a10_vpn
Synopsis
VPN Commands
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
asymmetric_flow_support bool |
Support asymmetric flows pass through IPsec tunnel |
||
stateful_mode bool |
VPN module will work in stateful mode and create sessions |
||
fragment_after_encap bool |
Fragment after adding IPsec headers |
||
nat_traversal_flow_affinity bool |
Choose IPsec UDP source port based on port of inner flow (only for A10 to A10) |
||
tcp_mss_adjust_disable bool |
Disable TCP MSS adjustment in SYN packet |
||
jumbo_fragment bool |
Support IKE jumbo fragment packet |
||
ike_sa_timeout int |
Timeout IKE-SA in connecting state in seconds (default 600s) |
||
ike_acc_enable bool |
Enable IKE Acceleration by Cavium Nitrox card |
||
ike_logging_enable bool |
Enable IKE negotiation logging |
||
ipsec_error_dump bool |
Support record the error ipsec cavium information in dump file |
||
ipsec_mgmt_default_policy_drop bool |
Drop MGMT traffic that is not match ipsec tunnel, share partition only |
||
extended_matching bool |
Enable session extended matching for packet comes from IPsec tunnel |
||
enable_vpn_metrics bool |
Enable exporting vpn statstics to Harmony |
||
ipsec_cipher_check bool |
Enable cipher check, IPsec SA cipher must weaker than IKE gateway cipher, and DES/3DES/MD5/null will not work. |
||
signature_authentication bool |
Enable use of different hash algorithms for signature authentication in IKEv2 |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘passthrough’= passthrough; ‘ha-standby-drop’= ha-standby-drop; |
||
error dict |
Field error |
||
uuid str |
uuid of the object |
||
errordump dict |
Field errordump |
||
uuid str |
uuid of the object |
||
default dict |
Field default |
||
uuid str |
uuid of the object |
||
log dict |
Field log |
||
uuid str |
uuid of the object |
||
ike_stats_global dict |
Field ike_stats_global |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
ike_gateway_list list |
Field ike_gateway_list |
||
name str |
IKE-gateway name |
||
ike_version str |
‘v1’= IKEv1 key exchange; ‘v2’= IKEv2 key exchange; |
||
mode str |
‘main’= Negotiate Main mode (Default); ‘aggressive’= Negotiate Aggressive mode; |
||
auth_method str |
‘preshare-key’= Authenticate the remote gateway using a pre-shared key (Default); ‘rsa-signature’= Authenticate the remote gateway using an RSA certificate; ‘ecdsa-signature’= Authenticate the remote gateway using an ECDSA certificate; ‘eap-radius’= Authenticate the remote gateway using an EAP Radius server; ‘eap-tls’= Authenticate the remote gateway using EAP TLS; |
||
preshare_key_value str |
pre-shared key |
||
preshare_key_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string) |
||
hash str |
‘sha256’= Secure Hash Algorithm 256; ‘sha384’= Secure Hash Algorithm 384; ‘sha512’= Secure Hash Algorithm 512; |
||
interface_management bool |
only handle traffic on management interface, share partition only |
||
key str |
Private Key |
||
key_passphrase str |
Private Key Pass Phrase |
||
key_passphrase_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string) |
||
vrid dict |
Field vrid |
||
local_cert dict |
Field local_cert |
||
remote_ca_cert dict |
Field remote_ca_cert |
||
local_id str |
Local Gateway Identity |
||
remote_id str |
Remote Gateway Identity |
||
enc_cfg list |
Field enc_cfg |
||
dh_group str |
