a10_vpn_ipsec

Synopsis

IPsec settings

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

name

str/required

IPsec name

mode

str

‘tunnel’= Encapsulating the packet in IPsec tunnel mode (Default);

dscp

str

‘default’= Default dscp (000000); ‘af11’= AF11 (001010); ‘af12’= AF12 (001100); ‘af13’= AF13 (001110); ‘af21’= AF21 (010010); ‘af22’= AF22 (010100); ‘af23’= AF23 (010110); ‘af31’= AF31 (011010); ‘af32’= AF32 (011100); ‘af33’= AF33 (011110); ‘af41’= AF41 (100010); ‘af42’= AF42 (100100); ‘af43’= AF43 (100110); ‘cs1’= CS1 (001000); ‘cs2’= CS2 (010000); ‘cs3’= CS3 (011000); ‘cs4’= CS4 (100000); ‘cs5’= CS5 (101000); ‘cs6’= CS6 (110000); ‘cs7’= CS7 (111000); ‘ef’= EF (101110); ‘0’= 000000; ‘1’= 000001; ‘2’= 000010; ‘3’= 000011; ‘4’= 000100; ‘5’= 000101; ‘6’= 000110; ‘7’= 000111; ‘8’= 001000; ‘9’= 001001; ‘10’= 001010; ‘11’= 001011; ‘12’= 001100; ‘13’= 001101; ‘14’= 001110; ‘15’= 001111; ‘16’= 010000; ‘17’= 010001; ‘18’= 010010; ‘19’= 010011; ‘20’= 010100; ‘21’= 010101; ‘22’= 010110; ‘23’= 010111; ‘24’= 011000; ‘25’= 011001; ‘26’= 011010; ‘27’= 011011; ‘28’= 011100; ‘29’= 011101; ‘30’= 011110; ‘31’= 011111; ‘32’= 100000; ‘33’= 100001; ‘34’= 100010; ‘35’= 100011; ‘36’= 100100; ‘37’= 100101; ‘38’= 100110; ‘39’= 100111; ‘40’= 101000; ‘41’= 101001; ‘42’= 101010; ‘43’= 101011; ‘44’= 101100; ‘45’= 101101; ‘46’= 101110; ‘47’= 101111; ‘48’= 110000; ‘49’= 110001; ‘50’= 110010; ‘51’= 110011; ‘52’= 110100; ‘53’= 110101; ‘54’= 110110; ‘55’= 110111; ‘56’= 111000; ‘57’= 111001; ‘58’= 111010; ‘59’= 111011; ‘60’= 111100; ‘61’= 111101; ‘62’= 111110; ‘63’= 111111;

proto

str

‘esp’= Encapsulating security protocol (Default);

dh_group

str

‘0’= Diffie-Hellman group 0 (Default); ‘1’= Diffie-Hellman group 1 - 768-bits; ‘2’= Diffie-Hellman group 2 - 1024-bits; ‘5’= Diffie-Hellman group 5 - 1536-bits; ‘14’= Diffie-Hellman group 14 - 2048-bits; ‘15’= Diffie-Hellman group 15 - 3072-bits; ‘16’= Diffie-Hellman group 16 - 4096-bits; ‘18’= Diffie- Hellman group 18 - 8192-bits; ‘19’= Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve;

enc_cfg

list

Field enc_cfg

encryption

str

‘des’= Data Encryption Standard algorithm; ‘3des’= Triple Data Encryption Standard algorithm; ‘aes-128’= Advanced Encryption Standard algorithm CBC Mode(key size= 128 bits); ‘aes-192’= Advanced Encryption Standard algorithm CBC Mode(key size= 192 bits); ‘aes-256’= Advanced Encryption Standard algorithm CBC Mode(key size= 256 bits); ‘aes-gcm-128’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 128 bits, ICV size= 16 bytes); ‘aes-gcm-192’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 192 bits, ICV size= 16 bytes); ‘aes-gcm-256’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 256 bits, ICV size= 16 bytes); ‘null’= No encryption algorithm;

hash

str

‘md5’= MD5 Dessage-Digest Algorithm; ‘sha1’= Secure Hash Algorithm 1; ‘sha256’= Secure Hash Algorithm 256; ‘sha384’= Secure Hash Algorithm 384; ‘sha512’= Secure Hash Algorithm 512; ‘null’= No hash algorithm;

priority

int

Prioritizes (1-10) security protocol, least value has highest priority

gcm_priority

int

Prioritizes (1-10) security protocol, least value has highest priority

lifetime

int

IPsec SA age in seconds

lifebytes

int

IPsec SA age in megabytes (0 indicates unlimited bytes)

anti_replay_window

str

‘0’= Disable Anti-Replay Window Check; ‘32’= Window size of 32; ‘64’= Window size of 64; ‘128’= Window size of 128; ‘256’= Window size of 256; ‘512’= Window size of 512; ‘1024’= Window size of 1024;

