.. _vpn: vpn === VPN Commands vpn Specification ----------------- ===================================== ============================================ ===================================== ============================================ **Type** *Configuration Resource* **Element Name** vpn **Element URI** /axapi/v3/vpn **Element Attributes** vpn_attributes **Statistics Data URI** /axapi/v3/vpn/stats **Operational Data URI** /axapi/v3/vpn/oper **Schema** :download:`vpn schema ` ===================================== ============================================ **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/vpn .. raw:: html :ref:`1802_vpn_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/vpn .. raw:: html :ref:`1802_vpn_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/vpn .. raw:: html :ref:`1802_vpn_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/vpn .. raw:: html :ref:`1802_vpn_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/vpn .. raw:: html :ref:`1802_vpn_attributes` .. raw:: html
.. _1802_vpn_attributes: vpn attributes -------------- **asymmetric-flow-support** **Description** Support asymmetric flows pass through IPsec tunnel **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **crl** **Description:** crl is a **JSON Block**. Please see below for :ref:`1802_crl` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/crl ` **default** **Description:** default is a **JSON Block**. Please see below for :ref:`1802_default` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/default ` **error** **Description:** error is a **JSON Block**. Please see below for :ref:`1802_error` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/error ` **errordump** **Description:** errordump is a **JSON Block**. Please see below for :ref:`1802_errordump` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/errordump ` **fragment-after-encap** **Description** Fragment after adding IPsec headers **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** fragment-after-encap and jumbo-fragment are mutually exclusive **ike-gateway-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/vpn/ike-gateway/{name} ` **ike-sa-timeout** **Description** Timeout IKE-SA in connecting state in seconds (default 600s) **Type:** number **Range:** 300-86400 **Default:** 600 **ike-stats-global** **Description:** ike-stats-global is a **JSON Block**. Please see below for :ref:`1802_ike-stats-global` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/ike-stats-global ` **ipsec-error-dump** **Description** Support record the error ipsec cavium information in dump file **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipsec-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/vpn/ipsec/{name} ` **ipsec_sa_by_gw** **Description:** ipsec_sa_by_gw is a **JSON Block**. Please see below for :ref:`1802_ipsec_sa_by_gw` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/ipsec_sa_by_gw ` **jumbo-fragment** **Description** Support IKE jumbo fragment packet **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** jumbo-fragment and fragment-after-encap are mutually exclusive **log** **Description:** log is a **JSON Block**. Please see below for :ref:`1802_log` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/log ` **nat-traversal-flow-affinity** **Description** Choose IPsec UDP source port based on port of inner flow (only for A10 to A10) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ocsp** **Description:** ocsp is a **JSON Block**. Please see below for :ref:`1802_ocsp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/ocsp ` **revocation-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/vpn/revocation/{name} ` **sampling-enable** **Type:** List **stateful-mode** **Description** VPN module will work in stateful mode and create sessions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-mss-adjust-disable** **Description** Disable TCP MSS adjustment in SYN packet **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_log: log ^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_ipsec_sa_by_gw: ipsec_sa_by_gw ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_crl: crl ^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_default: default ^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_ocsp: ocsp ^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_ike-stats-global: ike-stats-global ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_ike-stats-global_sampling-enable: ike-stats-global_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'v2-init-rekey': Initiate Rekey; 'v2-rsp-rekey': Respond Rekey; 'v2-child-sa-rekey': Child SA Rekey; 'v2-in-invalid': Incoming Invalid; 'v2-in-invalid-spi': Incoming Invalid SPI; 'v2-in-init-req': Incoming Init Request; 'v2-in-init-rsp': Incoming Init Response; 'v2-out-init-req': Outgoing Init Request; 'v2-out-init-rsp': Outgoing Init Response; 'v2-in-auth-req': Incoming Auth Request; 'v2-in-auth-rsp': Incoming Auth Response; 'v2-out-auth-req': Outgoing Auth Request; 'v2-out-auth-rsp': Outgoing Auth Response; 'v2-in-create-child-req': Incoming Create Child Request; 'v2-in-create-child-rsp': Incoming Create Child Response; 'v2-out-create-child-req': Outgoing Create Child Request; 'v2-out-create-child-rsp': Outgoing Create Child Response; 'v2-in-info-req': Incoming Info Request; 'v2-in-info-rsp': Incoming Info Response; 'v2-out-info-req': Outgoing Info Request; 'v2-out-info-rsp': Outgoing Info Response; 'v1-in-id-prot-req': Incoming ID Protection Request; 'v1-in-id-prot-rsp': Incoming ID Protection Response; 'v1-out-id-prot-req': Outgoing ID Protection Request; 'v1-out-id-prot-rsp': Outgoing ID Protection Response; 'v1-in-auth-only-req': Incoming Auth Only Request; 'v1-in-auth-only-rsp': Incoming Auth Only Response; 'v1-out-auth-only-req': Outgoing Auth Only Request; 'v1-out-auth-only-rsp': Outgoing Auth Only Response; 'v1-in-aggressive-req': Incoming Aggressive Request; 'v1-in-aggressive-rsp': Incoming Aggressive Response; 'v1-out-aggressive-req': Outgoing Aggressive Request; 'v1-out-aggressive-rsp': Outgoing Aggressive Response; 'v1-in-info-v1-req': Incoming Info Request; 'v1-in-info-v1-rsp': Incoming Info Response; 'v1-out-info-v1-req': Outgoing Info Request; 'v1-out-info-v1-rsp': Outgoing Info Response; 'v1-in-transaction-req': Incoming Transaction Request; 'v1-in-transaction-rsp': Incoming Transaction Response; 'v1-out-transaction-req': Outgoing Transaction Request; 'v1-out-transaction-rsp': Outgoing Transaction Response; 'v1-in-quick-mode-req': Incoming Quick Mode Request; 'v1-in-quick-mode-rsp': Incoming Quick Mode Response; 'v1-out-quick-mode-req': Outgoing Quick Mode Request; 'v1-out-quick-mode-rsp': Outgoing Quick Mode Response; 'v1-in-new-group-mode-req': Incoming New Group Mode Request; 'v1-in-new-group-mode-rsp': Incoming New Group Mode Response; 'v1-out-new-group-mode-req': Outgoing New Group Mode Request; 'v1-out-new-group-mode-rsp': Outgoing New Group Mode Response; **Type:** string **Supported Values:** all, v2-init-rekey, v2-rsp-rekey, v2-child-sa-rekey, v2-in-invalid, v2-in-invalid-spi, v2-in-init-req, v2-in-init-rsp, v2-out-init-req, v2-out-init-rsp, v2-in-auth-req, v2-in-auth-rsp, v2-out-auth-req, v2-out-auth-rsp, v2-in-create-child-req, v2-in-create-child-rsp, v2-out-create-child-req, v2-out-create-child-rsp, v2-in-info-req, v2-in-info-rsp, v2-out-info-req, v2-out-info-rsp, v1-in-id-prot-req, v1-in-id-prot-rsp, v1-out-id-prot-req, v1-out-id-prot-rsp, v1-in-auth-only-req, v1-in-auth-only-rsp, v1-out-auth-only-req, v1-out-auth-only-rsp, v1-in-aggressive-req, v1-in-aggressive-rsp, v1-out-aggressive-req, v1-out-aggressive-rsp, v1-in-info-v1-req, v1-in-info-v1-rsp, v1-out-info-v1-req, v1-out-info-v1-rsp, v1-in-transaction-req, v1-in-transaction-rsp, v1-out-transaction-req, v1-out-transaction-rsp, v1-in-quick-mode-req, v1-in-quick-mode-rsp, v1-out-quick-mode-req, v1-out-quick-mode-rsp, v1-in-new-group-mode-req, v1-in-new-group-mode-rsp, v1-out-new-group-mode-req, v1-out-new-group-mode-rsp .. _1802_revocation-list: revocation-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ca** **Description** Certificate Authority file name **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **crl** **Description:** crl is a **JSON Block**. Please see below for :ref:`1802_revocation-list_crl` **Type:** Object **name** **Description** Revocation name **Type:** string **Maximum Length:** 31 characters **Maximum Length:** 1 characters **ocsp** **Description:** ocsp is a **JSON Block**. Please see below for :ref:`1802_revocation-list_ocsp` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_revocation-list_ocsp: revocation-list_ocsp ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ocsp-pri** **Description** Primary OCSP Authentication Server **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp/instance ` **ocsp-sec** **Description** Secondary OCSP Authentication Server **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp/instance ` .. _1802_revocation-list_crl: revocation-list_crl ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **crl-pri** **Description** Primary CRL URL (http://www.example.com/ocsp) (only .der filetypes) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **crl-sec** **Description** Secondary CRL URL (http://www.example.com/ocsp) (only .der filetypes) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters .. _1802_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'passthrough': passthrough; **Type:** string **Supported Values:** all, passthrough, ha-standby-drop .. _1802_error: error ^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_ike-gateway-list: ike-gateway-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **auth-method** **Description** 'preshare-key': Authenticate the remote gateway using a pre-shared key (Default); 'rsa-signature': Authenticate the remote gateway using an RSA certificate; **Type:** string **Supported Values:** preshare-key, rsa-signature, ecdsa-signature **Default:** preshare-key **dh-group** **Description** '1': Diffie-Hellman group 1 (Default); '2': Diffie-Hellman group 2; '5': Diffie-Hellman group 5; '14': Diffie-Hellman group 14; '15': Diffie-Hellman group 15; '16': Diffie-Hellman group 16; '18': Diffie-Hellman group 18; **Type:** string **Supported Values:** 1, 2, 5, 14, 15, 16, 18, 19, 20 **Default:** 1 **dpd** **Description:** dpd is a **JSON Block**. Please see below for :ref:`1802_ike-gateway-list_dpd` **Type:** Object **enc-cfg** **Type:** List **ike-version** **Description** 'v1': IKEv1 key exchange; 'v2': IKEv2 key exchange; **Type:** string **Supported Values:** v1, v2 **Default:** v2 **key** **Description** Private Key **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key-passphrase** **Description** Private Key Pass Phrase **Type:** string **Format:** password **Maximum Length:** 127 characters **Maximum Length:** 1 characters **key-passphrase-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string) **lifetime** **Description** IKE SA age in seconds **Type:** number **Range:** 300-86400 **Default:** 86400 **local-address** **Description:** local-address is a **JSON Block**. Please see below for :ref:`1802_ike-gateway-list_local-address` **Type:** Object **local-cert** **Description:** local-cert is a **JSON Block**. Please see below for :ref:`1802_ike-gateway-list_local-cert` **Type:** Object **local-id** **Description** Local Gateway Identity **Type:** string **Format:** string-rlx **Maximum Length:** 256 characters **Maximum Length:** 1 characters **mode** **Description** 'main': Negotiate Main mode (Default); 'aggressive': Negotiate Aggressive mode; **Type:** string **Supported Values:** main, aggressive **Default:** main **name** **Description** IKE-gateway name **Type:** string **Maximum Length:** 31 characters **Maximum Length:** 1 characters **nat-traversal** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preshare-key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string) **preshare-key-value** **Description** pre-shared key **Type:** string **Format:** password **Maximum Length:** 127 