‘1’= Diffie-Hellman group 1 - 768-bit(Default); ‘2’= Diffie-Hellman group 2 - 1024-bit; ‘5’= Diffie-Hellman group 5 - 1536-bit; ‘14’= Diffie-Hellman group 14 - 2048-bit; ‘15’= Diffie-Hellman group 15 - 3072-bit; ‘16’= Diffie-Hellman group 16 - 4096-bit; ‘18’= Diffie-Hellman group 18 - 8192-bit; ‘19’= Diffie- Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve; |
||
local_address dict |
Field local_address |
||
remote_address dict |
Field remote_address |
||
lifetime int |
IKE SA age in seconds |
||
fragment_size int |
Enable IKE message fragment and set fragment size |
||
nat_traversal bool |
Field nat_traversal |
||
dpd dict |
Field dpd |
||
disable_rekey bool |
Disable initiating rekey |
||
configuration_payload str |
‘dhcp’= Enable DHCP configuration-payload; ‘radius’= Enable RADIUS configuration-payload; |
||
dhcp_server dict |
Field dhcp_server |
||
radius_server dict |
Field radius_server |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
ipsec_list list |
Field ipsec_list |
||
name str |
IPsec name |
||
mode str |
‘tunnel’= Encapsulating the packet in IPsec tunnel mode (Default); |
||
dscp str |
‘default’= Default dscp (000000); ‘af11’= AF11 (001010); ‘af12’= AF12 (001100); ‘af13’= AF13 (001110); ‘af21’= AF21 (010010); ‘af22’= AF22 (010100); ‘af23’= AF23 (010110); ‘af31’= AF31 (011010); ‘af32’= AF32 (011100); ‘af33’= AF33 (011110); ‘af41’= AF41 (100010); ‘af42’= AF42 (100100); ‘af43’= AF43 (100110); ‘cs1’= CS1 (001000); ‘cs2’= CS2 (010000); ‘cs3’= CS3 (011000); ‘cs4’= CS4 (100000); ‘cs5’= CS5 (101000); ‘cs6’= CS6 (110000); ‘cs7’= CS7 (111000); ‘ef’= EF (101110); ‘0’= 000000; ‘1’= 000001; ‘2’= 000010; ‘3’= 000011; ‘4’= 000100; ‘5’= 000101; ‘6’= 000110; ‘7’= 000111; ‘8’= 001000; ‘9’= 001001; ‘10’= 001010; ‘11’= 001011; ‘12’= 001100; ‘13’= 001101; ‘14’= 001110; ‘15’= 001111; ‘16’= 010000; ‘17’= 010001; ‘18’= 010010; ‘19’= 010011; ‘20’= 010100; ‘21’= 010101; ‘22’= 010110; ‘23’= 010111; ‘24’= 011000; ‘25’= 011001; ‘26’= 011010; ‘27’= 011011; ‘28’= 011100; ‘29’= 011101; ‘30’= 011110; ‘31’= 011111; ‘32’= 100000; ‘33’= 100001; ‘34’= 100010; ‘35’= 100011; ‘36’= 100100; ‘37’= 100101; ‘38’= 100110; ‘39’= 100111; ‘40’= 101000; ‘41’= 101001; ‘42’= 101010; ‘43’= 101011; ‘44’= 101100; ‘45’= 101101; ‘46’= 101110; ‘47’= 101111; ‘48’= 110000; ‘49’= 110001; ‘50’= 110010; ‘51’= 110011; ‘52’= 110100; ‘53’= 110101; ‘54’= 110110; ‘55’= 110111; ‘56’= 111000; ‘57’= 111001; ‘58’= 111010; ‘59’= 111011; ‘60’= 111100; ‘61’= 111101; ‘62’= 111110; ‘63’= 111111; |
||
proto str |
‘esp’= Encapsulating security protocol (Default); |
||
dh_group str |
‘0’= Diffie-Hellman group 0 (Default); ‘1’= Diffie-Hellman group 1 - 768-bits; ‘2’= Diffie-Hellman group 2 - 1024-bits; ‘5’= Diffie-Hellman group 5 - 1536-bits; ‘14’= Diffie-Hellman group 14 - 2048-bits; ‘15’= Diffie-Hellman group 15 - 3072-bits; ‘16’= Diffie-Hellman group 16 - 4096-bits; ‘18’= Diffie- Hellman group 18 - 8192-bits; ‘19’= Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve; |
||
enc_cfg list |
Field enc_cfg |
||
lifetime int |
IPsec SA age in seconds |
||
lifebytes int |
IPsec SA age in megabytes (0 indicates unlimited bytes) |
||
anti_replay_window str |
‘0’= Disable Anti-Replay Window Check; ‘32’= Window size of 32; ‘64’= Window size of 64; ‘128’= Window size of 128; ‘256’= Window size of 256; ‘512’= Window size of 512; ‘1024’= Window size of 1024; ‘2048’= Window size of 2048; ‘3072’= Window size of 3072; ‘4096’= Window size of 4096; ‘8192’= Window size of 8192; |
