a10_vpn_ipsec
Synopsis
IPsec settings
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
IPsec name |
||
mode str |
‘tunnel’= Encapsulating the packet in IPsec tunnel mode (Default); |
||
dscp str |
‘default’= Default dscp (000000); ‘af11’= AF11 (001010); ‘af12’= AF12 (001100); ‘af13’= AF13 (001110); ‘af21’= AF21 (010010); ‘af22’= AF22 (010100); ‘af23’= AF23 (010110); ‘af31’= AF31 (011010); ‘af32’= AF32 (011100); ‘af33’= AF33 (011110); ‘af41’= AF41 (100010); ‘af42’= AF42 (100100); ‘af43’= AF43 (100110); ‘cs1’= CS1 (001000); ‘cs2’= CS2 (010000); ‘cs3’= CS3 (011000); ‘cs4’= CS4 (100000); ‘cs5’= CS5 (101000); ‘cs6’= CS6 (110000); ‘cs7’= CS7 (111000); ‘ef’= EF (101110); ‘0’= 000000; ‘1’= 000001; ‘2’= 000010; ‘3’= 000011; ‘4’= 000100; ‘5’= 000101; ‘6’= 000110; ‘7’= 000111; ‘8’= 001000; ‘9’= 001001; ‘10’= 001010; ‘11’= 001011; ‘12’= 001100; ‘13’= 001101; ‘14’= 001110; ‘15’= 001111; ‘16’= 010000; ‘17’= 010001; ‘18’= 010010; ‘19’= 010011; ‘20’= 010100; ‘21’= 010101; ‘22’= 010110; ‘23’= 010111; ‘24’= 011000; ‘25’= 011001; ‘26’= 011010; ‘27’= 011011; ‘28’= 011100; ‘29’= 011101; ‘30’= 011110; ‘31’= 011111; ‘32’= 100000; ‘33’= 100001; ‘34’= 100010; ‘35’= 100011; ‘36’= 100100; ‘37’= 100101; ‘38’= 100110; ‘39’= 100111; ‘40’= 101000; ‘41’= 101001; ‘42’= 101010; ‘43’= 101011; ‘44’= 101100; ‘45’= 101101; ‘46’= 101110; ‘47’= 101111; ‘48’= 110000; ‘49’= 110001; ‘50’= 110010; ‘51’= 110011; ‘52’= 110100; ‘53’= 110101; ‘54’= 110110; ‘55’= 110111; ‘56’= 111000; ‘57’= 111001; ‘58’= 111010; ‘59’= 111011; ‘60’= 111100; ‘61’= 111101; ‘62’= 111110; ‘63’= 111111; |
||
proto str |
‘esp’= Encapsulating security protocol (Default); |
||
dh_group str |
‘0’= Diffie-Hellman group 0 (Default); ‘1’= Diffie-Hellman group 1 - 768-bits; ‘2’= Diffie-Hellman group 2 - 1024-bits; ‘5’= Diffie-Hellman group 5 - 1536-bits; ‘14’= Diffie-Hellman group 14 - 2048-bits; ‘15’= Diffie-Hellman group 15 - 3072-bits; ‘16’= Diffie-Hellman group 16 - 4096-bits; ‘18’= Diffie- Hellman group 18 - 8192-bits; ‘19’= Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve; |
||
enc_cfg list |
Field enc_cfg |
||
encryption str |
‘des’= Data Encryption Standard algorithm; ‘3des’= Triple Data Encryption Standard algorithm; ‘aes-128’= Advanced Encryption Standard algorithm CBC Mode(key size= 128 bits); ‘aes-192’= Advanced Encryption Standard algorithm CBC Mode(key size= 192 bits); ‘aes-256’= Advanced Encryption Standard algorithm CBC Mode(key size= 256 bits); ‘aes-gcm-128’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 128 bits, ICV size= 16 bytes); ‘aes-gcm-192’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 192 bits, ICV size= 16 bytes); ‘aes-gcm-256’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 256 bits, ICV size= 16 bytes); ‘null’= No encryption algorithm; |
||
hash str |
‘md5’= MD5 Dessage-Digest Algorithm; ‘sha1’= Secure Hash Algorithm 1; ‘sha256’= Secure Hash Algorithm 256; ‘sha384’= Secure Hash Algorithm 384; ‘sha512’= Secure Hash Algorithm 512; ‘null’= No hash algorithm; |
||
priority int |
Prioritizes (1-10) security protocol, least value has highest priority |
||
gcm_priority int |
Prioritizes (1-10) security protocol, least value has highest priority |
||
lifetime int |
IPsec SA age in seconds |
||
lifebytes int |
IPsec SA age in megabytes (0 indicates unlimited bytes) |
||
anti_replay_window str |
‘0’= Disable Anti-Replay Window Check; ‘32’= Window size of 32; ‘64’= Window size of 64; ‘128’= Window size of 128; ‘256’= Window size of 256; ‘512’= Window size of 512; ‘1024’= Window size of 1024; ‘2048’= Window size of 2048; ‘3072’= Window size of 3072; ‘4096’= Window size of 4096; ‘8192’= Window size of 8192; |
||
up bool |
Initiates SA negotiation to bring the IPsec connection up |
||
sequence_number_disable bool |
Do not use incremental sequence number in the ESP header |
||
traffic_selector dict |
Field traffic_selector |
||
ipv4 dict |
Field ipv4 |
||
ipv6 dict |
Field ipv6 |
||
enforce_traffic_selector bool |
