a10_vpn_ike_gateway

Synopsis

IKE-gateway settings

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

name

str/required

IKE-gateway name

ike_version

str

‘v1’= IKEv1 key exchange; ‘v2’= IKEv2 key exchange;

mode

str

‘main’= Negotiate Main mode (Default); ‘aggressive’= Negotiate Aggressive mode;

auth_method

str

‘preshare-key’= Authenticate the remote gateway using a pre-shared key (Default); ‘rsa-signature’= Authenticate the remote gateway using an RSA certificate; ‘ecdsa-signature’= Authenticate the remote gateway using an ECDSA certificate;

preshare_key_value

str

pre-shared key

preshare_key_encrypted

str

Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string)

key

str

Private Key

key_passphrase

str

Private Key Pass Phrase

key_passphrase_encrypted

str

Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string)

vrid

dict

Field vrid

vrid_num

int

Specify ha VRRP-A vrid

local_cert

dict

Field local_cert

local_cert_name

str

Certificate File Name

remote_ca_cert

dict

Field remote_ca_cert

remote_cert_name

str

Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress

local_id

str

Local Gateway Identity

remote_id

str

Remote Gateway Identity

enc_cfg

list

Field enc_cfg

encryption

str

‘des’= Data Encryption Standard algorithm; ‘3des’= Triple Data Encryption Standard algorithm; ‘aes-128’= Advanced Encryption Standard algorithm CBC Mode(key size= 128 bits); ‘aes-192’= Advanced Encryption Standard algorithm CBC Mode(key size= 192 bits); ‘aes-256’= Advanced Encryption Standard algorithm CBC Mode(key size= 256 bits); ‘aes-gcm-128’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 128 bits, ICV size= 16 bytes), only for IKEv2; ‘aes-gcm-192’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 192 bits, ICV size= 16 bytes), only for IKEv2; ‘aes-gcm-256’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 256 bits, ICV size= 16 bytes), only for IKEv2; ‘null’= No encryption algorithm, only for IKEv2;

hash

str

‘md5’= MD5 Dessage-Digest Algorithm; ‘sha1’= Secure Hash Algorithm 1; ‘sha256’= Secure Hash Algorithm 256; ‘sha384’= Secure Hash Algorithm 384; ‘sha512’= Secure Hash Algorithm 512;

prf

str

‘md5’= MD5 Dessage-Digest Algorithm; ‘sha1’= Secure Hash Algorithm 1; ‘sha256’= Secure Hash Algorithm 256; ‘sha384’= Secure Hash Algorithm 384; ‘sha512’= Secure Hash Algorithm 512;

priority

int

Prioritizes (1-10) security protocol, least value has highest priority

gcm_priority

int

Prioritizes (1-10) security protocol, least value has highest priority

dh_group

str

‘1’= Diffie-Hellman group 1 - 768-bit(Default); ‘2’= Diffie-Hellman group 2 - 1024-bit; ‘5’= Diffie-Hellman group 5 - 1536-bit; ‘14’= Diffie-Hellman group 14 - 2048-bit; ‘15’= Diffie-Hellman group 15 - 3072-bit; ‘16’= Diffie-Hellman group 16 - 4096-bit; ‘18’= Diffie-Hellman group 18 - 8192-bit; ‘19’= Diffie- Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve;

local_address

dict

Field local_address

local_ip

str

Ipv4 address

local_ipv6

str

Ipv6 address

remote_address

dict

Field remote_address

remote_ip

str

Ipv4 address

dns

str

Remote IP based on Domain name

remote_ipv6

str

Ipv6 address

lifetime

int

IKE SA age in seconds

nat_traversal

bool

Field nat_traversal

dpd

dict

Field dpd

interval

int

Interval time in seconds

retry

int

Retry times

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

counters1

str

‘all’= all; ‘v2-init-rekey’= Initiate Rekey; ‘v2-rsp-rekey’= Respond Rekey; ‘v2-child-sa-rekey’= Child SA Rekey; ‘v2-in-invalid’= Incoming Invalid; ‘v2-in- invalid-spi’= Incoming Invalid SPI; ‘v2-in-init-req’= Incoming Init Request; ‘v2-in-init-rsp’= Incoming Init Response; ‘v2-out-init-req’= Outgoing Init Request; ‘v2-out-init-rsp’= Outgoing Init Response; ‘v2-in-auth-req’= Incoming Auth Request; ‘v2-in-auth-rsp’= Incoming Auth Response; ‘v2-out-auth-req’= Outgoing Auth Request; ‘v2-out-auth-rsp’= Outgoing Auth Response; ‘v2-in- create-child-req’= Incoming Create Child Request; ‘v2-in-create-child-rsp’= Incoming Create Child Response; ‘v2-out-create-child-req’= Outgoing Create Child Request; ‘v2-out-create-child-rsp’= Outgoing Create Child Response; ‘v2-in-info-req’= Incoming Info Request; ‘v2-in-info-rsp’= Incoming Info Response; ‘v2-out-info-req’= Outgoing Info Request; ‘v2-out-info-rsp’= Outgoing Info Response; ‘v1-in-id-prot-req’= Incoming ID Protection Request; ‘v1-in-id- prot-rsp’= Incoming ID Protection Response; ‘v1-out-id-prot-req’= Outgoing ID Protection Request; ‘v1-out-id-prot-rsp’= Outgoing ID Protection Response; ‘v1-in-auth-only-req’= Incoming Auth Only Request; ‘v1-in-auth-only-rsp’= Incoming Auth Only Response; ‘v1-out-auth-only-req’= Outgoing Auth Only Request; ‘v1-out-auth-only-rsp’= Outgoing Auth Only Response; ‘v1-in- aggressive-req’= Incoming Aggressive Request; ‘v1-in-aggressive-rsp’= Incoming Aggressive Response; ‘v1-out-aggressive-req’= Outgoing Aggressive Request; ‘v1-out-aggressive-rsp’= Outgoing Aggressive Response; ‘v1-in-info-v1-req’= Incoming Info Request; ‘v1-in-info-v1-rsp’= Incoming Info Response; ‘v1-out- info-v1-req’= Outgoing Info Request; ‘v1-out-info-v1-rsp’= Outgoing Info Response; ‘v1-in-transaction-req’= Incoming Transaction Request; ‘v1-in- transaction-rsp’= Incoming Transaction Response; ‘v1-out-transaction-req’= Outgoing Transaction Request; ‘v1-out-transaction-rsp’= Outgoing Transaction Response; ‘v1-in-quick-mode-req’= Incoming Quick Mode Request; ‘v1-in-quick- mode-rsp’= Incoming Quick Mode Response; ‘v1-out-quick-mode-req’= Outgoing Quick Mode Request; ‘v1-out-quick-mode-rsp’= Outgoing Quick Mode Response; ‘v1-in-new-group-mode-req’= Incoming New Group Mode Request; ‘v1-in-new-group- mode-rsp’= Incoming New Group Mode Response; ‘v1-out-new-group-mode-req’= Outgoing New Group Mode Request; ‘v1-out-new-group-mode-rsp’= Outgoing New Group Mode Response; ‘v1-child-sa-invalid-spi’= Invalid SPI for Child SAs; ‘v2-child-sa-invalid-spi’= Invalid SPI for Child SAs; ‘ike-current-version’= IKE version;

