithms to be used for message digest. The default digest algorithm is implictly covered by default encrpyption algorithm AES_GCM_128.

Possible values are: SHA1SHA2_256SHA2_384SHA2_512


encryptionAlgorithms Required

The list of Encryption algorithms to use in IPSec tunnel establishment. Default is AES_GCM_128. NO_ENCRYPTION_AUTH_AESGMAC* enables authentication on input data without encryption. If one of these options is used, digest algorithm should be empty.

Possible values are: AES_128AES_256AES_GCM_128AES_GCM_192AES_GCM_256NO_ENCRYPTION_AUTH_AES_GMAC_128NO_ENCRYPTION_AUTH_AES_GMAC_192NO_ENCRYPTION_AUTH_AES_GMAC_256NO_ENCRYPTION


boolean
perfectForwardSecrecyEnabled Optional

If true, perfect forward secrecy is enabled. The default value is true.


integer
saLifeTime Optional

The Security Association life time in seconds. Default is 3600 seconds.

JSON Example

{
    "dhGroups": "enum",
    "encryptionAlgorithms": "enum"
}
Availability
Added in 33.0
Property Of

EdgeIpSecVpnTunnelConnectionProperties
Feedback

Was this page helpful?