{ "id":"/axapi/v3/vpn", "type":"object", "node-type":"scalar", "title":"vpn", "partition-visibility":"shared", "auto-created-object":1, "description":"VPN Commands", "properties":{ "asymmetric-flow-support":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Support asymmetric flows pass through IPsec tunnel", "optional":true }, "stateful-mode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"VPN module will work in stateful mode and create sessions", "optional":true }, "fragment-after-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"jumbo-fragment", "description":"Fragment after adding IPsec headers", "optional":true }, "nat-traversal-flow-affinity":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Choose IPsec UDP source port based on port of inner flow (only for A10 to A10)", "optional":true }, "tcp-mss-adjust-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable TCP MSS adjustment in SYN packet", "optional":true }, "jumbo-fragment":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"fragment-after-encap", "description":"Support IKE jumbo fragment packet", "optional":true }, "ike-sa-timeout":{ "type":"number", "format":"number", "minimum":300, "maximum":86400, "default":600, "partition-visibility":"shared", "description":"Timeout IKE-SA in connecting state in seconds (default 600s)", "optional":true }, "ipsec-error-dump":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Support record the error ipsec cavium information in dump file", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'passthrough': passthrough; 'ha-standby-drop': ha-standby-drop; ", "enum":[ "all", "passthrough", "ha-standby-drop" ] }, "optional":true } } ] }, "error":{ "type":"object", "$ref":"/axapi/v3/vpn/error", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "errordump":{ "type":"object", "$ref":"/axapi/v3/vpn/errordump", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "default":{ "type":"object", "$ref":"/axapi/v3/vpn/default", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "log":{ "type":"object", "$ref":"/axapi/v3/vpn/log", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ike-stats-global":{ "type":"object", "$ref":"/axapi/v3/vpn/ike-stats-global", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'v2-init-rekey': Initiate Rekey; 'v2-rsp-rekey': Respond Rekey; 'v2-child-sa-rekey': Child SA Rekey; 'v2-in-invalid': Incoming Invalid; 'v2-in-invalid-spi': Incoming Invalid SPI; 'v2-in-init-req': Incoming Init Request; 'v2-in-init-rsp': Incoming Init Response; 'v2-out-init-req': Outgoing Init Request; 'v2-out-init-rsp': Outgoing Init Response; 'v2-in-auth-req': Incoming Auth Request; 'v2-in-auth-rsp': Incoming Auth Response; 'v2-out-auth-req': Outgoing Auth Request; 'v2-out-auth-rsp': Outgoing Auth Response; 'v2-in-create-child-req': Incoming Create Child Request; 'v2-in-create-child-rsp': Incoming Create Child Response; 'v2-out-create-child-req': Outgoing Create Child Request; 'v2-out-create-child-rsp': Outgoing Create Child Response; 'v2-in-info-req': Incoming Info Request; 'v2-in-info-rsp': Incoming Info Response; 'v2-out-info-req': Outgoing Info Request; 'v2-out-info-rsp': Outgoing Info Response; 'v1-in-id-prot-req': Incoming ID Protection Request; 'v1-in-id-prot-rsp': Incoming ID Protection Response; 'v1-out-id-prot-req': Outgoing ID Protection Request; 'v1-out-id-prot-rsp': Outgoing ID Protection Response; 'v1-in-auth-only-req': Incoming Auth Only Request; 'v1-in-auth-only-rsp': Incoming Auth Only Response; 'v1-out-auth-only-req': Outgoing Auth Only Request; 'v1-out-auth-only-rsp': Outgoing Auth Only Response; 'v1-in-aggressive-req': Incoming Aggressive Request; 'v1-in-aggressive-rsp': Incoming Aggressive Response; 'v1-out-aggressive-req': Outgoing Aggressive Request; 'v1-out-aggressive-rsp': Outgoing Aggressive Response; 'v1-in-info-v1-req': Incoming Info Request; 'v1-in-info-v1-rsp': Incoming Info Response; 'v1-out-info-v1-req': Outgoing Info Request; 'v1-out-info-v1-rsp': Outgoing