oper

dict

Field oper

Initiator_SPI

str

Field Initiator_SPI

Responder_SPI

str

Field Responder_SPI

Local_IP

str

Field Local_IP

Remote_IP

str

Field Remote_IP

Encryption

str

Field Encryption

Hash

str

Field Hash

Lifetime

int

Field Lifetime

Status

str

Field Status

NAT_Traversal

int

Field NAT_Traversal

name

str

IKE-gateway name

stats

dict

Field stats

v2_init_rekey

str

Initiate Rekey

v2_rsp_rekey

str

Respond Rekey

v2_child_sa_rekey

str

Child SA Rekey

v2_in_invalid

str

Incoming Invalid

v2_in_invalid_spi

str

Incoming Invalid SPI

v2_in_init_req

str

Incoming Init Request

v2_in_init_rsp

str

Incoming Init Response

v2_out_init_req

str

Outgoing Init Request

v2_out_init_rsp

str

Outgoing Init Response

v2_in_auth_req

str

Incoming Auth Request

v2_in_auth_rsp

str

Incoming Auth Response

v2_out_auth_req

str

Outgoing Auth Request

v2_out_auth_rsp

str

Outgoing Auth Response

v2_in_create_child_req

str

Incoming Create Child Request

v2_in_create_child_rsp

str

Incoming Create Child Response

v2_out_create_child_req

str

Outgoing Create Child Request

v2_out_create_child_rsp

str

Outgoing Create Child Response

v2_in_info_req

str

Incoming Info Request

v2_in_info_rsp

str

Incoming Info Response

v2_out_info_req

str

Outgoing Info Request

v2_out_info_rsp

str

Outgoing Info Response

v1_in_id_prot_req

str

Incoming ID Protection Request

v1_in_id_prot_rsp

str

Incoming ID Protection Response

v1_out_id_prot_req

str

Outgoing ID Protection Request

v1_out_id_prot_rsp

str

Outgoing ID Protection Response

v1_in_auth_only_req

str

Incoming Auth Only Request

v1_in_auth_only_rsp

str

Incoming Auth Only Response

v1_out_auth_only_req

str

Outgoing Auth Only Request

v1_out_auth_only_rsp

str

Outgoing Auth Only Response

v1_in_aggressive_req

str

Incoming Aggressive Request

v1_in_aggressive_rsp

str

Incoming Aggressive Response

v1_out_aggressive_req

str

Outgoing Aggressive Request

v1_out_aggressive_rsp

str

Outgoing Aggressive Response

v1_in_info_v1_req

str

Incoming Info Request

v1_in_info_v1_rsp

str

Incoming Info Response

v1_out_info_v1_req

str

Outgoing Info Request

v1_out_info_v1_rsp

str

Outgoing Info Response

v1_in_transaction_req

str

Incoming Transaction Request

v1_in_transaction_rsp

str

Incoming Transaction Response

v1_out_transaction_req

str

Outgoing Transaction Request

v1_out_transaction_rsp

str

Outgoing Transaction Response

v1_in_quick_mode_req

str

Incoming Quick Mode Request

v1_in_quick_mode_rsp

str

Incoming Quick Mode Response

v1_out_quick_mode_req

str

Outgoing Quick Mode Request

v1_out_quick_mode_rsp

str

Outgoing Quick Mode Response

v1_in_new_group_mode_req

str

Incoming New Group Mode Request

v1_in_new_group_mode_rsp

str

Incoming New Group Mode Response

v1_out_new_group_mode_req

str

Outgoing New Group Mode Request

v1_out_new_group_mode_rsp

str

Outgoing New Group Mode Response

v1_child_sa_invalid_spi

str

Invalid SPI for Child SAs

v2_child_sa_invalid_spi

str

Invalid SPI for Child SAs

ike_current_version

str

IKE version

name

str

IKE-gateway name

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks 2021