characters **Maximum Length:** 1 characters **remote-address** **Description:** remote-address is a **JSON Block**. Please see below for :ref:`1802_ike-gateway-list_remote-address` **Type:** Object **remote-ca-cert** **Description:** remote-ca-cert is a **JSON Block**. Please see below for :ref:`1802_ike-gateway-list_remote-ca-cert` **Type:** Object **remote-id** **Description** Remote Gateway Identity **Type:** string **Format:** string-rlx **Maximum Length:** 256 characters **Maximum Length:** 1 characters **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **vrid** **Description:** vrid is a **JSON Block**. Please see below for :ref:`1802_ike-gateway-list_vrid` **Type:** Object .. _1802_ike-gateway-list_local-cert: ike-gateway-list_local-cert ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **local-cert-name** **Description** Certificate File Name **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters .. _1802_ike-gateway-list_enc-cfg: ike-gateway-list_enc-cfg ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encryption** **Description** 'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm (key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm (key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm (key size: 256 bits); 'null': No encryption algorithm, only for IKEv2; **Type:** string **Supported Values:** des, 3des, aes-128, aes-192, aes-256, aes-gcm-128, aes-gcm-192, aes-gcm-256, null **gcm_priority** **Description** Prioritizes (1-10) security protocol, least value has highest priority **Type:** number **Range:** 1-10 **Default:** 5 **hash** **Description** 'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; **Type:** string **Supported Values:** md5, sha1, sha256, sha384, sha512 **prf** **Description** 'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; **Type:** string **Supported Values:** md5, sha1, sha256, sha384, sha512 **priority** **Description** Prioritizes (1-10) security protocol, least value has highest priority **Type:** number **Range:** 1-10 **Default:** 5 .. _1802_ike-gateway-list_vrid: ike-gateway-list_vrid ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **default** **Description** Default VRRP-A vrid **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** default and vrid-num are mutually exclusive **vrid-num** **Description** Specify ha VRRP-A vrid **Type:** number **Range:** 0-31 **Mutual Exclusion:** vrid-num and default are mutually exclusive .. _1802_ike-gateway-list_local-address: ike-gateway-list_local-address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **local-ip** **Description** Ipv4 address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** local-ip and local-ipv6 are mutually exclusive **local-ipv6** **Description** Ipv6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** local-ipv6 and local-ip are mutually exclusive .. _1802_ike-gateway-list_remote-address: ike-gateway-list_remote-address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** Remote IP based on Domain name **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns remote-ip and remote-ipv6 are mutually exclusive **remote-ip** **Description** Ipv4 address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** remote-ip dns and remote-ipv6 are mutually exclusive **remote-ipv6** **Description** Ipv6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** remote-ipv6 remote-ip and dns are mutually exclusive .. _1802_ike-gateway-list_remote-ca-cert: ike-gateway-list_remote-ca-cert ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **remote-cert-name** **Description** Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1802_ike-gateway-list_sampling-enable: ike-gateway-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'v2-init-rekey': Initiate Rekey; 'v2-rsp-rekey': Respond Rekey; 'v2-child-sa-rekey': Child SA Rekey; 'v2-in-invalid': Incoming Invalid; 'v2-in-invalid-spi': Incoming Invalid SPI; 'v2-in-init-req': Incoming Init Request; 'v2-in-init-rsp': Incoming Init Response; 'v2-out-init-req': Outgoing