a10_vpn

Synopsis

VPN Commands

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

asymmetric_flow_support

bool

Support asymmetric flows pass through IPsec tunnel

stateful_mode

bool

VPN module will work in stateful mode and create sessions

fragment_after_encap

bool

Fragment after adding IPsec headers

nat_traversal_flow_affinity

bool

Choose IPsec UDP source port based on port of inner flow (only for A10 to A10)

tcp_mss_adjust_disable

bool

Disable TCP MSS adjustment in SYN packet

jumbo_fragment

bool

Support IKE jumbo fragment packet

ike_sa_timeout

int

Timeout IKE-SA in connecting state in seconds (default 600s)

ipsec_error_dump

bool

Support record the error ipsec cavium information in dump file

uuid

str

uuid of the object

sampling_enable

list

Field sampling_enable

counters1

str

‘all’= all; ‘passthrough’= passthrough; ‘ha-standby-drop’= ha-standby-drop;

error

dict

Field error

uuid

str

uuid of the object

errordump

dict

Field errordump

uuid

str

uuid of the object

default

dict

Field default

uuid

str

uuid of the object

log

dict

Field log

uuid

str

uuid of the object

ike_stats_global

dict

Field ike_stats_global

uuid

str

uuid of the object

sampling_enable

list

Field sampling_enable

ike_gateway_list

list

Field ike_gateway_list

name

str

IKE-gateway name

ike_version

str

‘v1’= IKEv1 key exchange; ‘v2’= IKEv2 key exchange;

mode

str

‘main’= Negotiate Main mode (Default); ‘aggressive’= Negotiate Aggressive mode;

auth_method

str

‘preshare-key’= Authenticate the remote gateway using a pre-shared key (Default); ‘rsa-signature’= Authenticate the remote gateway using an RSA certificate; ‘ecdsa-signature’= Authenticate the remote gateway using an ECDSA certificate;

preshare_key_value

str

pre-shared key

preshare_key_encrypted

str

Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string)

key

str

Private Key

key_passphrase

str

Private Key Pass Phrase

key_passphrase_encrypted

str

Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string)

vrid

dict

Field vrid

local_cert

dict

Field local_cert

remote_ca_cert

dict

Field remote_ca_cert

local_id

str

Local Gateway Identity

remote_id

str

Remote Gateway Identity

enc_cfg

list

Field enc_cfg

dh_group

str

‘1’= Diffie-Hellman group 1 - 768-bit(Default); ‘2’= Diffie-Hellman group 2 - 1024-bit; ‘5’= Diffie-Hellman group 5 - 1536-bit; ‘14’= Diffie-Hellman group 14 - 2048-bit; ‘15’= Diffie-Hellman group 15 - 3072-bit; ‘16’= Diffie-Hellman group 16 - 4096-bit; ‘18’= Diffie-Hellman group 18 - 8192-bit; ‘19’= Diffie- Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve;

local_address

dict

Field local_address

remote_address

dict

Field remote_address

lifetime

int

IKE SA age in seconds

nat_traversal

bool

Field nat_traversal

dpd

dict

Field dpd

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

ipsec_list

list

Field ipsec_list

name

str

IPsec name

ike_gateway

str

Gateway to use for IPsec SA

mode

str

‘tunnel’= Encapsulating the packet in IPsec tunnel mode (Default);

proto

str

‘esp’= Encapsulating security protocol (Default);

dh_group

str

‘0’= Diffie-Hellman group 0 (Default); ‘1’= Diffie-Hellman group 1 - 768-bits; ‘2’= Diffie-Hellman group 2 - 1024-bits; ‘5’= Diffie-Hellman group 5 - 1536-bits; ‘14’= Diffie-Hellman group 14 - 2048-bits; ‘15’= Diffie-Hellman group 15 - 3072-bits; ‘16’= Diffie-Hellman group 16 - 4096-bits; ‘18’= Diffie- Hellman group 18 - 8192-bits; ‘19’= Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve;

enc_cfg

list

Field enc_cfg

lifetime

int

IPsec SA age in seconds

lifebytes

int

IPsec SA age in megabytes (0 indicates unlimited bytes)

anti_replay_window

str

‘0’= Disable Anti-Replay Window Check; ‘32’= Window size of 32; ‘64’= Window size of 64; ‘128’= Window size of 128; ‘256’= Window size of 256; ‘512’= Window size of 512; ‘1024’= Window size of 1024;

up

bool

Initiates SA negotiation to bring the IPsec connection up

sequence_number_disable

bool

Do not use incremental sequence number in the ESP header

traffic_selector

dict

Field traffic_selector

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

bind_tunnel

dict

Field bind_tunnel

revocation_list

list

Field revocation_list

name

str

Revocation name

ca

str

Certificate Authority file name

crl

dict

Field crl

ocsp

dict

Field ocsp

uuid

str

uuid of the object

user_tag

str

Customized tag

crl

dict

Field crl

uuid

str

uuid of the object

ocsp

dict

Field ocsp

uuid

str

uuid of the object

ipsec_sa_by_gw

dict

Field ipsec_sa_by_gw

uuid

str

uuid of the object

oper

dict

Field oper

IKE_Gateway_total

int

Field IKE_Gateway_total

IPsec_total

int

Field IPsec_total

IKE_SA_total

int

Field IKE_SA_total

IPsec_SA_total

int

Field IPsec_SA_total

IPsec_mode

str

Field IPsec_mode

Num_hardware_devices

int

Field Num_hardware_devices

Crypto_cores_total

int

Field Crypto_cores_total

Crypto_cores_assigned_to_IPsec

int

Field Crypto_cores_assigned_to_IPsec

Crypto_mem

int

Field Crypto_mem

all_partition_list

list

Field all_partition_list

all_partitions

bool

Field all_partitions

shared

bool

Field shared

specific_partition

str

Field specific_partition

errordump

dict

Field errordump

default

dict

Field default

log

dict

Field log

ike_gateway_list

list

Field ike_gateway_list

ipsec_list

list

Field ipsec_list

crl

dict

Field crl

ocsp

dict

Field ocsp

ipsec_sa_by_gw

dict

Field ipsec_sa_by_gw

stats

dict

Field stats

passthrough

str

Field passthrough

ha_standby_drop

str

Field ha_standby_drop

error

dict

Field error

ike_stats_global

dict

Field ike_stats_global

ike_gateway_list

list

Field ike_gateway_list

ipsec_list

list

Field ipsec_list

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks 2021