vpn ike-gateway

IKE-gateway settings

ike-gateway Specification

Type	Collection
Object Key(s)	name
Collection Name	ike-gateway-list
Collection URI	/axapi/v3/vpn/ike-gateway
Element Name	ike-gateway
Element URI	/axapi/v3/vpn/ike-gateway/{name}
Element Attributes	ike-gateway_attributes
Statistics Data URI	/axapi/v3/vpn/ike-gateway/{name}/stats
Operational Data URI	/axapi/v3/vpn/ike-gateway/{name}/oper
Schema	ike-gateway schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/vpn/ike-gateway	ike-gateway attributes
Create List	POST	/axapi/v3/vpn/ike-gateway	ike-gateway attributes
Get Object	GET	/axapi/v3/vpn/ike-gateway/{name}	ike-gateway attributes
Get List	GET	/axapi/v3/vpn/ike-gateway	ike-gateway-list
Modify Object	POST	/axapi/v3/vpn/ike-gateway/{name}	ike-gateway attributes
Replace Object	PUT	/axapi/v3/vpn/ike-gateway/{name}	ike-gateway attributes
Replace List	PUT	/axapi/v3/vpn/ike-gateway	ike-gateway-list
Delete Object	DELETE	/axapi/v3/vpn/ike-gateway/{name}	ike-gateway attributes

ike-gateway-list

ike-gateway-list is JSON List of ike-gateway attributes

ike-gateway-list : [

{ ike-gateway attributes },

{ ike-gateway attributes },

…

]

ike-gateway attributes

auth-method

Description ‘preshare-key’: Authenticate the remote gateway using a pre-shared key (Default); ‘rsa-signature’: Authenticate the remote gateway using an RSA certificate; ‘ecdsa-signature’: Authenticate the remote gateway using an ECDSA certificate; ‘eap-radius’: Authenticate the remote gateway using an EAP Radius server; ‘eap-tls’: Authenticate the remote gateway using EAP TLS;

Type: string

Supported Values: preshare-key, rsa-signature, ecdsa-signature, eap-radius, eap-tls

Default: preshare-key

configuration-payload

Description ‘dhcp’: Enable DHCP configuration-payload; ‘radius’: Enable RADIUS configuration-payload;

Type: string

Supported Values: dhcp, radius

dh-group

Description ‘1’: Diffie-Hellman group 1 - 768-bit(Default); ‘2’: Diffie-Hellman group 2 - 1024-bit; ‘5’: Diffie-Hellman group 5 - 1536-bit; ‘14’: Diffie-Hellman group 14 - 2048-bit; ‘15’: Diffie-Hellman group 15 - 3072-bit; ‘16’: Diffie-Hellman group 16 - 4096-bit; ‘18’: Diffie-Hellman group 18 - 8192-bit; ‘19’: Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’: Diffie-Hellman group 20 - 384-bit Elliptic Curve;

Type: string

Supported Values: 1, 2, 5, 14, 15, 16, 18, 19, 20

Default: 1

dhcp-server

Description: dhcp-server is a JSON Block. Please see below for dhcp-server

Type: Object

disable-rekey

Description Disable initiating rekey

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dpd

Description: dpd is a JSON Block. Please see below for dpd

Type: Object

enc-cfg

Type: List

ike-version

Description ‘v1’: IKEv1 key exchange; ‘v2’: IKEv2 key exchange;

Type: string

Supported Values: v1, v2

Default: v2

interface-management

Description only handle traffic on management interface, share partition only

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key

Description Private Key

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

key-passphrase

Description Private Key Pass Phrase

Type: string

Format: password

Maximum Length: 127 characters

Maximum Length: 1 characters

key-passphrase-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string)

lifetime

Description IKE SA age in seconds

Type: number

Range: 300-86400

Default: 86400

local-address

Description: local-address is a JSON Block. Please see below for local-address

Type: Object

local-cert

Description: local-cert is a JSON Block. Please see below for local-cert

Type: Object

local-id

Description Local Gateway Identity

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

mode

Description ‘main’: Negotiate Main mode (Default); ‘aggressive’: Negotiate Aggressive mode;

