{ "id":"/axapi/v3/vpn/ipsec/{name}", "type":"object", "node-type":"list", "title":"ipsec", "partition-visibility":"shared", "description":"IPsec settings", "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"IPsec name", "optional":false }, "mode":{ "type":"string", "format":"enum", "default":"tunnel", "partition-visibility":"shared", "description":"'tunnel': Encapsulating the packet in IPsec tunnel mode (Default); ", "enum":[ "tunnel" ], "optional":true }, "dscp":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'default': Default dscp (000000); 'af11': AF11 (001010); 'af12': AF12 (001100); 'af13': AF13 (001110); 'af21': AF21 (010010); 'af22': AF22 (010100); 'af23': AF23 (010110); 'af31': AF31 (011010); 'af32': AF32 (011100); 'af33': AF33 (011110); 'af41': AF41 (100010); 'af42': AF42 (100100); 'af43': AF43 (100110); 'cs1': CS1 (001000); 'cs2': CS2 (010000); 'cs3': CS3 (011000); 'cs4': CS4 (100000); 'cs5': CS5 (101000); 'cs6': CS6 (110000); 'cs7': CS7 (111000); 'ef': EF (101110); '0': 000000; '1': 000001; '2': 000010; '3': 000011; '4': 000100; '5': 000101; '6': 000110; '7': 000111; '8': 001000; '9': 001001; '10': 001010; '11': 001011; '12': 001100; '13': 001101; '14': 001110; '15': 001111; '16': 010000; '17': 010001; '18': 010010; '19': 010011; '20': 010100; '21': 010101; '22': 010110; '23': 010111; '24': 011000; '25': 011001; '26': 011010; '27': 011011; '28': 011100; '29': 011101; '30': 011110; '31': 011111; '32': 100000; '33': 100001; '34': 100010; '35': 100011; '36': 100100; '37': 100101; '38': 100110; '39': 100111; '40': 101000; '41': 101001; '42': 101010; '43': 101011; '44': 101100; '45': 101101; '46': 101110; '47': 101111; '48': 110000; '49': 110001; '50': 110010; '51': 110011; '52': 110100; '53': 110101; '54': 110110; '55': 110111; '56': 111000; '57': 111001; '58': 111010; '59': 111011; '60': 111100; '61': 111101; '62': 111110; '63': 111111; ", "enum":[ "default", "af11", "af12", "af13", "af21", "af22", "af23", "af31", "af32", "af33", "af41", "af42", "af43", "cs1", "cs2", "cs3", "cs4", "cs5", "cs6", "cs7", "ef", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "45", "46", "47", "48", "49", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "60", "61", "62", "63" ], "optional":true }, "proto":{ "type":"string", "format":"enum", "default":"esp", "partition-visibility":"shared", "description":"'esp': Encapsulating security protocol (Default); ", "enum":[ "esp" ], "optional":true }, "dh-group":{ "type":"string", "format":"enum", "default":"0", "partition-visibility":"shared", "description":"'0': Diffie-Hellman group 0 (Default); '1': Diffie-Hellman group 1 - 768-bits; '2': Diffie-Hellman group 2 - 1024-bits; '5': Diffie-Hellman group 5 - 1536-bits; '14': Diffie-Hellman group 14 - 2048-bits; '15': Diffie-Hellman group 15 - 3072-bits; '16': Diffie-Hellman group 16 - 4096-bits; '18': Diffie-Hellman group 18 - 8192-bits; '19': Diffie-Hellman group 19 - 256-bit Elliptic Curve; '20': Diffie-Hellman group 20 - 384-bit Elliptic Curve; ", "enum":[ "0", "1", "2", "5", "14", "15", "16", "18", "19", "20" ], "optional":true }, "enc-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "encryption":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); 'aes-gcm-128': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes); 'aes-gcm-192': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes); 'aes-gcm-256': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes); 'null': No encryption algorithm; ", "enum":[ "des", "3des", "aes-128", "aes-192", "aes-256", "aes-gcm-128", "aes-gcm-192", "aes-gcm-256", "null" ] }, "hash":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; 'null': No hash algorithm; ", "enum":[ "md5", "sha1", "sha256", "sha384", "sha512", "null" ] }, "priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "gcm_priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" } } } ] }, "lifetime":{ "type":"number", "format":"number", "minimum":300, "maximum":28800, "default":28800, "partition-visibility":"shared", "description":"IPsec SA age in seconds", "optional":true }, "lifebytes":{ "type":"number", "format":"number", "minimum":0, "maximum":8000000, "default":0, "partition-visibility":"shared", "description":"IPsec SA age in megabytes (0 indicates unlimited bytes)", "optional":true }, "anti-replay-window":{ "type":"string", "format":"enum", "default":"0", "partition-visibility":"shared", "description":"'0': Disable Anti-Replay Window Check; '32': Window size of 32; '64': Window size of 64; '128': Window size of 128; '256': Window size of 256; '512': Window size of 512; '1024': Window size of 1024; '2048': Window size of 2048; '3072': Window size of 3072; '4096': Window size of 4096; '8192': Window size of 8192; ", "enum":[ "0", "32", "64", "128", "256", "512", "1024", "2048", "3072", "4096", "8192" ], "optional":true }, "up":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Initiates SA negotiation to bring the IPsec connection up", "optional":true }, "sequence-number-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Do not use incremental sequence