Init Request; 'v2-out-init-rsp': Outgoing Init Response; 'v2-in-auth-req': Incoming Auth Request; 'v2-in-auth-rsp': Incoming Auth Response; 'v2-out-auth-req': Outgoing Auth Request; 'v2-out-auth-rsp': Outgoing Auth Response; 'v2-in-create-child-req': Incoming Create Child Request; 'v2-in-create-child-rsp': Incoming Create Child Response; 'v2-out-create-child-req': Outgoing Create Child Request; 'v2-out-create-child-rsp': Outgoing Create Child Response; 'v2-in-info-req': Incoming Info Request; 'v2-in-info-rsp': Incoming Info Response; 'v2-out-info-req': Outgoing Info Request; 'v2-out-info-rsp': Outgoing Info Response; 'v1-in-id-prot-req': Incoming ID Protection Request; 'v1-in-id-prot-rsp': Incoming ID Protection Response; 'v1-out-id-prot-req': Outgoing ID Protection Request; 'v1-out-id-prot-rsp': Outgoing ID Protection Response; 'v1-in-auth-only-req': Incoming Auth Only Request; 'v1-in-auth-only-rsp': Incoming Auth Only Response; 'v1-out-auth-only-req': Outgoing Auth Only Request; 'v1-out-auth-only-rsp': Outgoing Auth Only Response; 'v1-in-aggressive-req': Incoming Aggressive Request; 'v1-in-aggressive-rsp': Incoming Aggressive Response; 'v1-out-aggressive-req': Outgoing Aggressive Request; 'v1-out-aggressive-rsp': Outgoing Aggressive Response; 'v1-in-info-v1-req': Incoming Info Request; 'v1-in-info-v1-rsp': Incoming Info Response; 'v1-out-info-v1-req': Outgoing Info Request; 'v1-out-info-v1-rsp': Outgoing Info Response; 'v1-in-transaction-req': Incoming Transaction Request; 'v1-in-transaction-rsp': Incoming Transaction Response; 'v1-out-transaction-req': Outgoing Transaction Request; 'v1-out-transaction-rsp': Outgoing Transaction Response; 'v1-in-quick-mode-req': Incoming Quick Mode Request; 'v1-in-quick-mode-rsp': Incoming Quick Mode Response; 'v1-out-quick-mode-req': Outgoing Quick Mode Request; 'v1-out-quick-mode-rsp': Outgoing Quick Mode Response; 'v1-in-new-group-mode-req': Incoming New Group Mode Request; 'v1-in-new-group-mode-rsp': Incoming New Group Mode Response; 'v1-out-new-group-mode-req': Outgoing New Group Mode Request; 'v1-out-new-group-mode-rsp': Outgoing New Group Mode Response; 'v1-child-sa-invalid-spi': Invalid SPI for Child SAs; 'ike-current-version': IKE version; **Type:** string **Supported Values:** all, v2-init-rekey, v2-rsp-rekey, v2-child-sa-rekey, v2-in-invalid, v2-in-invalid-spi, v2-in-init-req, v2-in-init-rsp, v2-out-init-req, v2-out-init-rsp, v2-in-auth-req, v2-in-auth-rsp, v2-out-auth-req, v2-out-auth-rsp, v2-in-create-child-req, v2-in-create-child-rsp, v2-out-create-child-req, v2-out-create-child-rsp, v2-in-info-req, v2-in-info-rsp, v2-out-info-req, v2-out-info-rsp, v1-in-id-prot-req, v1-in-id-prot-rsp, v1-out-id-prot-req, v1-out-id-prot-rsp, v1-in-auth-only-req, v1-in-auth-only-rsp, v1-out-auth-only-req, v1-out-auth-only-rsp, v1-in-aggressive-req, v1-in-aggressive-rsp, v1-out-aggressive-req, v1-out-aggressive-rsp, v1-in-info-v1-req, v1-in-info-v1-rsp, v1-out-info-v1-req, v1-out-info-v1-rsp, v1-in-transaction-req, v1-in-transaction-rsp, v1-out-transaction-req, v1-out-transaction-rsp, v1-in-quick-mode-req, v1-in-quick-mode-rsp, v1-out-quick-mode-req, v1-out-quick-mode-rsp, v1-in-new-group-mode-req, v1-in-new-group-mode-rsp, v1-out-new-group-mode-req, v1-out-new-group-mode-rsp, v1-child-sa-invalid-spi, v2-child-sa-invalid-spi, ike-current-version .. _1802_ike-gateway-list_dpd: ike-gateway-list_dpd ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **interval** **Description** Interval time in seconds **Type:** number **Range:** 10-3600 **retry** **Description** Retry times **Type:** number **Range:** 1-10 .. _1802_ipsec-list: ipsec-list ^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **anti-replay-window** **Description** '0': Disable Anti-Replay Window Check; '32': Window Size of 32; '64': Window Size of 64; '128': Window Size of 128; '256': Window Size of 256; '512': Window Size of 512; '1024': Window Size of 1024; **Type:** string **Supported Values:** 0, 32, 64, 128, 256, 512, 1024 **Default:** 0 **bind-tunnel** **Description:** bind-tunnel is a **JSON Block**. Please see below for :ref:`1802_ipsec-list_bind-tunnel` **Type:** Object **Reference Object:** :doc:`/axapi/v3/vpn/ipsec/{name}/bind-tunnel ` **dh-group** **Description** '0': Diffie-Hellman group 0 (Default); '1': Diffie-Hellman group 1; '2': Diffie-Hellman group 2; '5': Diffie-Hellman group 5; '14': Diffie-Hellman group 14; '15': Diffie-Hellman group 15; '16': Diffie-Hellman group 16; '18': Diffie-Hellman group 18; **Type:** string **Supported Values:** 0, 1, 2, 5, 14, 15, 16, 18, 19, 20 **Default:** 0 **enc-cfg** **Type:** List **ike-gateway** **Description** Gateway to use for IPsec SA **Type:** string **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/vpn/ike-gateway ` **lifebytes** **Description** IPsec SA age in megabytes (0 indicates unlimited bytes) **Type:** number **Range:** 0-8000000 **Default:** 0 **lifetime** **Description** IPsec SA age in seconds **Type:** number **Range:** 300-28800 **Default:** 28800 **mode** **Description** 'tunnel': Encapsulating the packet in IPsec tunnel mode (Default); **Type:** string **Supported Values:** tunnel **Default:** tunnel **name** **Description** IPsec name **Type:** string **Maximum Length:** 31 characters **Maximum Length:** 1 characters **proto** **Description** 'esp': Encapsulating security protocol (Default); **Type:** string **Supported Values:** esp **Default:** esp **sampling-enable** **Type:** List **sequence-number-disable** **Description** Do not use incremental sequence number in the ESP header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **traffic-selector** **Description:** traffic-selector is a **JSON Block**. Please see below for :ref:`1802_ipsec-list_traffic-selector` **Type:** Object **up** **Description** Initiates SA negotiation to bring the IPsec connection up **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_ipsec-list_bind-tunnel: ipsec-list_bind-tunnel ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **next-hop** **Description** IPsec Next Hop IP Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** next-hop and next-hop-v6 are mutually exclusive **next-hop-v6** **Description** IPsec Next Hop IPv6 Address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** next-hop-v6 and next-hop are mutually exclusive **tunnel** **Description** Tunnel interface index **Type:** number **Range:** 1-128 **Reference Object:** :doc:`/axapi/v3/interface/tunnel ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_ipsec-list_sampling-enable: ipsec-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packets-encrypted': Encrypted Packets; 'packets-decrypted': Decrypted Packets; 'anti-replay-num': Anti-Replay Failure; 'rekey-num': Rekey Times; 'packets-err-inactive': Inactive Error; 'packets-err-encryption': Encryption Error; 'packets-err-pad-check': Pad Check Error; 'packets-err-pkt-sanity': Packets Sanity Error; 'packets-err-icv-check': ICV Check Error; 'packets-err-lifetime-lifebytes': Lifetime Lifebytes Error; 'bytes-encrypted': Encrypted Bytes; 'bytes-decrypted': Decrypted Bytes; 'prefrag-success': Pre-frag Success; 'prefrag-error': Pre-frag Error; 'cavium-bytes-encrypted': CAVIUM Encrypted Bytes; 'cavium-bytes-decrypted': CAVIUM Decrypted Bytes; 'cavium-packets-encrypted': CAVIUM Encrypted Packets; 'cavium-packets-decrypted': CAVIUM Decrypted Packets; 'tunnel-intf-down': Packet dropped: Tunnel Interface Down; 'pkt-fail-prep-to-send': Packet dropped: Failed in prepare to send; 'no-next-hop': Packet dropped: No next hop; 'invalid-tunnel-id': Packet dropped: Invalid tunnel ID; 'no-tunnel-found': Packet dropped: No tunnel found; 'pkt-fail-to-send': Packet dropped: Failed to send; **Type:** string **Supported Values:** all, packets-encrypted, packets-decrypted, anti-replay-num, rekey-num, packets-err-inactive, packets-err-encryption, packets-err-pad-check, packets-err-pkt-sanity, packets-err-icv-check, packets-err-lifetime-lifebytes, bytes-encrypted, bytes-decrypted, prefrag-success, prefrag-error, cavium-bytes-encrypted, cavium-bytes-decrypted, cavium-packets-encrypted, cavium-packets-decrypted, tunnel-intf-down, pkt-fail-prep-to-send, no-next-hop, invalid-tunnel-id, no-tunnel-found, pkt-fail-to-send, frag-after-encap-frag-packets, frag-received, sequence-num, sequence-num-rollover, packets-err-nh-check .. _1802_ipsec-list_traffic-selector: ipsec-list_traffic-selector ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ipv4** **Description:** ipv4 is a **JSON Block**. Please see below for :ref:`1802_ipsec-list_traffic-selector_ipv4` **Type:** Object **ipv6** **Description:** ipv6 is a **JSON Block**. Please see below for :ref:`1802_ipsec-list_traffic-selector_ipv6` **Type:** Object .. _1802_ipsec-list_traffic-selector_ipv4: ipsec-list_traffic-selector_ipv4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **local** **Description** Local Traffic Selector **Type:** string **Format:** ipv4-address **Mutual Exclusion:** local and localv6 are mutually exclusive **local_netmask** **Description** IPv4 Address Network Mask **Type:** string **Format:** ipv4-netmask **local_port** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** IP Protocol Number (0-255) **Type:** number **Range:** 0-255 **remote** **Description** IPv4 Address **Type:** string **Format:** ipv4-address **remote_netmask** **Description** IPv4 Address Network Mask **Type:** string **Format:** ipv4-netmask **remote_port** **Description** Port Number **Type:** number **Range:** 0-65535 .. _1802_ipsec-list_traffic-selector_ipv6: ipsec-list_traffic-selector_ipv6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **local_portv6** **Description** Port Number **Type:** number **Range:** 0-65535 **localv6** **Description** Local Traffic Selector **Type:** string **Format:** ipv6-address-plen **Mutual Exclusion:** localv6 and local are mutually exclusive **protocolv6** **Description** IP Protocol Number (0-255) **Type:** number **Range:** 0-255 **remote_portv6** **Description** Port Number **Type:** number **Range:** 0-65535 **remotev6** **Description** IPv6 Address **Type:** string **Format:** ipv6-address-plen .. _1802_ipsec-list_enc-cfg: ipsec-list_enc-cfg ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encryption** **Description** 'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm (key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm (key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm (key size: 256 bits); 'null': No encryption algorithm; **Type:** string **Supported Values:** des, 3des, aes-128, aes-192, aes-256, aes-gcm-128, aes-gcm-192, aes-gcm-256, null **gcm_priority** **Description** Prioritizes (1-10) security protocol, least value has highest priority **Type:** number **Range:** 1-10 **Default:** 5 **hash** **Description** 'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'null': No hash algorithm; **Type:** string **Supported Values:** md5, sha1, sha256, sha384, sha512, null **priority** **Description** Prioritizes (1-10) security protocol, least value has highest priority **Type:** number **Range:** 1-10 **Default:** 5 .. _1802_errordump: errordump ^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1802_stats_data: stats data ---------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - passthrough - 8 - passthrough * - - ha-standby-drop - 8 - ha-standby-drop .. _1802_oper_data: operational data ---------------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - all-partitions - flag - all-partitions * - - Num-hardware-devices - number - Num-hardware-devices * - - IPsec-mode - string - IPsec-mode * - - specific-partition - string - specific-partition * - - IKE-Gateway-total - number - IKE-Gateway-total * - - all-partition-list - - all-partition-list * - - IPsec-SA-total - number - IPsec-SA-total * - - Crypto-cores-assigned-to-IPsec - number - Crypto-cores-assigned-to-IPsec * - - IKE-SA-total - number - IKE-SA-total * - - Crypto-cores-total - number - Crypto-cores-total * - - IPsec-total - number - IPsec-total * - - shared - flag - shared * - - Crypto-mem - number - Crypto-mem