Enforce Traffic Selector |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘packets-encrypted’= Encrypted Packets; ‘packets-decrypted’= Decrypted Packets; ‘anti-replay-num’= Anti-Replay Failure; ‘rekey-num’= Rekey Times; ‘packets-err-inactive’= Inactive Error; ‘packets-err-encryption’= Encryption Error; ‘packets-err-pad-check’= Pad Check Error; ‘packets-err-pkt- sanity’= Packets Sanity Error; ‘packets-err-icv-check’= ICV Check Error; ‘packets-err-lifetime-lifebytes’= Lifetime Lifebytes Error; ‘bytes-encrypted’= Encrypted Bytes; ‘bytes-decrypted’= Decrypted Bytes; ‘prefrag-success’= Pre- frag Success; ‘prefrag-error’= Pre-frag Error; ‘cavium-bytes-encrypted’= CAVIUM Encrypted Bytes; ‘cavium-bytes-decrypted’= CAVIUM Decrypted Bytes; ‘cavium- packets-encrypted’= CAVIUM Encrypted Packets; ‘cavium-packets-decrypted’= CAVIUM Decrypted Packets; ‘qat-bytes-encrypted’= QAT Encrypted Bytes; ‘qat- bytes-decrypted’= QAT Decrypted Bytes; ‘qat-packets-encrypted’= QAT Encrypted Packets; ‘qat-packets-decrypted’= QAT Decrypted Packets; ‘tunnel-intf-down’= Packet dropped= Tunnel Interface Down; ‘pkt-fail-prep-to-send’= Packet dropped= Failed in prepare to send; ‘no-next-hop’= Packet dropped= No next hop; ‘invalid-tunnel-id’= Packet dropped= Invalid tunnel ID; ‘no-tunnel-found’= Packet dropped= No tunnel found; ‘pkt-fail-to-send’= Packet dropped= Failed to send; ‘frag-after-encap-frag-packets’= Frag-after-encap Fragment Generated; ‘frag-received’= Fragment Received; ‘sequence-num’= Sequence Number; ‘sequence- num-rollover’= Sequence Number Rollover; ‘packets-err-nh-check’= Next Header Check Error; |
||
bind_tunnel dict |
Field bind_tunnel |
||
tunnel int |
Tunnel interface index |
||
next_hop str |
IPsec Next Hop IP Address |
||
next_hop_v6 str |
IPsec Next Hop IPv6 Address |
||
uuid str |
uuid of the object |
||
ipsec_gateway dict |
Field ipsec_gateway |
||
ike_gateway str |
Gateway to use for IPsec SA |
||
uuid str |
uuid of the object |
||
oper dict |
Field oper |
||
remote_ts_filter str |
Field remote_ts_filter |
||
remote_ts_v6_filter str |
Field remote_ts_v6_filter |
||
in_spi_filter str |
Field in_spi_filter |
||
out_spi_filter str |
Field out_spi_filter |
||
SA_List list |
Field SA_List |
||
name str |
IPsec name |
||
stats dict |
Field stats |
||
packets_encrypted str |
Encrypted Packets |
||
packets_decrypted str |
Decrypted Packets |
||
anti_replay_num str |
Anti-Replay Failure |
||
rekey_num str |
Rekey Times |
||
packets_err_inactive str |
Inactive Error |
||
packets_err_encryption str |
Encryption Error |
||
packets_err_pad_check str |
Pad Check Error |
||
packets_err_pkt_sanity str |
Packets Sanity Error |
||
packets_err_icv_check str |
ICV Check Error |
||
packets_err_lifetime_lifebytes str |
Lifetime Lifebytes Error |
||
bytes_encrypted str |
Encrypted Bytes |
||
bytes_decrypted str |
Decrypted Bytes |
||
prefrag_success str |
Pre-frag Success |
||
prefrag_error str |
Pre-frag Error |
||
cavium_bytes_encrypted str |
CAVIUM Encrypted Bytes |
||
cavium_bytes_decrypted str |
CAVIUM Decrypted Bytes |
||
cavium_packets_encrypted str |
CAVIUM Encrypted Packets |
||
cavium_packets_decrypted str |
CAVIUM Decrypted Packets |
||
qat_bytes_encrypted str |
QAT Encrypted Bytes |
||
qat_bytes_decrypted str |
QAT Decrypted Bytes |
||
qat_packets_encrypted str |
QAT Encrypted Packets |
||
qat_packets_decrypted str |
QAT Decrypted Packets |
||
tunnel_intf_down str |
Packet dropped= Tunnel Interface Down |
||
pkt_fail_prep_to_send str |
Packet dropped= Failed in prepare to send |
||
no_next_hop str |
Packet dropped= No next hop |
||
invalid_tunnel_id str |
Packet dropped= Invalid tunnel ID |
||
no_tunnel_found str |
Packet dropped= No tunnel found |
||
pkt_fail_to_send str |
Packet dropped= Failed to send |
||
frag_after_encap_frag_packets str |
Frag-after-encap Fragment Generated |
||
frag_received str |
Fragment Received |
||
sequence_num str |
Sequence Number |
||
sequence_num_rollover str |
Sequence Number Rollover |
||
packets_err_nh_check str |
Next Header Check Error |
||
name str |
IPsec name |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.