a10_vpn¶
Parameters¶
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
asymmetric_flow_support bool |
Support asymmetric flows pass through IPsec tunnel |
||
stateful_mode bool |
VPN module will work in stateful mode and create sessions |
||
fragment_after_encap bool |
Fragment after adding IPsec headers |
||
nat_traversal_flow_affinity bool |
Choose IPsec UDP source port based on port of inner flow (only for A10 to A10) |
||
tcp_mss_adjust_disable bool |
Disable TCP MSS adjustment in SYN packet |
||
jumbo_fragment bool |
Support IKE jumbo fragment packet |
||
ike_sa_timeout int |
Timeout IKE-SA in connecting state in seconds (default 600s) |
||
ipsec_error_dump bool |
Support record the error ipsec cavium information in dump file |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘passthrough’= passthrough; ‘ha-standby-drop’= ha-standby-drop; |
||
error dict |
Field error |
||
uuid str |
uuid of the object |
||
errordump dict |
Field errordump |
||
uuid str |
uuid of the object |
||
default dict |
Field default |
||
uuid str |
uuid of the object |
||
log dict |
Field log |
||
uuid str |
uuid of the object |
||
ike_stats_global dict |
Field ike_stats_global |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
ike_gateway_list list |
Field ike_gateway_list |
||
name str |
IKE-gateway name |
||
ike_version str |
‘v1’= IKEv1 key exchange; ‘v2’= IKEv2 key exchange; |
||
mode str |
‘main’= Negotiate Main mode (Default); ‘aggressive’= Negotiate Aggressive mode; |
||
auth_method str |
‘preshare-key’= Authenticate the remote gateway using a pre-shared key (Default); ‘rsa-signature’= Authenticate the remote gateway using an RSA certificate; ‘ecdsa-signature’= Authenticate the remote gateway using an ECDSA certificate; |
||
preshare_key_value str |
pre-shared key |
||
preshare_key_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string) |
||
key str |
Private Key |
||
key_passphrase str |
Private Key Pass Phrase |
||
key_passphrase_encrypted str |
Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string) |
||
vrid dict |
Field vrid |
||
local_cert dict |
Field local_cert |
||
remote_ca_cert dict |
Field remote_ca_cert |
||
local_id str |
Local Gateway Identity |
||
remote_id str |
Remote Gateway Identity |
||
enc_cfg list |
Field enc_cfg |
||
dh_group str |
‘1’= Diffie-Hellman group 1 - 768-bit(Default); ‘2’= Diffie-Hellman group 2 - 1024-bit; ‘5’= Diffie-Hellman group 5 - 1536-bit; ‘14’= Diffie-Hellman group 14 - 2048-bit; ‘15’= Diffie-Hellman group 15 - 3072-bit; ‘16’= Diffie-Hellman group 16 - 4096-bit; ‘18’= Diffie-Hellman group 18 - 8192-bit; ‘19’= Diffie- Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve; |
||
local_address dict |
Field local_address |
||
remote_address dict |
Field remote_address |
||
lifetime int |
IKE SA age in seconds |
||
nat_traversal bool |
Field nat_traversal |
||
dpd dict |
Field dpd |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
ipsec_list list |
Field ipsec_list |
||
name str |
IPsec name |
||
ike_gateway str |
Gateway to use for IPsec SA |
||
mode str |
‘tunnel’= Encapsulating the packet in IPsec tunnel mode (Default); |
||
proto str |
‘esp’= Encapsulating security protocol (Default); |
||
dh_group str |
‘0’= Diffie-Hellman group 0 (Default); ‘1’= Diffie-Hellman group 1 - 768-bits; ‘2’= Diffie-Hellman group 2 - 1024-bits; ‘5’= Diffie-Hellman group 5 - 1536-bits; ‘14’= Diffie-Hellman group 14 - 2048-bits; ‘15’= Diffie-Hellman group 15 - 3072-bits; ‘16’= Diffie-Hellman group 16 - 4096-bits; ‘18’= Diffie- Hellman group 18 - 8192-bits; ‘19’= Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve; |
||
enc_cfg list |
Field enc_cfg |
||
lifetime int |
IPsec SA age in seconds |
||
lifebytes int |
IPsec SA age in megabytes (0 indicates unlimited bytes) |
||
anti_replay_window str |
‘0’= Disable Anti-Replay Window Check; ‘32’= Window size of 32; ‘64’= Window size of 64; ‘128’= Window size of 128; ‘256’= Window size of 256; ‘512’= Window size of 512; ‘1024’= Window size of 1024; |
||
up bool |
Initiates SA negotiation to bring the IPsec connection up |
||
sequence_number_disable bool |
Do not use incremental sequence number in the ESP header |
||
traffic_selector dict |
Field traffic_selector |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
bind_tunnel dict |
Field bind_tunnel |
||
revocation_list list |
Field revocation_list |
||
name str |
Revocation name |
||
ca str |
Certificate Authority file name |
||
crl dict |
Field crl |
||
ocsp dict |
Field ocsp |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
crl dict |
Field crl |
||
uuid str |
uuid of the object |
||
ocsp dict |
Field ocsp |
||
uuid str |
uuid of the object |
||
ipsec_sa_by_gw dict |
Field ipsec_sa_by_gw |
||
uuid str |
uuid of the object |
||
oper dict |
Field oper |
||
IKE_Gateway_total int |
Field IKE_Gateway_total |
||
IPsec_total int |
Field IPsec_total |
||
IKE_SA_total int |
Field IKE_SA_total |
||
IPsec_SA_total int |
Field IPsec_SA_total |
||
IPsec_mode str |
Field IPsec_mode |
||
Num_hardware_devices int |
Field Num_hardware_devices |
||
Crypto_cores_total int |
Field Crypto_cores_total |
||
Crypto_cores_assigned_to_IPsec int |
Field Crypto_cores_assigned_to_IPsec |
||
Crypto_mem int |
Field Crypto_mem |
||
all_partition_list list |
Field all_partition_list |
||
all_partitions bool |
Field all_partitions |
||
shared bool |
Field shared |
||
specific_partition str |
Field specific_partition |
||
errordump dict |
Field errordump |
||
default dict |
Field default |
||
log dict |
Field log |
||
ike_gateway_list list |
Field ike_gateway_list |
||
ipsec_list list |
Field ipsec_list |
||
crl dict |
Field crl |
||
ocsp dict |
Field ocsp |
||
ipsec_sa_by_gw dict |
Field ipsec_sa_by_gw |
||
stats dict |
Field stats |
||
passthrough str |
Field passthrough |
||
ha_standby_drop str |
Field ha_standby_drop |
||
error dict |
Field error |
||
ike_stats_global dict |
Field ike_stats_global |
||
ike_gateway_list list |
Field ike_gateway_list |
||
ipsec_list list |
Field ipsec_list |
||