{ "id":"/axapi/v3/vpn/ipsec/{name}", "type":"object", "node-type":"list", "title":"ipsec", "partition-visibility":"shared", "description":"IPsec settings", "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"IPsec name", "optional":false }, "ike-gateway":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "$ref":"/axapi/v3/vpn/ike-gateway", "description":"Gateway to use for IPsec SA", "optional":true }, "mode":{ "type":"string", "format":"enum", "default":"tunnel", "partition-visibility":"shared", "description":"'tunnel': Encapsulating the packet in IPsec tunnel mode (Default); ", "enum":[ "tunnel" ], "optional":true }, "proto":{ "type":"string", "format":"enum", "default":"esp", "partition-visibility":"shared", "description":"'esp': Encapsulating security protocol (Default); ", "enum":[ "esp" ], "optional":true }, "dh-group":{ "type":"string", "format":"enum", "default":"0", "partition-visibility":"shared", "description":"'0': Diffie-Hellman group 0 (Default); '1': Diffie-Hellman group 1 - 768-bits; '2': Diffie-Hellman group 2 - 1024-bits; '5': Diffie-Hellman group 5 - 1536-bits; '14': Diffie-Hellman group 14 - 2048-bits; '15': Diffie-Hellman group 15 - 3072-bits; '16': Diffie-Hellman group 16 - 4096-bits; '18': Diffie-Hellman group 18 - 8192-bits; '19': Diffie-Hellman group 19 - 256-bit Elliptic Curve; '20': Diffie-Hellman group 20 - 384-bit Elliptic Curve; ", "enum":[ "0", "1", "2", "5", "14", "15", "16", "18", "19", "20" ], "optional":true }, "enc-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "encryption":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); 'aes-gcm-128': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes); 'aes-gcm-192': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes); 'aes-gcm-256': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes); 'null': No encryption algorithm; ", "enum":[ "des", "3des", "aes-128", "aes-192", "aes-256", "aes-gcm-128", "aes-gcm-192", "aes-gcm-256", "null" ] }, "hash":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; 'null': No hash algorithm; ", "enum":[ "md5", "sha1", "sha256", "sha384", "sha512", "null" ] }, "priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "gcm_priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "optional":true } } ] }, "lifetime":{ "type":"number", "format":"number", "minimum":300, "maximum":28800, "default":28800, "partition-visibility":"shared", "description":"IPsec SA age in seconds", "optional":true }, "lifebytes":{ "type":"number", "format":"number", "minimum":0, "maximum":8000000, "default":0, "partition-visibility":"shared", "description":"IPsec SA age in megabytes (0 indicates unlimited bytes)", "optional":true }, "anti-replay-window":{ "type":"string", "format":"enum", "default":"0", "partition-visibility":"shared", "description":"'0': Disable Anti-Replay Window Check; '32': Window size of 32; '64': Window size of 64; '128': Window size of 128; '256': Window size of 256; '512': Window size of 512; '1024': Window size of 1024; ", "enum":[ "0", "32", "64", "128", "256", "512", "1024" ], "optional":true }, "up":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Initiates SA negotiation to bring the IPsec connection up", "optional":true }, "sequence-number-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Do not use incremental sequence number in the ESP header", "optional":true }, "traffic-selector":{ "type":"object", "properties":{ "ipv4":{ "type":"object", "properties":{ "local":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"localv6", "description":"Local Traffic Selector" }, "local_netmask":{ "type":"string", "format":"ipv4-netmask", "partition-visibility":"shared", "description":"IPv4 Address Network Mask" }, "local_port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "remote":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 Address" }, "remote_netmask":{ "type":"string", "format":"ipv4-netmask", "partition-visibility":"shared", "description":"IPv4 Address Network Mask" }, "remote_port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "protocol":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP Protocol Number (0-255)" } } }, "ipv6":{ "type":"object", "properties":{ "localv6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "not":"local", "description":"Local Traffic Selector" }, "local_portv6":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "remotev6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "description":"IPv6 Address" }, "remote_portv6":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "protocolv6":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP Protocol Number (0-255)" } } } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packets-encrypted': Encrypted Packets; 'packets-decrypted': Decrypted Packets; 'anti-replay-num': Anti-Replay Failure; 'rekey-num': Rekey Times; 'packets-err-inactive': Inactive Error; 'packets-err-encryption': Encryption Error; 'packets-err-pad-check': Pad Check Error; 'packets-err-pkt-sanity': Packets Sanity Error; 'packets-err-icv-check': ICV Check Error; 'packets-err-lifetime-lifebytes': Lifetime Lifebytes Error; 'bytes-encrypted': Encrypted Bytes; 'bytes-decrypted': Decrypted Bytes; 'prefrag-success': Pre-frag Success; 'prefrag-error': Pre-frag Error; 'cavium-bytes-encrypted': CAVIUM Encrypted Bytes; 'cavium-bytes-decrypted': CAVIUM Decrypted Bytes; 'cavium-packets-encrypted': CAVIUM Encrypted Packets; 'cavium-packets-decrypted': CAVIUM Decrypted Packets; 'tunnel-intf-down': Packet dropped: Tunnel Interface Down; 'pkt-fail-prep-to-send': Packet dropped: Failed in prepare to send; 'no-next-hop': Packet dropped: No next hop; 'invalid-tunnel-id': Packet dropped: Invalid tunnel ID; 'no-tunnel-found': Packet dropped: No tunnel found; 'pkt-fail-to-send': Packet dropped: Failed to send; 'frag-after-encap-frag-packets': Frag-after-encap Fragment Generated; 'frag-received': Fragment Received; 'sequence-num': Sequence Number; 'sequence-num-rollover': Sequence Number Rollover; 'packets-err-nh-check': Next Header Check Error; ", "enum":[ "all", "packets-encrypted", "packets-decrypted", "anti-replay-num", "rekey-num", "packets-err-inactive", "packets-err-encryption", "packets-err-pad-check", "packets-err-pkt-sanity", "packets-err-icv-check", "packets-err-lifetime-lifebytes", "bytes-encrypted", "bytes-decrypted", "prefrag-success", "prefrag-error", "cavium-bytes-encrypted", "cavium-bytes-decrypted", "cavium-packets-encrypted", "cavium-packets-decrypted", "tunnel-intf-down", "pkt-fail-prep-to-send", "no-next-hop", "invalid-tunnel-id", "no-tunnel-found", "pkt-fail-to-send", "frag-after-encap-frag-packets", "frag-received", "sequence-num", "sequence-num-rollover", "packets-err-nh-check" ] }, "optional":true } } ] }, "bind-tunnel":{ "type":"object", "$ref":"/axapi/v3/vpn/ipsec/{name}/bind-tunnel", "properties":{ "tunnel":{ "type":"number", "format":"number", "minimum":1, "maximum":128, "partition-visibility":"shared", "$ref":"/axapi/v3/interface/tunnel", "description":"Tunnel interface index" }, "next-hop":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"next-hop-v6", "description":"IPsec Next Hop IP Address" }, "next-hop-v6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not":"next-hop", "description":"IPsec Next Hop IPv6 Address" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "name" ], "required":[ "name" ] }