{ "id":"/axapi/v3/vpn/ike-gateway/{name}", "type":"object", "node-type":"list", "title":"ike-gateway", "partition-visibility":"shared", "description":"IKE-gateway settings", "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":31, "partition-visibility":"shared", "description":"IKE-gateway name", "optional":false }, "ike-version":{ "type":"string", "format":"enum", "default":"v2", "partition-visibility":"shared", "description":"'v1': IKEv1 key exchange; 'v2': IKEv2 key exchange; ", "enum":[ "v1", "v2" ], "optional":true }, "mode":{ "type":"string", "format":"enum", "default":"main", "partition-visibility":"shared", "description":"'main': Negotiate Main mode (Default); 'aggressive': Negotiate Aggressive mode; ", "enum":[ "main", "aggressive" ], "optional":true }, "auth-method":{ "type":"string", "format":"enum", "default":"preshare-key", "partition-visibility":"shared", "description":"'preshare-key': Authenticate the remote gateway using a pre-shared key (Default); 'rsa-signature': Authenticate the remote gateway using an RSA certificate; 'ecdsa-signature': Authenticate the remote gateway using an ECDSA certificate; 'eap-radius': Authenticate the remote gateway using an EAP Radius server; 'eap-tls': Authenticate the remote gateway using EAP TLS; ", "enum":[ "preshare-key", "rsa-signature", "ecdsa-signature", "eap-radius", "eap-tls" ], "optional":true }, "preshare-key-value":{ "type":"string", "format":"password", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"pre-shared key", "optional":true }, "preshare-key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string)", "optional":true }, "hash":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; ", "enum":[ "sha256", "sha384", "sha512" ], "optional":true }, "interface-management":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"only handle traffic on management interface, share partition only", "optional":true }, "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Private Key", "optional":true }, "key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Private Key Pass Phrase", "optional":true }, "key-passphrase-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string)", "optional":true }, "vrid":{ "type":"object", "properties":{ "default":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"vrid-num", "description":"Default VRRP-A vrid" }, "vrid-num":{ "type":"number", "format":"number", "minimum":0, "maximum":31, "partition-visibility":"shared", "not":"default", "description":"Specify ha VRRP-A vrid" } } }, "local-cert":{ "type":"object", "properties":{ "local-cert-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Certificate File Name" } } }, "remote-ca-cert":{ "type":"object", "properties":{ "remote-cert-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress" } } }, "local-id":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Local Gateway Identity", "optional":true }, "remote-id":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Remote Gateway Identity", "optional":true }, "enc-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "encryption":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); 'aes-gcm-128': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes), only for IKEv2; 'aes-gcm-192': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes), only for IKEv2; 'aes-gcm-256': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes), only for IKEv2; 'null': No encryption algorithm, only for IKEv2; ", "enum":[ "des", "3des", "aes-128", "aes-192", "aes-256", "aes-gcm-128", "aes-gcm-192", "aes-gcm-256", "null" ] }, "hash":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; ", "enum":[ "md5", "sha1", "sha256", "sha384", "sha512" ] }, "prf":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; ", "enum":[ "md5", "sha1", "sha256", "sha384", "sha512" ] }, "priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" }, "gcm_priority":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "default":5, "partition-visibility":"shared", "description":"Prioritizes (1-10) security protocol, least value has highest priority" } } } ] }, "dh-group":{ "type":"string", "format":"enum", "default":"1", "partition-visibility":"shared", "description":"'1': Diffie-Hellman group 1 - 768-bit(Default); '2': Diffie-Hellman group 2 - 1024-bit; '5': Diffie-Hellman group 5 - 1536-bit; '14': Diffie-Hellman group 14 - 2048-bit; '15': Diffie-Hellman group 15 - 3072-bit; '16': Diffie-Hellman group 16 - 4096-bit; '18': Diffie-Hellman group 18 - 8192-bit; '19': Diffie-Hellman group 19 - 256-bit Elliptic Curve; '20': Diffie-Hellman group 20 - 384-bit Elliptic Curve; ", "enum":[ "1", "2", "5", "14", "15", "16", "18", "19", "20" ], "optional":true }, "local-address":{ "type":"object", "properties":{ "local-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not":"local-ipv6", "description":"Ipv4 address" }, "local-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not":"local-ip", "description":"Ipv6 address" } } }, "remote-address":{ "type":"object", "properties":{ "remote-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not-list":[ "dns", "remote-ipv6" ], "description":"Ipv4 address" }, "dns":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "not-list":[ "remote-ip", "remote-ipv6" ], "description":"Remote IP based on Domain name" }, "remote-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not-list":[ "remote-ip", "dns" ], "description":"Ipv6 address" } } }, "lifetime":{ "type":"number", "format":"number", "minimum":300, "maximum":86400, "default":86400, "partition-visibility":"shared", "description":"IKE