a10_vpn_ipsec¶
Parameters¶
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
IPsec name |
||
ike_gateway str |
Gateway to use for IPsec SA |
||
mode str |
‘tunnel’= Encapsulating the packet in IPsec tunnel mode (Default); |
||
proto str |
‘esp’= Encapsulating security protocol (Default); |
||
dh_group str |
‘0’= Diffie-Hellman group 0 (Default); ‘1’= Diffie-Hellman group 1 - 768-bits; ‘2’= Diffie-Hellman group 2 - 1024-bits; ‘5’= Diffie-Hellman group 5 - 1536-bits; ‘14’= Diffie-Hellman group 14 - 2048-bits; ‘15’= Diffie-Hellman group 15 - 3072-bits; ‘16’= Diffie-Hellman group 16 - 4096-bits; ‘18’= Diffie- Hellman group 18 - 8192-bits; ‘19’= Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’= Diffie-Hellman group 20 - 384-bit Elliptic Curve; |
||
enc_cfg list |
Field enc_cfg |
||
encryption str |
‘des’= Data Encryption Standard algorithm; ‘3des’= Triple Data Encryption Standard algorithm; ‘aes-128’= Advanced Encryption Standard algorithm CBC Mode(key size= 128 bits); ‘aes-192’= Advanced Encryption Standard algorithm CBC Mode(key size= 192 bits); ‘aes-256’= Advanced Encryption Standard algorithm CBC Mode(key size= 256 bits); ‘aes-gcm-128’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 128 bits, ICV size= 16 bytes); ‘aes-gcm-192’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 192 bits, ICV size= 16 bytes); ‘aes-gcm-256’= Advanced Encryption Standard algorithm Galois/Counter Mode(key size= 256 bits, ICV size= 16 bytes); ‘null’= No encryption algorithm; |
||
hash str |
‘md5’= MD5 Dessage-Digest Algorithm; ‘sha1’= Secure Hash Algorithm 1; ‘sha256’= Secure Hash Algorithm 256; ‘sha384’= Secure Hash Algorithm 384; ‘sha512’= Secure Hash Algorithm 512; ‘null’= No hash algorithm; |
||
priority int |
Prioritizes (1-10) security protocol, least value has highest priority |
||
gcm_priority int |
Prioritizes (1-10) security protocol, least value has highest priority |
||
lifetime int |
IPsec SA age in seconds |
||
lifebytes int |
IPsec SA age in megabytes (0 indicates unlimited bytes) |
||
anti_replay_window str |
‘0’= Disable Anti-Replay Window Check; ‘32’= Window size of 32; ‘64’= Window size of 64; ‘128’= Window size of 128; ‘256’= Window size of 256; ‘512’= Window size of 512; ‘1024’= Window size of 1024; |
||
up bool |
Initiates SA negotiation to bring the IPsec connection up |
||
sequence_number_disable bool |
Do not use incremental sequence number in the ESP header |
||
traffic_selector dict |
Field traffic_selector |
||
ipv4 dict |
Field ipv4 |
||
ipv6 dict |
Field ipv6 |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘packets-encrypted’= Encrypted Packets; ‘packets-decrypted’= Decrypted Packets; ‘anti-replay-num’= Anti-Replay Failure; ‘rekey-num’= Rekey Times; ‘packets-err-inactive’= Inactive Error; ‘packets-err-encryption’= Encryption Error; ‘packets-err-pad-check’= Pad Check Error; ‘packets-err-pkt- sanity’= Packets Sanity Error; ‘packets-err-icv-check’= ICV Check Error; ‘packets-err-lifetime-lifebytes’= Lifetime Lifebytes Error; ‘bytes-encrypted’= Encrypted Bytes; ‘bytes-decrypted’= Decrypted Bytes; ‘prefrag-success’= Pre- frag Success; ‘prefrag-error’= Pre-frag Error; ‘cavium-bytes-encrypted’= CAVIUM Encrypted