Type: string

Supported Values: main, aggressive

Default: main

name

Description IKE-gateway name

Type: string

Maximum Length: 31 characters

Maximum Length: 1 characters

nat-traversal

Description

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preshare-key-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string)

preshare-key-value

Description pre-shared key

Type: string

Format: password

Maximum Length: 127 characters

Maximum Length: 1 characters

radius-server

Description: radius-server is a JSON Block. Please see below for radius-server

Type: Object

remote-address

Description: remote-address is a JSON Block. Please see below for remote-address

Type: Object

remote-ca-cert

Description: remote-ca-cert is a JSON Block. Please see below for remote-ca-cert

Type: Object

remote-id

Description Remote Gateway Identity

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vrid

Description: vrid is a JSON Block. Please see below for vrid

Type: Object

local-cert

Specification
Type	object

local-cert-name

Description Certificate File Name

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

dhcp-server

Specification
Type	object

pri

Description: pri is a JSON Block. Please see below for dhcp-server_pri

Type: Object

sec

Description: sec is a JSON Block. Please see below for dhcp-server_sec

Type: Object

dhcp-server_sec

Specification
Type	object

dhcp-sec-ipv4

Description Secondary DHCP Server IP Address

Type: string

Format: ipv4-address

dhcp-server_pri

Specification
Type	object

dhcp-pri-ipv4

Description Primary DHCP Server IP Address

Type: string

Format: ipv4-address

enc-cfg

Specification
Type	list
Block object keys

encryption

Description ‘des’: Data Encryption Standard algorithm; ‘3des’: Triple Data Encryption Standard algorithm; ‘aes-128’: Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); ‘aes-192’: Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); ‘aes-256’: Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); ‘aes-gcm-128’: Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes), only for IKEv2; ‘aes-gcm-192’: Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes), only for IKEv2; ‘aes-gcm-256’: Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes), only for IKEv2; ‘null’: No encryption algorithm, only for IKEv2;

Type: string

Supported Values: des, 3des, aes-128, aes-192, aes-256, aes-gcm-128, aes-gcm-192, aes-gcm-256, null

gcm_priority

Description Prioritizes (1-10) security protocol, least value has highest priority

Type: number

Range: 1-10

Default: 5

hash

Description ‘md5’: MD5 Dessage-Digest Algorithm; ‘sha1’: Secure Hash Algorithm 1; ‘sha256’: Secure Hash Algorithm 256; ‘sha384’: Secure Hash Algorithm 384; ‘sha512’: Secure Hash Algorithm 512;

Type: string

Supported Values: md5, sha1, sha256, sha384, sha512

prf

Description ‘md5’: MD5 Dessage-Digest Algorithm; ‘sha1’: Secure Hash Algorithm 1; ‘sha256’: Secure Hash Algorithm 256; ‘sha384’: Secure Hash Algorithm 384; ‘sha512’: Secure Hash Algorithm 512;

Type: string

Supported Values: md5, sha1, sha256, sha384, sha512

priority

Description Prioritizes (1-10) security protocol, least value has highest priority

Type: number

Range: 1-10

Default: 5

vrid

Specification
Type	object

default

Description Default VRRP-A vrid

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: default and vrid-num are mutually exclusive

vrid-num

Description Specify ha VRRP-A vrid

Type: number

Range: 0-31

Mutual Exclusion: vrid-num and default are mutually exclusive

radius-server

Specification
Type	object

radius-pri

Description Primary RADIUS Authentication Server

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/aam/authentication/server/radius/instance

radius-sec

Description Secondary RADIUS Authentication Server

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/aam/authentication/server/radius/instance

local-address

Specification
Type	object

local-ip

Description Ipv4 address

Type: string

Format: ipv4-address

Mutual Exclusion: local-ip and local-ipv6 are mutually exclusive

local-ipv6

Description Ipv6 address

Type: string

Format: ipv6-address

Mutual Exclusion: local-ipv6 and local-ip are mutually exclusive

remote-address

Specification
Type	object

dns

Description Remote IP based on Domain name

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Mutual Exclusion: dns remote-ip and remote-ipv6 are mutually exclusive

