vpn ipsec¶
IPsec settings
ipsec Specification¶
Type Collection Object Key(s) name Collection Name ipsec-list Collection URI /axapi/v3/vpn/ipsec Element Name ipsec Element URI /axapi/v3/vpn/ipsec/{name} Element Attributes ipsec_attributes Statistics Data URI /axapi/v3/vpn/ipsec/{name}/stats Operational Data URI /axapi/v3/vpn/ipsec/{name}/oper Schema ipsec schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/vpn/ipsec | ||
Create List | POST | /axapi/v3/vpn/ipsec | ||
Get Object | GET | /axapi/v3/vpn/ipsec/{name} | ||
Get List | GET | /axapi/v3/vpn/ipsec | ||
Modify Object | POST | /axapi/v3/vpn/ipsec/{name} | ||
Replace Object | PUT | /axapi/v3/vpn/ipsec/{name} | ||
Replace List | PUT | /axapi/v3/vpn/ipsec | ||
Delete Object | DELETE | /axapi/v3/vpn/ipsec/{name} |
ipsec-list¶
ipsec-list is JSON List of ipsec attributes
ipsec-list : [
]
ipsec attributes¶
anti-replay-window
Description ‘0’: Disable Anti-Replay Window Check; ‘32’: Window size of 32; ‘64’: Window size of 64; ‘128’: Window size of 128; ‘256’: Window size of 256; ‘512’: Window size of 512; ‘1024’: Window size of 1024;
Type: string
Supported Values: 0, 32, 64, 128, 256, 512, 1024
Default: 0
bind-tunnel
Description: bind-tunnel is a JSON Block. Please see below for bind-tunnel
Type: Object
Reference Object: /axapi/v3/vpn/ipsec/{name}/bind-tunnel
dh-group
Description ‘0’: Diffie-Hellman group 0 (Default); ‘1’: Diffie-Hellman group 1 - 768-bits; ‘2’: Diffie-Hellman group 2 - 1024-bits; ‘5’: Diffie-Hellman group 5 - 1536-bits; ‘14’: Diffie-Hellman group 14 - 2048-bits; ‘15’: Diffie-Hellman group 15 - 3072-bits; ‘16’: Diffie-Hellman group 16 - 4096-bits; ‘18’: Diffie-Hellman group 18 - 8192-bits;
Type: string
Supported Values: 0, 1, 2, 5, 14, 15, 16, 18, 19, 20
Default: 0
enc-cfg
Type: Listike-gateway
Description Gateway to use for IPsec SA
Type: string
Maximum Length: 31 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/vpn/ike-gateway
lifebytes
Description IPsec SA age in megabytes (0 indicates unlimited bytes)
Type: number
Range: 0-8000000
Default: 0
lifetime
Description IPsec SA age in seconds
Type: number
Range: 300-28800
Default: 28800
mode
Description ‘tunnel’: Encapsulating the packet in IPsec tunnel mode (Default);
Type: string
Supported Values: tunnel
Default: tunnel
name
Description IPsec name
Type: string
Maximum Length: 31 characters
Maximum Length: 1 characters
proto
Description ‘esp’: Encapsulating security protocol (Default);
Type: string
Supported Values: esp
Default: esp
sampling-enable
Type: Listsequence-number-disable
Description Do not use incremental sequence number in the ESP header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
traffic-selector
Description: traffic-selector is a JSON Block. Please see below for traffic-selector
Type: Object
up
Description Initiates SA negotiation to bring the IPsec connection up
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
bind-tunnel¶
Specification Type object next-hop
Description IPsec Next Hop IP Address
Type: string
Format: ipv4-address
Mutual Exclusion: next-hop and next-hop-v6 are mutually exclusive
next-hop-v6
Description IPsec Next Hop IPv6 Address
Type: string
Format: ipv6-address
Mutual Exclusion: next-hop-v6 and next-hop are mutually exclusive
