.. _vpn_ike_gateway: vpn ike-gateway =============== IKE-gateway settings ike-gateway Specification ------------------------- ===================================== =============================================================== **Parameter** **Value** ===================================== =============================================================== **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`4063_ike-gateway_list` **Collection URI** /axapi/v3/vpn/ike-gateway **Element Name** ike-gateway **Element URI** /axapi/v3/vpn/ike-gateway/{name} **Element Attributes** ike-gateway_attributes **Partition Visibility** shared **Statistics Data URI** /axapi/v3/vpn/ike-gateway/{name}/stats **Operational Data URI** /axapi/v3/vpn/ike-gateway/{name}/oper **Schema** :download:`ike-gateway schema ` ===================================== =============================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/vpn/ike-gateway .. raw:: html :ref:`4063_ike-gateway_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/vpn/ike-gateway .. raw:: html :ref:`4063_ike-gateway_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/vpn/ike-gateway/{name} .. raw:: html :ref:`4063_ike-gateway_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/vpn/ike-gateway .. raw:: html :ref:`4063_ike-gateway_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/vpn/ike-gateway/{name} .. raw:: html :ref:`4063_ike-gateway_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/vpn/ike-gateway/{name} .. raw:: html :ref:`4063_ike-gateway_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/vpn/ike-gateway .. raw:: html :ref:`4063_ike-gateway_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/vpn/ike-gateway/{name} .. raw:: html :ref:`4063_ike-gateway_attributes` .. raw:: html
.. _4063_ike-gateway_list: ike-gateway-list ---------------- ike-gateway-list is **JSON List** of :ref:`4063_ike-gateway_attributes` ike-gateway-list : [ { :ref:`4063_ike-gateway_attributes` }, { :ref:`4063_ike-gateway_attributes` }, ... ] .. _4063_ike-gateway_attributes: ike-gateway attributes ---------------------- **auth-method** **Description** 'preshare-key': Authenticate the remote gateway using a pre-shared key (Default); 'rsa-signature': Authenticate the remote gateway using an RSA certificate; 'ecdsa-signature': Authenticate the remote gateway using an ECDSA certificate; 'eap-radius': Authenticate the remote gateway using an EAP Radius server; 'eap-tls': Authenticate the remote gateway using EAP TLS; **Type:** string **Supported Values:** preshare-key, rsa-signature, ecdsa-signature, eap-radius, eap-tls **Default:** preshare-key **configuration-payload** **Description** 'dhcp': Enable DHCP configuration-payload; 'radius': Enable RADIUS configuration-payload; **Type:** string **Supported Values:** dhcp, radius **dh-group** **Description** '1': Diffie-Hellman group 1 - 768-bit(Default); '2': Diffie-Hellman group 2 - 1024-bit; '5': Diffie-Hellman group 5 - 1536-bit; '14': Diffie-Hellman group 14 - 2048-bit; '15': Diffie-Hellman group 15 - 3072-bit; '16': Diffie-Hellman group 16 - 4096-bit; '18': Diffie-Hellman group 18 - 8192-bit; '19': Diffie-Hellman group 19 - 256-bit Elliptic Curve; '20': Diffie-Hellman group 20 - 384-bit Elliptic Curve; **Type:** string **Supported Values:** 1, 2, 5, 14, 15, 16, 18, 19, 20 **Default:** 1 **dhcp-server** **Description:** dhcp-server is a **JSON Block**. Please see below for :ref:`4063_dhcp-server` **Type:** Object **disable-rekey** **Description** Disable initiating rekey **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dpd** **Description:** dpd is a **JSON Block**. Please see below for :ref:`4063_dpd` **Type:** Object **enc-cfg** **Type:** List **fragment-size** **Description** Enable IKE message fragment and set fragment size **Type:** number **Range:** 576-1280 **hash** **Description** 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; **Type:** string **Supported Values:** sha256, sha384, sha512 **ike-version** **Description** 'v1': IKEv1 key exchange; 'v2': IKEv2 key exchange; **Type:** string **Supported Values:** v1, v2 **Default:** v2 **interface-management** **Description** only handle traffic on management interface, share partition only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key** **Description** Private Key **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key-passphrase** **Description** Private Key Pass Phrase **Type:** string **Format:** password **Maximum Length:** 127 characters **Maximum Length:** 1 characters **key-passphrase-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string) **lifetime** **Description** IKE SA age in seconds **Type:** number **Range:** 300-86400 **Default:** 86400 **local-address** **Description:** local-address is a **JSON Block**. Please see below for :ref:`4063_local-address` **Type:** Object **local-cert** **Description:** local-cert