up

bool

Initiates SA negotiation to bring the IPsec connection up

sequence_number_disable

bool

Do not use incremental sequence number in the ESP header

traffic_selector

dict

Field traffic_selector

ipv4

dict

Field ipv4

ipv6

dict

Field ipv6

enforce_traffic_selector

bool

Enforce Traffic Selector

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

counters1

str

‘all’= all; ‘packets-encrypted’= Encrypted Packets; ‘packets-decrypted’= Decrypted Packets; ‘anti-replay-num’= Anti-Replay Failure; ‘rekey-num’= Rekey Times; ‘packets-err-inactive’= Inactive Error; ‘packets-err-encryption’= Encryption Error; ‘packets-err-pad-check’= Pad Check Error; ‘packets-err-pkt- sanity’= Packets Sanity Error; ‘packets-err-icv-check’= ICV Check Error; ‘packets-err-lifetime-lifebytes’= Lifetime Lifebytes Error; ‘bytes-encrypted’= Encrypted Bytes; ‘bytes-decrypted’= Decrypted Bytes; ‘prefrag-success’= Pre- frag Success; ‘prefrag-error’= Pre-frag Error; ‘cavium-bytes-encrypted’= CAVIUM Encrypted Bytes; ‘cavium-bytes-decrypted’= CAVIUM Decrypted Bytes; ‘cavium- packets-encrypted’= CAVIUM Encrypted Packets; ‘cavium-packets-decrypted’= CAVIUM Decrypted Packets; ‘qat-bytes-encrypted’= QAT Encrypted Bytes; ‘qat- bytes-decrypted’= QAT Decrypted Bytes; ‘qat-packets-encrypted’= QAT Encrypted Packets; ‘qat-packets-decrypted’= QAT Decrypted Packets; ‘tunnel-intf-down’= Packet dropped= Tunnel Interface Down; ‘pkt-fail-prep-to-send’= Packet dropped= Failed in prepare to send; ‘no-next-hop’= Packet dropped= No next hop; ‘invalid-tunnel-id’= Packet dropped= Invalid tunnel ID; ‘no-tunnel-found’= Packet dropped= No tunnel found; ‘pkt-fail-to-send’= Packet dropped= Failed to send; ‘frag-after-encap-frag-packets’= Frag-after-encap Fragment Generated; ‘frag-received’= Fragment Received; ‘sequence-num’= Sequence Number; ‘sequence- num-rollover’= Sequence Number Rollover; ‘packets-err-nh-check’= Next Header Check Error;

bind_tunnel

dict

Field bind_tunnel

tunnel

int

Tunnel interface index

next_hop

str

IPsec Next Hop IP Address

next_hop_v6

str

IPsec Next Hop IPv6 Address

uuid

str

uuid of the object

ipsec_gateway

dict

Field ipsec_gateway

ike_gateway

str

Gateway to use for IPsec SA

uuid

str

uuid of the object

oper

dict

Field oper

remote_ts_filter

str

Field remote_ts_filter

remote_ts_v6_filter

str

Field remote_ts_v6_filter

in_spi_filter

str

Field in_spi_filter

out_spi_filter

str

Field out_spi_filter

SA_List

list

Field SA_List

name

str

IPsec name

stats

dict

Field stats

packets_encrypted

str

Encrypted Packets

packets_decrypted

str

Decrypted Packets

anti_replay_num

str

Anti-Replay Failure

rekey_num

str

Rekey Times

packets_err_inactive

str

Inactive Error

packets_err_encryption

str

Encryption Error

packets_err_pad_check

str

Pad Check Error

packets_err_pkt_sanity

str

Packets Sanity Error

packets_err_icv_check

str

ICV Check Error

packets_err_lifetime_lifebytes

str

Lifetime Lifebytes Error

bytes_encrypted

str

Encrypted Bytes

bytes_decrypted

str

Decrypted Bytes

prefrag_success

str

Pre-frag Success

prefrag_error

str

Pre-frag Error

cavium_bytes_encrypted

str

CAVIUM Encrypted Bytes

cavium_bytes_decrypted

str

CAVIUM Decrypted Bytes

cavium_packets_encrypted

str

CAVIUM Encrypted Packets

cavium_packets_decrypted

str

CAVIUM Decrypted Packets

qat_bytes_encrypted

str

QAT Encrypted Bytes

qat_bytes_decrypted

str

QAT Decrypted Bytes

qat_packets_encrypted

str

QAT Encrypted Packets

qat_packets_decrypted

str

QAT Decrypted Packets

tunnel_intf_down

str

Packet dropped= Tunnel Interface Down

pkt_fail_prep_to_send

str

Packet dropped= Failed in prepare to send

no_next_hop

str

Packet dropped= No next hop

invalid_tunnel_id

str

Packet dropped= Invalid tunnel ID

no_tunnel_found

str

Packet dropped= No tunnel found

pkt_fail_to_send

str

Packet dropped= Failed to send

frag_after_encap_frag_packets

str

Frag-after-encap Fragment Generated

frag_received

str

Fragment Received

sequence_num

str

Sequence Number

sequence_num_rollover

str

Sequence Number Rollover

packets_err_nh_check

str

Next Header Check Error

name

str

IPsec name

Examples


Return Values

modified_values (changed, dict, )

Values modified (or potential changes if using check_mode) as a result of task operation

axapi_calls (always, list, )

Sequential list of AXAPI calls made by the task

endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])

The AXAPI endpoint being accessed.

http_method (, str, [‘POST’, ‘GET’])

HTTP method being used by the primary task to interact with the AXAPI endpoint.

request_body (, complex, )

Params used to query the AXAPI

response_body (, complex, )

Response from the AXAPI

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks 2021