Bytes; ‘cavium-bytes-decrypted’= CAVIUM Decrypted Bytes; ‘cavium- packets-encrypted’= CAVIUM Encrypted Packets; ‘cavium-packets-decrypted’= CAVIUM Decrypted Packets; ‘tunnel-intf-down’= Packet dropped= Tunnel Interface Down; ‘pkt-fail-prep-to-send’= Packet dropped= Failed in prepare to send; ‘no- next-hop’= Packet dropped= No next hop; ‘invalid-tunnel-id’= Packet dropped= Invalid tunnel ID; ‘no-tunnel-found’= Packet dropped= No tunnel found; ‘pkt- fail-to-send’= Packet dropped= Failed to send; ‘frag-after-encap-frag-packets’= Frag-after-encap Fragment Generated; ‘frag-received’= Fragment Received; ‘sequence-num’= Sequence Number; ‘sequence-num-rollover’= Sequence Number Rollover; ‘packets-err-nh-check’= Next Header Check Error; |
||
bind_tunnel dict |
Field bind_tunnel |
||
tunnel int |
Tunnel interface index |
||
next_hop str |
IPsec Next Hop IP Address |
||
next_hop_v6 str |
IPsec Next Hop IPv6 Address |
||
uuid str |
uuid of the object |
||
oper dict |
Field oper |
||
Status str |
Field Status |
||
SA_Index int |
Field SA_Index |
||
Local_IP str |
Field Local_IP |
||
Peer_IP str |
Field Peer_IP |
||
Local_SPI str |
Field Local_SPI |
||
Remote_SPI str |
Field Remote_SPI |
||
Protocol str |
Field Protocol |
||
Mode str |
Field Mode |
||
Encryption_Algorithm str |
Field Encryption_Algorithm |
||
Hash_Algorithm str |
Field Hash_Algorithm |
||
DH_Group int |
Field DH_Group |
||
NAT_Traversal int |
Field NAT_Traversal |
||
Anti_Replay str |
Field Anti_Replay |
||
Lifetime int |
Field Lifetime |
||
Lifebytes str |
Field Lifebytes |
||
name str |
IPsec name |
||
stats dict |
Field stats |
||
packets_encrypted str |
Encrypted Packets |
||
packets_decrypted str |
Decrypted Packets |
||
anti_replay_num str |
Anti-Replay Failure |
||
rekey_num str |
Rekey Times |
||
packets_err_inactive str |
Inactive Error |
||
packets_err_encryption str |
Encryption Error |
||
packets_err_pad_check str |
Pad Check Error |
||
packets_err_pkt_sanity str |
Packets Sanity Error |
||
packets_err_icv_check str |
ICV Check Error |
||
packets_err_lifetime_lifebytes str |
Lifetime Lifebytes Error |
||
bytes_encrypted str |
Encrypted Bytes |
||
bytes_decrypted str |
Decrypted Bytes |
||
prefrag_success str |
Pre-frag Success |
||
prefrag_error str |
Pre-frag Error |
||
cavium_bytes_encrypted str |
CAVIUM Encrypted Bytes |
||
cavium_bytes_decrypted str |
CAVIUM Decrypted Bytes |
||
cavium_packets_encrypted str |
CAVIUM Encrypted Packets |
||
cavium_packets_decrypted str |
CAVIUM Decrypted Packets |
||
tunnel_intf_down str |
Packet dropped= Tunnel Interface Down |
||
pkt_fail_prep_to_send str |
Packet dropped= Failed in prepare to send |
||
no_next_hop str |
Packet dropped= No next hop |
||
invalid_tunnel_id str |
Packet dropped= Invalid tunnel ID |
||
no_tunnel_found str |
Packet dropped= No tunnel found |
||
pkt_fail_to_send str |
Packet dropped= Failed to send |
||
frag_after_encap_frag_packets str |
Frag-after-encap Fragment Generated |
||
frag_received str |
Fragment Received |
||
sequence_num str |
Sequence Number |
||
sequence_num_rollover str |
Sequence Number Rollover |
||
packets_err_nh_check str |
Next Header Check Error |
||
name str |
IPsec name |
||