is a **JSON Block**. Please see below for :ref:`4063_local-cert` **Type:** Object **local-id** **Description** Local Gateway Identity **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **mode** **Description** 'main': Negotiate Main mode (Default); 'aggressive': Negotiate Aggressive mode; **Type:** string **Supported Values:** main, aggressive **Default:** main **name** **Description** IKE-gateway name **Type:** string **Maximum Length:** 31 characters **Maximum Length:** 1 characters **nat-traversal** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preshare-key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string) **preshare-key-value** **Description** pre-shared key **Type:** string **Format:** password **Maximum Length:** 127 characters **Maximum Length:** 1 characters **radius-server** **Description:** radius-server is a **JSON Block**. Please see below for :ref:`4063_radius-server` **Type:** Object **remote-address** **Description:** remote-address is a **JSON Block**. Please see below for :ref:`4063_remote-address` **Type:** Object **remote-ca-cert** **Description:** remote-ca-cert is a **JSON Block**. Please see below for :ref:`4063_remote-ca-cert` **Type:** Object **remote-id** **Description** Remote Gateway Identity **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **vrid** **Description:** vrid is a **JSON Block**. Please see below for :ref:`4063_vrid` **Type:** Object .. _4063_local-cert: local-cert ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **local-cert-name** **Description** Certificate File Name **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters .. _4063_dhcp-server: dhcp-server ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **pri** **Description:** pri is a **JSON Block**. Please see below for :ref:`4063_dhcp-server_pri` **Type:** Object **sec** **Description:** sec is a **JSON Block**. Please see below for :ref:`4063_dhcp-server_sec` **Type:** Object .. _4063_dhcp-server_sec: dhcp-server_sec ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dhcp-sec-ipv4** **Description** Secondary DHCP Server IP Address **Type:** string **Format:** ipv4-address .. _4063_dhcp-server_pri: dhcp-server_pri ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dhcp-pri-ipv4** **Description** Primary DHCP Server IP Address **Type:** string **Format:** ipv4-address .. _4063_enc-cfg: enc-cfg ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encryption** **Description** 'des': Data Encryption Standard algorithm; '3des': Triple Data Encryption Standard algorithm; 'aes-128': Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); 'aes-192': Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); 'aes-256': Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); 'aes-gcm-128': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes), only for IKEv2; 'aes-gcm-192': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes), only for IKEv2; 'aes-gcm-256': Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes), only for IKEv2; 'null': No encryption algorithm, only for IKEv2; **Type:** string **Supported Values:** des, 3des, aes-128, aes-192, aes-256, aes-gcm-128, aes-gcm-192, aes-gcm-256, null **gcm_priority** **Description** Prioritizes (1-10) security protocol, least value has highest priority **Type:** number **Range:** 1-10 **Default:** 5 **hash** **Description** 'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; **Type:** string **Supported Values:** md5, sha1, sha256, sha384, sha512 **prf** **Description** 'md5': MD5 Dessage-Digest Algorithm; 'sha1': Secure Hash Algorithm 1; 'sha256': Secure Hash Algorithm 256; 'sha384': Secure Hash Algorithm 384; 'sha512': Secure Hash Algorithm 512; **Type:** string **Supported Values:** md5, sha1, sha256, sha384, sha512 **priority** **Description** Prioritizes (1-10) security protocol, least value has highest priority **Type:** number **Range:** 1-10 **Default:** 5 .. _4063_vrid: vrid ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default** **Description** Default VRRP-A vrid **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** default and vrid-num are mutually exclusive **vrid-num** **Description** Specify ha VRRP-A vrid **Type:** number **Range:** 0-31 **Mutual Exclusion:** vrid-num and default are mutually exclusive .. _4063_radius-server: radius-server ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **radius-pri** **Description** Primary RADIUS Authentication Server **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/radius/instance ` **radius-sec** **Description** Secondary RADIUS Authentication Server **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/radius/instance ` .. _4063_local-address: local-address ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **local-ip** **Description** Ipv4 address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** local-ip