tunnel
Description Tunnel interface index
Type: number
Range: 1-128
Reference Object: /axapi/v3/interface/tunnel
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘packets-encrypted’: Encrypted Packets; ‘packets-decrypted’: Decrypted Packets; ‘anti-replay-num’: Anti-Replay Failure; ‘rekey-num’: Rekey Times; ‘packets-err-inactive’: Inactive Error; ‘packets-err-encryption’: Encryption Error; ‘packets-err-pad-check’: Pad Check Error; ‘packets-err-pkt-sanity’: Packets Sanity Error; ‘packets-err-icv-check’: ICV Check Error; ‘packets-err-lifetime-lifebytes’: Lifetime Lifebytes Error; ‘bytes-encrypted’: Encrypted Bytes; ‘bytes-decrypted’: Decrypted Bytes; ‘prefrag-success’: Pre-frag Success; ‘prefrag-error’: Pre-frag Error; ‘cavium-bytes-encrypted’: CAVIUM Encrypted Bytes; ‘cavium-bytes-decrypted’: CAVIUM Decrypted Bytes; ‘cavium-packets-encrypted’: CAVIUM Encrypted Packets; ‘cavium-packets-decrypted’: CAVIUM Decrypted Packets; ‘tunnel-intf-down’: Packet dropped: Tunnel Interface Down; ‘pkt-fail-prep-to-send’: Packet dropped: Failed in prepare to send; ‘no-next-hop’: Packet dropped: No next hop; ‘invalid-tunnel-id’: Packet dropped: Invalid tunnel ID; ‘no-tunnel-found’: Packet dropped: No tunnel found; ‘pkt-fail-to-send’: Packet dropped: Failed to send;
Type: string
Supported Values: all, packets-encrypted, packets-decrypted, anti-replay-num, rekey-num, packets-err-inactive, packets-err-encryption, packets-err-pad-check, packets-err-pkt-sanity, packets-err-icv-check, packets-err-lifetime-lifebytes, bytes-encrypted, bytes-decrypted, prefrag-success, prefrag-error, cavium-bytes-encrypted, cavium-bytes-decrypted, cavium-packets-encrypted, cavium-packets-decrypted, tunnel-intf-down, pkt-fail-prep-to-send, no-next-hop, invalid-tunnel-id, no-tunnel-found, pkt-fail-to-send, frag-after-encap-frag-packets, frag-received, sequence-num, sequence-num-rollover, packets-err-nh-check
traffic-selector¶
Specification Type object ipv4
Description: ipv4 is a JSON Block. Please see below for traffic-selector_ipv4
Type: Object
ipv6
Description: ipv6 is a JSON Block. Please see below for traffic-selector_ipv6
Type: Object
traffic-selector_ipv4¶
Specification Type object local
Description Local Traffic Selector
Type: string
Format: ipv4-address
Mutual Exclusion: local and localv6 are mutually exclusive
local_netmask
Description IPv4 Address Network Mask
Type: string
Format: ipv4-netmask
local_port
Description Port Number
Type: number
Range: 0-65535
protocol
Description IP Protocol Number (0-255)
Type: number
Range: 0-255
remote
Description IPv4 Address
Type: string
Format: ipv4-address
remote_netmask
Description IPv4 Address Network Mask
Type: string
Format: ipv4-netmask
remote_port
Description Port Number
Type: number
Range: 0-65535
traffic-selector_ipv6¶
Specification Type object local_portv6
Description Port Number
Type: number
Range: 0-65535
localv6
Description Local Traffic Selector
Type: string
Format: ipv6-address-plen
Mutual Exclusion: localv6 and local are mutually exclusive
protocolv6
Description IP Protocol Number (0-255)
Type: number
Range: 0-255
remote_portv6
Description Port Number
Type: number
Range: 0-65535
remotev6
Description IPv6 Address
Type: string
Format: ipv6-address-plen
enc-cfg¶