Info Response; 'v1-in-transaction-req': Incoming Transaction Request; 'v1-in-transaction-rsp': Incoming Transaction Response; 'v1-out-transaction-req': Outgoing Transaction Request; 'v1-out-transaction-rsp': Outgoing Transaction Response; 'v1-in-quick-mode-req': Incoming Quick Mode Request; 'v1-in-quick-mode-rsp': Incoming Quick Mode Response; 'v1-out-quick-mode-req': Outgoing Quick Mode Request; 'v1-out-quick-mode-rsp': Outgoing Quick Mode Response; 'v1-in-new-group-mode-req': Incoming New Group Mode Request; 'v1-in-new-group-mode-rsp': Incoming New Group Mode Response; 'v1-out-new-group-mode-req': Outgoing New Group Mode Request; 'v1-out-new-group-mode-rsp': Outgoing New Group Mode Response; ", "enum":[ "all", "v2-init-rekey", "v2-rsp-rekey", "v2-child-sa-rekey", "v2-in-invalid", "v2-in-invalid-spi", "v2-in-init-req", "v2-in-init-rsp", "v2-out-init-req", "v2-out-init-rsp", "v2-in-auth-req", "v2-in-auth-rsp", "v2-out-auth-req", "v2-out-auth-rsp", "v2-in-create-child-req", "v2-in-create-child-rsp", "v2-out-create-child-req", "v2-out-create-child-rsp", "v2-in-info-req", "v2-in-info-rsp", "v2-out-info-req", "v2-out-info-rsp", "v1-in-id-prot-req", "v1-in-id-prot-rsp", "v1-out-id-prot-req", "v1-out-id-prot-rsp", "v1-in-auth-only-req", "v1-in-auth-only-rsp", "v1-out-auth-only-req", "v1-out-auth-only-rsp", "v1-in-aggressive-req", "v1-in-aggressive-rsp", "v1-out-aggressive-req", "v1-out-aggressive-rsp", "v1-in-info-v1-req", "v1-in-info-v1-rsp", "v1-out-info-v1-req", "v1-out-info-v1-rsp", "v1-in-transaction-req", "v1-in-transaction-rsp", "v1-out-transaction-req", "v1-out-transaction-rsp", "v1-in-quick-mode-req", "v1-in-quick-mode-rsp", "v1-out-quick-mode-req", "v1-out-quick-mode-rsp", "v1-in-new-group-mode-req", "v1-in-new-group-mode-rsp", "v1-out-new-group-mode-req", "v1-out-new-group-mode-rsp" ] }, "optional":true } } ] } } }, "ike-gateway-list":{ "type":"array", "minItems":1, "items":{ "type":"ike-gateway" }, "uniqueItems":true, "$ref":"/axapi/v3/vpn/ike-gateway/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"IKE-gateway name", "optional":false }, "ike-version":{ "type":"string", "format":"enum", "default":"v2", "partition-visibility":"shared", "description":"'v1': IKEv1 key exchange; 'v2': IKEv2 key exchange; ", "enum":[ "v1", "v2" ], "optional":true }, "mode":{ "type":"string", "format":"enum", "default":"main", "partition-visibility":"shared", "description":"'main': Negotiate Main mode (Default); 'aggressive': Negotiate Aggressive mode; ", "enum":[ "main", "aggressive" ], "optional":true }, "auth-method":{ "type":"string", "format":"enum", "default":"preshare-key", "partition-visibility":"shared", "description":"'preshare-key': Authenticate the remote gateway using a pre-shared key (Default); 'rsa-signature': Authenticate the remote gateway using an RSA certificate; 'ecdsa-signature': Authenticate the remote gateway using an ECDSA certificate; ", "enum":[ "preshare-key", "rsa-signature", "ecdsa-signature" ], "optional":true }, "preshare-key-value":{ "type":"string", "format":"password", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"pre-shared key", "optional":true }, "preshare-key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string)", "optional":true }, "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Private Key", "optional":true }, "key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Private Key Pass Phrase", "optional":true }, "key-passphrase-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string)", "optional":true }, "vrid":{ "type":"object", "properties":{ "default":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"vrid-num", "description":"Default VRRP-A vrid" }, "vrid-num":{ "type":"number", "format":"number", "minimum":0, "maximum":31, "partition-visibility":"shared", "not":"default", "description":"Specify ha VRRP-A vrid" } } }, "local-cert":{ "type":"object", "properties":{ "local-cert-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Certificate