number in the ESP header", "optional":true }, "traffic-selector":{ "type":"object", "properties":{ "ipv4":{ "type":"object", "properties":{ "local":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"localv6", "description":"Local Traffic Selector" }, "local_netmask":{ "type":"string", "format":"ipv4-netmask", "partition-visibility":"shared", "description":"IPv4 Address Network Mask" }, "local_port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "remote-ipv4-assigned":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"remote-ip", "description":"Remote IP address assigned" }, "remote-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"remote-ipv4-assigned", "description":"IPv4 Address" }, "remote_netmask":{ "type":"string", "format":"ipv4-netmask", "partition-visibility":"shared", "description":"IPv4 Address Network Mask" }, "remote_port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "protocol":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP Protocol Number (0-255)" } } }, "ipv6":{ "type":"object", "properties":{ "localv6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "not":"local", "description":"Local Traffic Selector" }, "local_portv6":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "remote-ipv6-assigned":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"remote-ipv6", "description":"Remote IPv6 address assigned" }, "remote-ipv6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "not":"remote-ipv6-assigned", "description":"IPv6 Address" }, "remote_portv6":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "protocolv6":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP Protocol Number (0-255)" } } } } }, "enforce-traffic-selector":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enforce Traffic Selector", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packets-encrypted': Encrypted Packets; 'packets-decrypted': Decrypted Packets; 'anti-replay-num': Anti-Replay Failure; 'rekey-num': Rekey Times; 'packets-err-inactive': Inactive Error; 'packets-err-encryption': Encryption Error; 'packets-err-pad-check': Pad Check Error; 'packets-err-pkt-sanity': Packets Sanity Error; 'packets-err-icv-check': ICV Check Error; 'packets-err-lifetime-lifebytes': Lifetime Lifebytes Error; 'bytes-encrypted': Encrypted Bytes; 'bytes-decrypted': Decrypted Bytes; 'prefrag-success': Pre-frag Success; 'prefrag-error': Pre-frag Error; 'cavium-bytes-encrypted': CAVIUM Encrypted Bytes; 'cavium-bytes-decrypted': CAVIUM Decrypted Bytes; 'cavium-packets-encrypted': CAVIUM Encrypted Packets; 'cavium-packets-decrypted': CAVIUM Decrypted Packets; 'qat-bytes-encrypted': QAT Encrypted Bytes; 'qat-bytes-decrypted': QAT Decrypted Bytes; 'qat-packets-encrypted': QAT Encrypted Packets; 'qat-packets-decrypted': QAT Decrypted Packets; 'tunnel-intf-down': Packet dropped: Tunnel Interface Down; 'pkt-fail-prep-to-send': Packet dropped: Failed in prepare to send; 'no-next-hop': Packet dropped: No next hop; 'invalid-tunnel-id': Packet dropped: Invalid tunnel ID; 'no-tunnel-found': Packet dropped: No tunnel found; 'pkt-fail-to-send': Packet dropped: Failed to send; 'frag-after-encap-frag-packets': Frag-after-encap Fragment Generated; 'frag-received': Fragment Received; 'sequence-num': Sequence Number; 'sequence-num-rollover': Sequence Number Rollover; 'packets-err-nh-check': Next Header Check Error; ", "enum":[ "all", "packets-encrypted", "packets-decrypted", "anti-replay-num", "rekey-num", "packets-err-inactive", "packets-err-encryption", "packets-err-pad-check", "packets-err-pkt-sanity", "packets-err-icv-check", "packets-err-lifetime-lifebytes", "bytes-encrypted", "bytes-decrypted", "prefrag-success", "prefrag-error", "cavium-bytes-encrypted", "cavium-bytes-decrypted", "cavium-packets-encrypted", "cavium-packets-decrypted", "qat-bytes-encrypted", "qat-bytes-decrypted", "qat-packets-encrypted", "qat-packets-decrypted", "tunnel-intf-down", "pkt-fail-prep-to-send", "no-next-hop", "invalid-tunnel-id", "no-tunnel-found", "pkt-fail-to-send", "frag-after-encap-frag-packets", "frag-received", "sequence-num", "sequence-num-rollover", "packets-err-nh-check" ] } } } ] }, "bind-tunnel":{ "type":"object", "$ref":"/axapi/v3/vpn/ipsec/{name}/bind-tunnel", "properties":{ "tunnel":{ "type":"number", "format":"number", "minimum":1, "maximum":128, "partition-visibility":"shared", "$ref":"/axapi/v3/interface/tunnel", "description":"Tunnel interface index" }, "next-hop":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"next-hop-v6", "description":"IPsec Next Hop IP Address" }, "next-hop-v6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not":"next-hop", "description":"IPsec Next Hop IPv6 Address" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ipsec-gateway":{ "type":"object", "$ref":"/axapi/v3/vpn/ipsec/{name}/ipsec-gateway", "properties":{ "ike-gateway":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "$ref":"/axapi/v3/vpn/ike-gateway", "description":"Gateway to use for IPsec SA" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "name" ], "required":[ "name" ] }