Specification Type list Block object keys encryption
Description ‘des’: Data Encryption Standard algorithm; ‘3des’: Triple Data Encryption Standard algorithm; ‘aes-128’: Advanced Encryption Standard algorithm (key size: 128 bits); ‘aes-192’: Advanced Encryption Standard algorithm (key size: 192 bits); ‘aes-256’: Advanced Encryption Standard algorithm (key size: 256 bits); ‘null’: No encryption algorithm;
Type: string
Supported Values: des, 3des, aes-128, aes-192, aes-256, aes-gcm-128, aes-gcm-192, aes-gcm-256, null
gcm_priority
Description Prioritizes (1-10) security protocol, least value has highest priority
Type: number
Range: 1-10
Default: 5
hash
Description ‘md5’: MD5 Dessage-Digest Algorithm; ‘sha1’: Secure Hash Algorithm 1; ‘sha256’: Secure Hash Algorithm 256; ‘null’: No hash algorithm;
Type: string
Supported Values: md5, sha1, sha256, sha384, sha512, null
priority
Description Prioritizes (1-10) security protocol, least value has highest priority
Type: number
Range: 1-10
Default: 5
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| sequence-num-rollover | 8 | Sequence Number Rollover | |
| anti-replay-num | 8 | Anti-Replay Failure | |
| packets-decrypted | 8 | Decrypted Packets | |
| tunnel-intf-down | 8 | Packet dropped: Tunnel Interface Down | |
| pkt-fail-to-send | 8 | Packet dropped: Failed to send | |
| packets-encrypted | 8 | Encrypted Packets | |
| bytes-encrypted | 4 | Encrypted Bytes | |
| packets-err-nh-check | 4 | Next Header Check Error | |
| no-tunnel-found | 8 | Packet dropped: No tunnel found | |
| prefrag-success | 4 | Pre-frag Success | |
| prefrag-error | 4 | Pre-frag Error | |
| bytes-decrypted | 4 | Decrypted Bytes | |
| invalid-tunnel-id | 8 | Packet dropped: Invalid tunnel ID | |
| pkt-fail-prep-to-send | 8 | Packet dropped: Failed in prepare to send | |
| cavium-packets-encrypted | 8 | CAVIUM Encrypted Packets | |
| packets-err-icv-check | 4 | ICV Check Error | |
| packets-err-inactive | 4 | Inactive Error | |
| cavium-bytes-decrypted | 4 | CAVIUM Decrypted Bytes | |
| packets-err-pad-check | 4 | Pad Check Error | |
| packets-err-pkt-sanity | 4 | Packets Sanity Error | |
| cavium-bytes-encrypted | 4 | CAVIUM Encrypted Bytes | |
| sequence-num | 8 | Sequence Number | |
| packets-err-lifetime-lifebytes | 8 | Lifetime Lifebytes Error | |
| packets-err-encryption | 4 | Encryption Error | |
| rekey-num | 8 | Rekey Times | |
| cavium-packets-decrypted | 8 | CAVIUM Decrypted Packets | |
| frag-after-encap-frag-packets | 8 | Frag-after-encap Fragment Generated | |
| no-next-hop | 8 | Packet dropped: No next hop | |
| frag-received | 8 | Fragment Received |
operational data¶
| Counter | Size | Description | |
|---|---|---|---|
| Status | string | Status | |
| Hash-Algorithm | string | Hash-Algorithm | |
| Protocol | string | Protocol | |
| DH-Group | number | DH-Group | |
| Peer-IP | string | Peer-IP | |
| Local-IP | string | Local-IP | |
| Anti-Replay | string | Anti-Replay | |
| Lifebytes | string | Lifebytes | |
| NAT-Traversal | number | NAT-Traversal | |
| SA-Index | number | SA-Index | |
| Remote-SPI | string | Remote-SPI | |
| Mode | string | Mode | |
| Encryption-Algorithm | string | Encryption-Algorithm | |
| Local-SPI | string | Local-SPI | |
| Lifetime | number | Lifetime |