and local-ipv6 are mutually exclusive **local-ipv6** **Description** Ipv6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** local-ipv6 and local-ip are mutually exclusive .. _4063_remote-address: remote-address ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** Remote IP based on Domain name **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns, remote-ip, and remote-ipv6 are mutually exclusive **remote-ip** **Description** Ipv4 address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** remote-ip, dns, and remote-ipv6 are mutually exclusive **remote-ipv6** **Description** Ipv6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** remote-ipv6, remote-ip, and dns are mutually exclusive .. _4063_remote-ca-cert: remote-ca-cert ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **remote-cert-name** **Description** Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _4063_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'v2-init-rekey': Initiate Rekey; 'v2-rsp-rekey': Respond Rekey; 'v2-child-sa-rekey': Child SA Rekey; 'v2-in-invalid': Incoming Invalid; 'v2-in-invalid-spi': Incoming Invalid SPI; 'v2-in-init-req': Incoming Init Request; 'v2-in-init-rsp': Incoming Init Response; 'v2-out-init-req': Outgoing Init Request; 'v2-out-init-rsp': Outgoing Init Response; 'v2-in-auth-req': Incoming Auth Request; 'v2-in-auth-rsp': Incoming Auth Response; 'v2-out-auth-req': Outgoing Auth Request; 'v2-out-auth-rsp': Outgoing Auth Response; 'v2-in-create-child-req': Incoming Create Child Request; 'v2-in-create-child-rsp': Incoming Create Child Response; 'v2-out-create-child-req': Outgoing Create Child Request; 'v2-out-create-child-rsp': Outgoing Create Child Response; 'v2-in-info-req': Incoming Info Request; 'v2-in-info-rsp': Incoming Info Response; 'v2-out-info-req': Outgoing Info Request; 'v2-out-info-rsp': Outgoing Info Response; 'v1-in-id-prot-req': Incoming ID Protection Request; 'v1-in-id-prot-rsp': Incoming ID Protection Response; 'v1-out-id-prot-req': Outgoing ID Protection Request; 'v1-out-id-prot-rsp': Outgoing ID Protection Response; 'v1-in-auth-only-req': Incoming Auth Only Request; 'v1-in-auth-only-rsp': Incoming Auth Only Response; 'v1-out-auth-only-req': Outgoing Auth Only Request; 'v1-out-auth-only-rsp': Outgoing Auth Only Response; 'v1-in-aggressive-req': Incoming Aggressive Request; 'v1-in-aggressive-rsp': Incoming Aggressive Response; 'v1-out-aggressive-req': Outgoing Aggressive Request; 'v1-out-aggressive-rsp': Outgoing Aggressive Response; 'v1-in-info-v1-req': Incoming Info Request; 'v1-in-info-v1-rsp': Incoming Info Response; 'v1-out-info-v1-req': Outgoing Info Request; 'v1-out-info-v1-rsp': Outgoing Info Response; 'v1-in-transaction-req': Incoming Transaction Request; 'v1-in-transaction-rsp': Incoming Transaction Response; 'v1-out-transaction-req': Outgoing Transaction Request; 'v1-out-transaction-rsp': Outgoing Transaction Response; 'v1-in-quick-mode-req': Incoming Quick Mode Request; 'v1-in-quick-mode-rsp': Incoming Quick Mode Response; 'v1-out-quick-mode-req': Outgoing Quick Mode Request; 'v1-out-quick-mode-rsp': Outgoing Quick Mode Response; 'v1-in-new-group-mode-req': Incoming New Group Mode Request; 'v1-in-new-group-mode-rsp': Incoming New Group Mode Response; 'v1-out-new-group-mode-req': Outgoing New Group Mode Request; 'v1-out-new-group-mode-rsp': Outgoing New Group Mode Response; 'v1-child-sa-invalid-spi': Invalid SPI for Child SAs; 'v2-child-sa-invalid-spi': Invalid SPI for Child SAs; 'ike-current-version': IKE version; **Type:** string **Supported Values:** all, v2-init-rekey, v2-rsp-rekey, v2-child-sa-rekey, v2-in-invalid, v2-in-invalid-spi, v2-in-init-req, v2-in-init-rsp, v2-out-init-req, v2-out-init-rsp, v2-in-auth-req, v2-in-auth-rsp, v2-out-auth-req, v2-out-auth-rsp, v2-in-create-child-req, v2-in-create-child-rsp, v2-out-create-child-req, v2-out-create-child-rsp, v2-in-info-req, v2-in-info-rsp, v2-out-info-req, v2-out-info-rsp, v1-in-id-prot-req, v1-in-id-prot-rsp, v1-out-id-prot-req, v1-out-id-prot-rsp, v1-in-auth-only-req, v1-in-auth-only-rsp, v1-out-auth-only-req, v1-out-auth-only-rsp, v1-in-aggressive-req, v1-in-aggressive-rsp, v1-out-aggressive-req, v1-out-aggressive-rsp, v1-in-info-v1-req, v1-in-info-v1-rsp, v1-out-info-v1-req, v1-out-info-v1-rsp, v1-in-transaction-req, v1-in-transaction-rsp, v1-out-transaction-req, v1-out-transaction-rsp, v1-in-quick-mode-req, v1-in-quick-mode-rsp, v1-out-quick-mode-req, v1-out-quick-mode-rsp, v1-in-new-group-mode-req, v1-in-new-group-mode-rsp, v1-out-new-group-mode-req, v1-out-new-group-mode-rsp, v1-child-sa-invalid-spi, v2-child-sa-invalid-spi, ike-current-version .. _4063_dpd: dpd ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **interval** **Description** Interval time in seconds **Type:** number **Range:** 1-3600 **retry** **Description** Retry times **Type:** number **Range:** 1-10