File Name" } } }, "remote-ca-cert":{ "type":"object", "properties":{ "remote-cert-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress" } } }, "local-id":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":256, "partition-visibility":"shared", "description":"Local Gateway Identity", "optional":true }, "remote-id":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":256, "partition-visibility":"shared", "description":"Remote Gateway Identity", "optional":true }, "enc-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "encryption":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); 'aes-gcm-128': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes), only for IKEv2; 'aes-gcm-192': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes), only for IKEv2; 'aes-gcm-256': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes), only for IKEv2; 'null': No encryption algorithm, only for IKEv2; ", "enum":[ "des", "3des", "aes-128", "aes-192", "aes-256", "aes-gcm-128", "aes-gcm-192", "aes-gcm-256", "null" ] }, "hash":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; ", "enum":[ "md5", "sha1", "sha256", "sha384", "sha512" ] }, "prf":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; ", "enum":[ "md5", "sha1", "sha256", "sha384", "sha512" ] }, "priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "gcm_priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "optional":true } } ] }, "dh-group":{ "type":"string", "format":"enum", "default":"1", "partition-visibility":"shared", "description":"'1': Diffie-Hellman group 1 - 768-bit(Default); '2': Diffie-Hellman group 2 - 1024-bit; '5': Diffie-Hellman group 5 - 1536-bit; '14': Diffie-Hellman group 14 - 2048-bit; '15': Diffie-Hellman group 15 - 3072-bit; '16': Diffie-Hellman group 16 - 4096-bit; '18': Diffie-Hellman group 18 - 8192-bit; '19': Diffie-Hellman group 19 - 256-bit Elliptic Curve; '20': Diffie-Hellman group 20 - 384-bit Elliptic Curve; ", "enum":[ "1", "2", "5", "14", "15", "16", "18", "19", "20" ], "optional":true }, "local-address":{ "type":"object", "properties":{ "local-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"local-ipv6", "description":"Ipv4 address" }, "local-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not":"local-ip", "description":"Ipv6 address" } } }, "remote-address":{ "type":"object", "properties":{ "remote-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not-list":[ "dns", "remote-ipv6" ], "description":"Ipv4 address" }, "dns":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "not-list":[ "remote-ip", "remote-ipv6" ], "description":"Remote IP based on Domain name" }, "remote-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not-list":[ "remote-ip", "dns" ], "description":"Ipv6 address" } } }, "lifetime":{ "type":"number", "format":"number", "minimum":300, "maximum":86400, "default":86400, "partition-visibility":"shared", "description":"IKE SA age in seconds", "optional":true }, "nat-traversal":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "optional":true }, "dpd":{ "type":"object", "properties":{ "interval":{ "type":"number", "format":"number", "minimum":10, "maximum":3600, "partition-visibility":"shared", "description":"Interval time in seconds" }, "retry":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "partition-visibility":"shared", "description":"Retry times" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'v2-init-rekey': Initiate Rekey; 'v2-rsp-rekey': Respond Rekey; 'v2-child-sa-rekey': Child SA Rekey; 'v2-in-invalid': Incoming Invalid; 'v2-in-invalid-spi': Incoming Invalid SPI; 'v2-in-init-req': Incoming Init Request; 'v2-in-init-rsp': Incoming Init Response; 'v2-out-init-req': Outgoing Init Request; 'v2-out-init-rsp': Outgoing Init Response; 'v2-in-auth-req': Incoming Auth Request; 'v2-in-auth-rsp': Incoming Auth Response; 'v2-out-auth-req': Outgoing Auth Request; 'v2-out-auth-rsp': Outgoing Auth Response; 'v2-in-create-child-req': Incoming Create Child