||
up bool |
Initiates SA negotiation to bring the IPsec connection up |
||
sequence_number_disable bool |
Do not use incremental sequence number in the ESP header |
||
traffic_selector dict |
Field traffic_selector |
||
enforce_traffic_selector bool |
Enforce Traffic Selector |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
bind_tunnel dict |
Field bind_tunnel |
||
ipsec_gateway dict |
Field ipsec_gateway |
||
ipsec_group_list list |
Field ipsec_group_list |
||
name str |
Group name |
||
ipsecgroup_cfg list |
Field ipsecgroup_cfg |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
group_list dict |
Field group_list |
||
uuid str |
uuid of the object |
||
ipsec_sa_stats_list list |
Field ipsec_sa_stats_list |
||
sampling_enable list |
Field sampling_enable |
||
revocation_list list |
Field revocation_list |
||
name str |
Revocation name |
||
ca str |
Certificate Authority file name |
||
crl dict |
Field crl |
||
ocsp dict |
Field ocsp |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
crl dict |
Field crl |
||
uuid str |
uuid of the object |
||
ocsp dict |
Field ocsp |
||
uuid str |
uuid of the object |
||
ipsec_sa_by_gw dict |
Field ipsec_sa_by_gw |
||
uuid str |
uuid of the object |
||
ike_sa dict |
Field ike_sa |
||
uuid str |
uuid of the object |
||
ipsec_sa dict |
Field ipsec_sa |
||
uuid str |
uuid of the object |
||
ike_sa_brief dict |
Field ike_sa_brief |
||
uuid str |
uuid of the object |
||
ike_sa_clients dict |
Field ike_sa_clients |
||
uuid str |
uuid of the object |
||
ipsec_sa_clients dict |
Field ipsec_sa_clients |
||
uuid str |
uuid of the object |
||
ike_stats_by_gw dict |
Field ike_stats_by_gw |
||
uuid str |
uuid of the object |
||
oper dict |
Field oper |
||
IKE_Gateway_total int |
Field IKE_Gateway_total |
||
IPsec_total int |
Field IPsec_total |
||
IKE_SA_total int |
Field IKE_SA_total |
||
IPsec_SA_total int |
Field IPsec_SA_total |
||
IPsec_mode str |
Field IPsec_mode |
||
Num_hardware_devices int |
Field Num_hardware_devices |
||
Crypto_cores_total int |
Field Crypto_cores_total |
||
Crypto_cores_assigned_to_IPsec int |
Field Crypto_cores_assigned_to_IPsec |
||
Crypto_mem int |
Field Crypto_mem |
||
all_partition_list list |
Field all_partition_list |
||
all_partitions bool |
Field all_partitions |
||
shared bool |
Field shared |
||
specific_partition str |
Field specific_partition |
||
errordump dict |
Field errordump |
||
default dict |
Field default |
||
log dict |
Field log |
||
ike_gateway_list list |
Field ike_gateway_list |
||
ipsec_list list |
Field ipsec_list |
||
group_list dict |
Field group_list |
||
crl dict |
Field crl |
||
ocsp dict |
Field ocsp |
||
ipsec_sa_by_gw dict |
Field ipsec_sa_by_gw |
||
ike_sa dict |
Field ike_sa |
||
ipsec_sa dict |
Field ipsec_sa |
||
ike_sa_brief dict |
Field ike_sa_brief |
||
ike_sa_clients dict |
Field ike_sa_clients |
||
ipsec_sa_clients dict |
Field ipsec_sa_clients |
||
ike_stats_by_gw dict |
Field ike_stats_by_gw |
||
stats dict |
Field stats |
||
passthrough str |
Field passthrough |
||
ha_standby_drop str |
Field ha_standby_drop |
||
error dict |
Field error |
||
ike_stats_global dict |
Field ike_stats_global |
||
ike_gateway_list list |
Field ike_gateway_list |
||
ipsec_list list |
Field ipsec_list |
||
ipsec_sa_stats_list list |
Field ipsec_sa_stats_list |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.