SA age in seconds", "optional":true }, "fragment-size":{ "type":"number", "format":"number", "minimum":576, "maximum":1280, "partition-visibility":"shared", "description":"Enable IKE message fragment and set fragment size", "optional":true }, "nat-traversal":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "optional":true }, "dpd":{ "type":"object", "properties":{ "interval":{ "type":"number", "format":"number", "minimum":1, "maximum":3600, "partition-visibility":"shared", "description":"Interval time in seconds" }, "retry":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "partition-visibility":"shared", "description":"Retry times" } } }, "disable-rekey":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable initiating rekey", "optional":true }, "configuration-payload":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dhcp': Enable DHCP configuration-payload; 'radius': Enable RADIUS configuration-payload; ", "enum":[ "dhcp", "radius" ], "optional":true }, "dhcp-server":{ "type":"object", "properties":{ "pri":{ "type":"object", "properties":{ "dhcp-pri-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Primary DHCP Server IP Address" } } }, "sec":{ "type":"object", "properties":{ "dhcp-sec-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Secondary DHCP Server IP Address" } } } } }, "radius-server":{ "type":"object", "properties":{ "radius-pri":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/radius/instance", "description":"Primary RADIUS Authentication Server" }, "radius-sec":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/radius/instance", "description":"Secondary RADIUS Authentication Server" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'v2-init-rekey': Initiate Rekey; 'v2-rsp-rekey': Respond Rekey; 'v2-child-sa-rekey': Child SA Rekey; 'v2-in-invalid': Incoming Invalid; 'v2-in-invalid-spi': Incoming Invalid SPI; 'v2-in-init-req': Incoming Init Request; 'v2-in-init-rsp': Incoming Init Response; 'v2-out-init-req': Outgoing Init Request; 'v2-out-init-rsp': Outgoing Init Response; 'v2-in-auth-req': Incoming Auth Request; 'v2-in-auth-rsp': Incoming Auth Response; 'v2-out-auth-req': Outgoing Auth Request; 'v2-out-auth-rsp': Outgoing Auth Response; 'v2-in-create-child-req': Incoming Create Child Request; 'v2-in-create-child-rsp': Incoming Create Child Response; 'v2-out-create-child-req': Outgoing Create Child Request; 'v2-out-create-child-rsp': Outgoing Create Child Response; 'v2-in-info-req': Incoming Info Request; 'v2-in-info-rsp': Incoming Info Response; 'v2-out-info-req': Outgoing Info Request; 'v2-out-info-rsp': Outgoing Info Response; 'v1-in-id-prot-req': Incoming ID Protection Request; 'v1-in-id-prot-rsp': Incoming ID Protection Response; 'v1-out-id-prot-req': Outgoing ID Protection Request; 'v1-out-id-prot-rsp': Outgoing ID Protection Response; 'v1-in-auth-only-req': Incoming Auth Only Request; 'v1-in-auth-only-rsp': Incoming Auth Only Response; 'v1-out-auth-only-req': Outgoing Auth Only Request; 'v1-out-auth-only-rsp': Outgoing Auth Only Response; 'v1-in-aggressive-req': Incoming Aggressive Request; 'v1-in-aggressive-rsp': Incoming Aggressive Response; 'v1-out-aggressive-req': Outgoing Aggressive Request; 'v1-out-aggressive-rsp': Outgoing Aggressive Response; 'v1-in-info-v1-req': Incoming Info Request; 'v1-in-info-v1-rsp': Incoming Info Response; 'v1-out-info-v1-req': Outgoing Info Request; 'v1-out-info-v1-rsp': Outgoing Info Response; 'v1-in-transaction-req': Incoming Transaction Request; 'v1-in-transaction-rsp': Incoming Transaction Response; 'v1-out-transaction-req': Outgoing Transaction Request; 'v1-out-transaction-rsp': Outgoing Transaction Response; 'v1-in-quick-mode-req': Incoming Quick Mode Request; 'v1-in-quick-mode-rsp': Incoming Quick Mode Response; 'v1-out-quick-mode-req': Outgoing Quick Mode Request; 'v1-out-quick-mode-rsp': Outgoing Quick Mode Response; 'v1-in-new-group-mode-req': Incoming New Group Mode Request; 'v1-in-new-group-mode-rsp': Incoming New Group Mode Response; 'v1-out-new-group-mode-req': Outgoing New Group Mode Request; 'v1-out-new-group-mode-rsp': Outgoing New Group Mode Response; 'v1-child-sa-invalid-spi': Invalid SPI for Child SAs; 'v2-child-sa-invalid-spi': Invalid SPI for Child SAs; 'ike-current-version': IKE version; ", "enum":[ "all", "v2-init-rekey", "v2-rsp-rekey", "v2-child-sa-rekey", "v2-in-invalid", "v2-in-invalid-spi", "v2-in-init-req", "v2-in-init-rsp", "v2-out-init-req", "v2-out-init-rsp", "v2-in-auth-req", "v2-in-auth-rsp", "v2-out-auth-req", "v2-out-auth-rsp", "v2-in-create-child-req", "v2-in-create-child-rsp", "v2-out-create-child-req", "v2-out-create-child-rsp", "v2-in-info-req", "v2-in-info-rsp", "v2-out-info-req", "v2-out-info-rsp", "v1-in-id-prot-req", "v1-in-id-prot-rsp", "v1-out-id-prot-req", "v1-out-id-prot-rsp", "v1-in-auth-only-req", "v1-in-auth-only-rsp", "v1-out-auth-only-req", "v1-out-auth-only-rsp", "v1-in-aggressive-req", "v1-in-aggressive-rsp", "v1-out-aggressive-req", "v1-out-aggressive-rsp", "v1-in-info-v1-req", "v1-in-info-v1-rsp", "v1-out-info-v1-req", "v1-out-info-v1-rsp", "v1-in-transaction-req", "v1-in-transaction-rsp", "v1-out-transaction-req", "v1-out-transaction-rsp", "v1-in-quick-mode-req", "v1-in-quick-mode-rsp", "v1-out-quick-mode-req", "v1-out-quick-mode-rsp", "v1-in-new-group-mode-req", "v1-in-new-group-mode-rsp", "v1-out-new-group-mode-req", "v1-out-new-group-mode-rsp", "v1-child-sa-invalid-spi", "v2-child-sa-invalid-spi", "ike-current-version" ] } } } ] } }, "object-keys":[ "name" ], "required":[ "name" ] }