Request; 'v2-in-create-child-rsp': Incoming Create Child Response; 'v2-out-create-child-req': Outgoing Create Child Request; 'v2-out-create-child-rsp': Outgoing Create Child Response; 'v2-in-info-req': Incoming Info Request; 'v2-in-info-rsp': Incoming Info Response; 'v2-out-info-req': Outgoing Info Request; 'v2-out-info-rsp': Outgoing Info Response; 'v1-in-id-prot-req': Incoming ID Protection Request; 'v1-in-id-prot-rsp': Incoming ID Protection Response; 'v1-out-id-prot-req': Outgoing ID Protection Request; 'v1-out-id-prot-rsp': Outgoing ID Protection Response; 'v1-in-auth-only-req': Incoming Auth Only Request; 'v1-in-auth-only-rsp': Incoming Auth Only Response; 'v1-out-auth-only-req': Outgoing Auth Only Request; 'v1-out-auth-only-rsp': Outgoing Auth Only Response; 'v1-in-aggressive-req': Incoming Aggressive Request; 'v1-in-aggressive-rsp': Incoming Aggressive Response; 'v1-out-aggressive-req': Outgoing Aggressive Request; 'v1-out-aggressive-rsp': Outgoing Aggressive Response; 'v1-in-info-v1-req': Incoming Info Request; 'v1-in-info-v1-rsp': Incoming Info Response; 'v1-out-info-v1-req': Outgoing Info Request; 'v1-out-info-v1-rsp': Outgoing Info Response; 'v1-in-transaction-req': Incoming Transaction Request; 'v1-in-transaction-rsp': Incoming Transaction Response; 'v1-out-transaction-req': Outgoing Transaction Request; 'v1-out-transaction-rsp': Outgoing Transaction Response; 'v1-in-quick-mode-req': Incoming Quick Mode Request; 'v1-in-quick-mode-rsp': Incoming Quick Mode Response; 'v1-out-quick-mode-req': Outgoing Quick Mode Request; 'v1-out-quick-mode-rsp': Outgoing Quick Mode Response; 'v1-in-new-group-mode-req': Incoming New Group Mode Request; 'v1-in-new-group-mode-rsp': Incoming New Group Mode Response; 'v1-out-new-group-mode-req': Outgoing New Group Mode Request; 'v1-out-new-group-mode-rsp': Outgoing New Group Mode Response; 'v1-child-sa-invalid-spi': Invalid SPI for Child SAs; 'v2-child-sa-invalid-spi': Invalid SPI for Child SAs; 'ike-current-version': IKE version; ", "enum":[ "all", "v2-init-rekey", "v2-rsp-rekey", "v2-child-sa-rekey", "v2-in-invalid", "v2-in-invalid-spi", "v2-in-init-req", "v2-in-init-rsp", "v2-out-init-req", "v2-out-init-rsp", "v2-in-auth-req", "v2-in-auth-rsp", "v2-out-auth-req", "v2-out-auth-rsp", "v2-in-create-child-req", "v2-in-create-child-rsp", "v2-out-create-child-req", "v2-out-create-child-rsp", "v2-in-info-req", "v2-in-info-rsp", "v2-out-info-req", "v2-out-info-rsp", "v1-in-id-prot-req", "v1-in-id-prot-rsp", "v1-out-id-prot-req", "v1-out-id-prot-rsp", "v1-in-auth-only-req", "v1-in-auth-only-rsp", "v1-out-auth-only-req", "v1-out-auth-only-rsp", "v1-in-aggressive-req", "v1-in-aggressive-rsp", "v1-out-aggressive-req", "v1-out-aggressive-rsp", "v1-in-info-v1-req", "v1-in-info-v1-rsp", "v1-out-info-v1-req", "v1-out-info-v1-rsp", "v1-in-transaction-req", "v1-in-transaction-rsp", "v1-out-transaction-req", "v1-out-transaction-rsp", "v1-in-quick-mode-req", "v1-in-quick-mode-rsp", "v1-out-quick-mode-req", "v1-out-quick-mode-rsp", "v1-in-new-group-mode-req", "v1-in-new-group-mode-rsp", "v1-out-new-group-mode-req", "v1-out-new-group-mode-rsp", "v1-child-sa-invalid-spi", "v2-child-sa-invalid-spi", "ike-current-version" ] }, "optional":true } } ] } }, "required":[ "name" ] } ] }, "ipsec-list":{ "type":"array", "minItems":1, "items":{ "type":"ipsec" }, "uniqueItems":true, "$ref":"/axapi/v3/vpn/ipsec/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"IPsec name", "optional":false }, "ike-gateway":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "$ref":"/axapi/v3/vpn/ike-gateway", "description":"Gateway to use for IPsec SA", "optional":true }, "mode":{ "type":"string", "format":"enum", "default":"tunnel", "partition-visibility":"shared", "description":"'tunnel': Encapsulating the packet in IPsec tunnel mode (Default); ", "enum":[ "tunnel" ], "optional":true }, "proto":{ "type":"string", "format":"enum", "default":"esp", "partition-visibility":"shared", "description":"'esp': Encapsulating