remote-ip

Description Ipv4 address

Type: string

Format: ipv4-address

Mutual Exclusion: remote-ip dns and remote-ipv6 are mutually exclusive

remote-ipv6

Description Ipv6 address

Type: string

Format: ipv6-address

Mutual Exclusion: remote-ipv6 remote-ip and dns are mutually exclusive

remote-ca-cert

Specification
Type	object

remote-cert-name

Description Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

dpd

Specification
Type	object

interval

Description Interval time in seconds

Type: number

Range: 10-3600

retry

Description Retry times

Type: number

Range: 1-10

stats data

	Counter	Size	Description
	v1-in-id-prot-rsp	8	Incoming ID Protection Response
	v1-in-auth-only-rsp	8	Incoming Auth Only Response
	v1-out-new-group-mode-rsp	8	Outgoing New Group Mode Response
	v1-out-aggressive-req	8	Outgoing Aggressive Request
	v2-child-sa-rekey	8	Child SA Rekey
	ike-current-version	8	IKE version
	v2-out-auth-req	8	Outgoing Auth Request
	v2-rsp-rekey	8	Respond Rekey
	v2-out-info-req	8	Outgoing Info Request
	v2-out-init-req	8	Outgoing Init Request
	v1-in-info-v1-rsp	8	Incoming Info Response
	v1-out-id-prot-req	8	Outgoing ID Protection Request
	v2-in-invalid	8	Incoming Invalid
	v1-in-aggressive-req	8	Incoming Aggressive Request
	v1-child-sa-invalid-spi	8	Invalid SPI for Child SAs
	v2-in-info-rsp	8	Incoming Info Response
	v1-out-quick-mode-req	8	Outgoing Quick Mode Request
	v2-out-auth-rsp	8	Outgoing Auth Response
	v1-in-auth-only-req	8	Incoming Auth Only Request
	v1-in-aggressive-rsp	8	Incoming Aggressive Response
	v2-in-create-child-req	8	Incoming Create Child Request
	v2-out-info-rsp	8	Outgoing Info Response
	v2-out-create-child-req	8	Outgoing Create Child Request
	v2-in-auth-rsp	8	Incoming Auth Response
	v2-in-init-req	8	Incoming Init Request
	v1-out-info-v1-req	8	Outgoing Info Request
	v2-init-rekey	8	Initiate Rekey
	v1-out-transaction-rsp	8	Outgoing Transaction Response
	v1-out-quick-mode-rsp	8	Outgoing Quick Mode Response
	v1-out-auth-only-rsp	8	Outgoing Auth Only Response
	v1-out-auth-only-req	8	Outgoing Auth Only Request
	v1-in-quick-mode-rsp	8	Incoming Quick Mode Response
	v1-in-new-group-mode-req	8	Incoming New Group Mode Request
	v1-out-id-prot-rsp	8	Outgoing ID Protection Response
	v1-in-transaction-rsp	8	Incoming Transaction Response
	v2-in-info-req	8	Incoming Info Request
	v1-in-transaction-req	8	Incoming Transaction Request
	v1-in-quick-mode-req	8	Incoming Quick Mode Request
	v1-in-info-v1-req	8	Incoming Info Request
	v2-in-invalid-spi	8	Incoming Invalid SPI
	v2-out-init-rsp	8	Outgoing Init Response
	v1-out-transaction-req	8	Outgoing Transaction Request
	v1-out-new-group-mode-req	8	Outgoing New Group Mode Request
	v2-child-sa-invalid-spi	8	Invalid SPI for Child SAs
	v1-out-info-v1-rsp	8	Outgoing Info Response
	v2-in-init-rsp	8	Incoming Init Response
	v2-in-create-child-rsp	8	Incoming Create Child Response
	v2-in-auth-req	8	Incoming Auth Request
	v1-in-id-prot-req	8	Incoming ID Protection Request
	v1-in-new-group-mode-rsp	8	Incoming New Group Mode Response
	v2-out-create-child-rsp	8	Outgoing Create Child Response
	v1-out-aggressive-rsp	8	Outgoing Aggressive Response

operational data

	Counter	Size	Description
	SA-List		SA-List
	remote-ip-filter	string	remote-ip-filter
	brief-filter	string	brief-filter
	remote-id-filter	string	remote-id-filter