security protocol (Default); ", "enum":[ "esp" ], "optional":true }, "dh-group":{ "type":"string", "format":"enum", "default":"0", "partition-visibility":"shared", "description":"'0': Diffie-Hellman group 0 (Default); '1': Diffie-Hellman group 1 - 768-bits; '2': Diffie-Hellman group 2 - 1024-bits; '5': Diffie-Hellman group 5 - 1536-bits; '14': Diffie-Hellman group 14 - 2048-bits; '15': Diffie-Hellman group 15 - 3072-bits; '16': Diffie-Hellman group 16 - 4096-bits; '18': Diffie-Hellman group 18 - 8192-bits; '19': Diffie-Hellman group 19 - 256-bit Elliptic Curve; '20': Diffie-Hellman group 20 - 384-bit Elliptic Curve; ", "enum":[ "0", "1", "2", "5", "14", "15", "16", "18", "19", "20" ], "optional":true }, "enc-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "encryption":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); 'aes-gcm-128': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes); 'aes-gcm-192': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes); 'aes-gcm-256': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes); 'null': No encryption algorithm; ", "enum":[ "des", "3des", "aes-128", "aes-192", "aes-256", "aes-gcm-128", "aes-gcm-192", "aes-gcm-256", "null" ] }, "hash":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; 'null': No hash algorithm; ", "enum":[ "md5", "sha1", "sha256", "sha384", "sha512", "null" ] }, "priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "gcm_priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "optional":true } } ] }, "lifetime":{ "type":"number", "format":"number", "minimum":300, "maximum":28800, "default":28800, "partition-visibility":"shared", "description":"IPsec SA age in seconds", "optional":true }, "lifebytes":{ "type":"number", "format":"number", "minimum":0, "maximum":8000000, "default":0, "partition-visibility":"shared", "description":"IPsec SA age in megabytes (0 indicates unlimited bytes)", "optional":true }, "anti-replay-window":{ "type":"string", "format":"enum", "default":"0", "partition-visibility":"shared", "description":"'0': Disable Anti-Replay Window Check; '32': Window size of 32; '64': Window size of 64; '128': Window size of 128; '256': Window size of 256; '512': Window size of 512; '1024': Window size of 1024; ", "enum":[ "0", "32", "64", "128", "256", "512", "1024" ], "optional":true }, "up":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Initiates SA negotiation to bring the IPsec connection up", "optional":true }, "sequence-number-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Do not use incremental sequence number in the ESP header", "optional":true }, "traffic-selector":{ "type":"object", "properties":{ "ipv4":{ "type":"object", "properties":{ "local":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"localv6", "description":"Local Traffic Selector" }, "local_netmask":{ "type":"string", "format":"ipv4-netmask", "partition-visibility":"shared", "description":"IPv4 Address Network Mask" }, "local_port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "remote":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 Address" }, "remote_netmask":{ "type":"string", "format":"ipv4-netmask", "partition-visibility":"shared", "description":"IPv4 Address Network Mask" }, "remote_port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "protocol":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP Protocol Number (0-255)" } } }, "ipv6":{ "type":"object", "properties":{ "localv6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "not":"local", "description":"Local Traffic Selector" }, "local_portv6":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "remotev6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "description":"IPv6 Address" }, "remote_portv6":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "protocolv6":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP Protocol Number (0-255)" } } } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packets-encrypted': Encrypted Packets; 'packets-decrypted': Decrypted Packets; 'anti-replay-num': Anti-Replay Failure; 'rekey-num': Rekey Times; 'packets-err-inactive': Inactive Error; 'packets-err-encryption': Encryption Error; 'packets-err-pad-check': Pad Check Error; 'packets-err-pkt-sanity': Packets Sanity Error; 'packets-err-icv-check': ICV Check Error; 'packets-err-lifetime-lifebytes': Lifetime Lifebytes Error; 'bytes-encrypted': Encrypted Bytes; 'bytes-decrypted': Decrypted Bytes; 'prefrag-success': Pre-frag Success; 'prefrag-error': Pre-frag Error; 'cavium-bytes-encrypted': CAVIUM Encrypted Bytes; 'cavium-bytes-decrypted': CAVIUM Decrypted Bytes; 'cavium-packets-encrypted': CAVIUM Encrypted Packets; 'cavium-packets-decrypted': CAVIUM Decrypted Packets; 'tunnel-intf-down': Packet dropped: Tunnel Interface Down; 'pkt-fail-prep-to-send': Packet dropped: Failed in prepare to send; 'no-next-hop': Packet dropped: No next hop; 'invalid-tunnel-id': Packet dropped: Invalid tunnel ID; 'no-tunnel-found': Packet dropped: No tunnel found; 'pkt-fail-to-send': Packet dropped: Failed to send; 'frag-after-encap-frag-packets': Frag-after-encap Fragment Generated; 'frag-received': Fragment Received; 'sequence-num': Sequence Number; 'sequence-num-rollover': Sequence Number Rollover; 'packets-err-nh-check': Next Header Check Error; ", "enum":[ "all", "packets-encrypted", "packets-decrypted", "anti-replay-num", "rekey-num", "packets-err-inactive", "packets-err-encryption", "packets-err-pad-check", "packets-err-pkt-sanity", "packets-err-icv-check", "packets-err-lifetime-lifebytes", "bytes-encrypted", "bytes-decrypted", "prefrag-success", "prefrag-error", "cavium-bytes-encrypted", "cavium-bytes-decrypted", "cavium-packets-encrypted", "cavium-packets-decrypted", "tunnel-intf-down", "pkt-fail-prep-to-send", "no-next-hop", "invalid-tunnel-id", "no-tunnel-found", "pkt-fail-to-send", "frag-after-encap-frag-packets", "frag-received", "sequence-num", "sequence-num-rollover", "packets-err-nh-check" ] }, "optional":true } } ] }, "bind-tunnel":{ "type":"object", "$ref":"/axapi/v3/vpn/ipsec/{name}/bind-tunnel", "properties":{ "tunnel":{ "type":"number", "format":"number", "minimum":1, "maximum":128, "partition-visibility":"shared", "$ref":"/axapi/v3/interface/tunnel", "description":"Tunnel interface index" }, "next-hop":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"next-hop-v6", "description":"IPsec Next Hop IP Address" }, "next-hop-v6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not":"next-hop", "description":"IPsec Next Hop IPv6 Address" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] }, "revocation-list":{ "type":"array", "minItems":1, "items":{ "type":"revocation" }, "uniqueItems":true, "$ref":"/axapi/v3/vpn/revocation/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"Revocation name", "optional":false }, "ca":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Certificate Authority file name", "optional":true }, "crl":{ "type":"object", "properties":{ "crl-pri":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Primary CRL URL (http://www.example.com/ocsp) (only .der filetypes)" }, "crl-sec":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Secondary CRL URL (http://www.example.com/ocsp) (only .der filetypes)" } } }, "ocsp":{ "type":"object", "properties":{ "ocsp-pri":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ocsp/instance", "description":"Primary OCSP Authentication Server" }, "ocsp-sec":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ocsp/instance", "description":"Secondary OCSP Authentication Server" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "name" ] } ] }, "crl":{ "type":"object", "$ref":"/axapi/v3/vpn/crl", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ocsp":{ "type":"object", "$ref":"/axapi/v3/vpn/ocsp", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ipsec_sa_by_gw":{ "type":"object", "$ref":"/axapi/v3/vpn/ipsec_sa_by_gw", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }