vpn ike-gateway¶
IKE-gateway settings
ike-gateway Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name ike-gateway-list Collection URI /axapi/v3/vpn/ike-gateway Element Name ike-gateway Element URI /axapi/v3/vpn/ike-gateway/{name} Element Attributes ike-gateway_attributes Partition Visibility shared Statistics Data URI /axapi/v3/vpn/ike-gateway/{name}/stats Operational Data URI /axapi/v3/vpn/ike-gateway/{name}/oper Schema ike-gateway schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/vpn/ike-gateway | ||
Create List | POST | /axapi/v3/vpn/ike-gateway | ||
Get Object | GET | /axapi/v3/vpn/ike-gateway/{name} | ||
Get List | GET | /axapi/v3/vpn/ike-gateway | ||
Modify Object | POST | /axapi/v3/vpn/ike-gateway/{name} | ||
Replace Object | PUT | /axapi/v3/vpn/ike-gateway/{name} | ||
Replace List | PUT | /axapi/v3/vpn/ike-gateway | ||
Delete Object | DELETE | /axapi/v3/vpn/ike-gateway/{name} | ||
ike-gateway-list¶
ike-gateway-list is JSON List of ike-gateway attributes
ike-gateway-list : [
]
ike-gateway attributes¶
auth-method
Description ‘preshare-key’: Authenticate the remote gateway using a pre-shared key (Default); ‘rsa-signature’: Authenticate the remote gateway using an RSA certificate; ‘ecdsa-signature’: Authenticate the remote gateway using an ECDSA certificate; ‘eap-radius’: Authenticate the remote gateway using an EAP Radius server; ‘eap-tls’: Authenticate the remote gateway using EAP TLS;
Type: string
Supported Values: preshare-key, rsa-signature, ecdsa-signature, eap-radius, eap-tls
Default: preshare-key
configuration-payload
Description ‘dhcp’: Enable DHCP configuration-payload; ‘radius’: Enable RADIUS configuration-payload;
Type: string
Supported Values: dhcp, radius
dh-group
Description ‘1’: Diffie-Hellman group 1 - 768-bit(Default); ‘2’: Diffie-Hellman group 2 - 1024-bit; ‘5’: Diffie-Hellman group 5 - 1536-bit; ‘14’: Diffie-Hellman group 14 - 2048-bit; ‘15’: Diffie-Hellman group 15 - 3072-bit; ‘16’: Diffie-Hellman group 16 - 4096-bit; ‘18’: Diffie-Hellman group 18 - 8192-bit; ‘19’: Diffie-Hellman group 19 - 256-bit Elliptic Curve; ‘20’: Diffie-Hellman group 20 - 384-bit Elliptic Curve;
Type: string
Supported Values: 1, 2, 5, 14, 15, 16, 18, 19, 20
Default: 1
dhcp-server
Description: dhcp-server is a JSON Block. Please see below for dhcp-server
Type: Object
disable-rekey
Description Disable initiating rekey
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dpd
Description: dpd is a JSON Block. Please see below for dpd
Type: Object
enc-cfg
Type: Listfragment-size
Description Enable IKE message fragment and set fragment size
Type: number
Range: 576-1280
hash
Description ‘sha256’: Secure Hash Algorithm 256; ‘sha384’: Secure Hash Algorithm 384; ‘sha512’: Secure Hash Algorithm 512;
Type: string
Supported Values: sha256, sha384, sha512
ike-version
Description ‘v1’: IKEv1 key exchange; ‘v2’: IKEv2 key exchange;
Type: string
Supported Values: v1, v2
Default: v2
interface-management
Description only handle traffic on management interface, share partition only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key
Description Private Key
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key-passphrase
Description Private Key Pass Phrase
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
key-passphrase-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED key string)lifetime
Description IKE SA age in seconds
Type: number
Range: 300-86400
Default: 86400
local-address
Description: local-address is a JSON Block. Please see below for local-address
Type: Object
local-cert
Description: local-cert is a JSON Block. Please see below for local-cert
Type: Object
local-id
Description Local Gateway Identity
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
mode
Description ‘main’: Negotiate Main mode (Default); ‘aggressive’: Negotiate Aggressive mode;
Type: string
Supported Values: main, aggressive
Default: main
name
Description IKE-gateway name
Type: string
Maximum Length: 31 characters
Maximum Length: 1 characters
nat-traversal
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preshare-key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string)preshare-key-value
Description pre-shared key
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
radius-server
Description: radius-server is a JSON Block. Please see below for radius-server
Type: Object
remote-address
Description: remote-address is a JSON Block. Please see below for remote-address
Type: Object
remote-ca-cert
Description: remote-ca-cert is a JSON Block. Please see below for remote-ca-cert
Type: Object
remote-id
Description Remote Gateway Identity
Type: string
Format: string-rlx
Maximum Length: 255 characters
Maximum Length: 1 characters
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vrid
Description: vrid is a JSON Block. Please see below for vrid
Type: Object
local-cert¶
Specification Value Type object local-cert-name
Description Certificate File Name
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
dhcp-server¶
Specification Value Type object pri
Description: pri is a JSON Block. Please see below for dhcp-server_pri
Type: Object
sec
Description: sec is a JSON Block. Please see below for dhcp-server_sec
Type: Object
dhcp-server_sec¶
Specification Value Type object dhcp-sec-ipv4
Description Secondary DHCP Server IP Address
Type: string
Format: ipv4-address
dhcp-server_pri¶
Specification Value Type object dhcp-pri-ipv4
Description Primary DHCP Server IP Address
Type: string
Format: ipv4-address
enc-cfg¶
Specification Value Type list Block object keys encryption
Description ‘des’: Data Encryption Standard algorithm; ‘3des’: Triple Data Encryption Standard algorithm; ‘aes-128’: Advanced Encryption Standard algorithm CBC Mode(key size: 128 bits); ‘aes-192’: Advanced Encryption Standard algorithm CBC Mode(key size: 192 bits); ‘aes-256’: Advanced Encryption Standard algorithm CBC Mode(key size: 256 bits); ‘aes-gcm-128’: Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 128 bits, ICV size: 16 bytes), only for IKEv2; ‘aes-gcm-192’: Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 192 bits, ICV size: 16 bytes), only for IKEv2; ‘aes-gcm-256’: Advanced Encryption Standard algorithm Galois/Counter Mode(key size: 256 bits, ICV size: 16 bytes), only for IKEv2; ‘null’: No encryption algorithm, only for IKEv2;
Type: string
Supported Values: des, 3des, aes-128, aes-192, aes-256, aes-gcm-128, aes-gcm-192, aes-gcm-256, null
gcm_priority
Description Prioritizes (1-10) security protocol, least value has highest priority
Type: number
Range: 1-10
Default: 5
hash
Description ‘md5’: MD5 Dessage-Digest Algorithm; ‘sha1’: Secure Hash Algorithm 1; ‘sha256’: Secure Hash Algorithm 256; ‘sha384’: Secure Hash Algorithm 384; ‘sha512’: Secure Hash Algorithm 512;
Type: string
Supported Values: md5, sha1, sha256, sha384, sha512
prf
Description ‘md5’: MD5 Dessage-Digest Algorithm; ‘sha1’: Secure Hash Algorithm 1; ‘sha256’: Secure Hash Algorithm 256; ‘sha384’: Secure Hash Algorithm 384; ‘sha512’: Secure Hash Algorithm 512;
Type: string
Supported Values: md5, sha1, sha256, sha384, sha512
priority
Description Prioritizes (1-10) security protocol, least value has highest priority
Type: number
Range: 1-10
Default: 5
vrid¶
Specification Value Type object default
Description Default VRRP-A vrid
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: default and vrid-num are mutually exclusive
vrid-num
Description Specify ha VRRP-A vrid
Type: number
Range: 0-31
Mutual Exclusion: vrid-num and default are mutually exclusive
radius-server¶
Specification Value Type object radius-pri
Description Primary RADIUS Authentication Server
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/radius/instance
radius-sec
Description Secondary RADIUS Authentication Server
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/aam/authentication/server/radius/instance
local-address¶
Specification Value Type object local-ip
Description Ipv4 address
Type: string
Format: ipv4-address
Mutual Exclusion: local-ip and local-ipv6 are mutually exclusive
local-ipv6
Description Ipv6 address
Type: string
Format: ipv6-address
Mutual Exclusion: local-ipv6 and local-ip are mutually exclusive
remote-address¶
Specification Value Type object dns
Description Remote IP based on Domain name
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: dns, remote-ip, and remote-ipv6 are mutually exclusive
remote-ip
Description Ipv4 address
Type: string
Format: ipv4-address
Mutual Exclusion: remote-ip, dns, and remote-ipv6 are mutually exclusive
remote-ipv6
Description Ipv6 address
Type: string
Format: ipv6-address
Mutual Exclusion: remote-ipv6, remote-ip, and dns are mutually exclusive
remote-ca-cert¶
Specification Value Type object remote-cert-name
Description Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘v2-init-rekey’: Initiate Rekey; ‘v2-rsp-rekey’: Respond Rekey; ‘v2-child-sa-rekey’: Child SA Rekey; ‘v2-in-invalid’: Incoming Invalid; ‘v2-in-invalid-spi’: Incoming Invalid SPI; ‘v2-in-init-req’: Incoming Init Request; ‘v2-in-init-rsp’: Incoming Init Response; ‘v2-out-init-req’: Outgoing Init Request; ‘v2-out-init-rsp’: Outgoing Init Response; ‘v2-in-auth-req’: Incoming Auth Request; ‘v2-in-auth-rsp’: Incoming Auth Response; ‘v2-out-auth-req’: Outgoing Auth Request; ‘v2-out-auth-rsp’: Outgoing Auth Response; ‘v2-in-create-child-req’: Incoming Create Child Request; ‘v2-in-create-child-rsp’: Incoming Create Child Response; ‘v2-out-create-child-req’: Outgoing Create Child Request; ‘v2-out-create-child-rsp’: Outgoing Create Child Response; ‘v2-in-info-req’: Incoming Info Request; ‘v2-in-info-rsp’: Incoming Info Response; ‘v2-out-info-req’: Outgoing Info Request; ‘v2-out-info-rsp’: Outgoing Info Response; ‘v1-in-id-prot-req’: Incoming ID Protection Request; ‘v1-in-id-prot-rsp’: Incoming ID Protection Response; ‘v1-out-id-prot-req’: Outgoing ID Protection Request; ‘v1-out-id-prot-rsp’: Outgoing ID Protection Response; ‘v1-in-auth-only-req’: Incoming Auth Only Request; ‘v1-in-auth-only-rsp’: Incoming Auth Only Response; ‘v1-out-auth-only-req’: Outgoing Auth Only Request; ‘v1-out-auth-only-rsp’: Outgoing Auth Only Response; ‘v1-in-aggressive-req’: Incoming Aggressive Request; ‘v1-in-aggressive-rsp’: Incoming Aggressive Response; ‘v1-out-aggressive-req’: Outgoing Aggressive Request; ‘v1-out-aggressive-rsp’: Outgoing Aggressive Response; ‘v1-in-info-v1-req’: Incoming Info Request; ‘v1-in-info-v1-rsp’: Incoming Info Response; ‘v1-out-info-v1-req’: Outgoing Info Request; ‘v1-out-info-v1-rsp’: Outgoing Info Response; ‘v1-in-transaction-req’: Incoming Transaction Request; ‘v1-in-transaction-rsp’: Incoming Transaction Response; ‘v1-out-transaction-req’: Outgoing Transaction Request; ‘v1-out-transaction-rsp’: Outgoing Transaction Response; ‘v1-in-quick-mode-req’: Incoming Quick Mode Request; ‘v1-in-quick-mode-rsp’: Incoming Quick Mode Response; ‘v1-out-quick-mode-req’: Outgoing Quick Mode Request; ‘v1-out-quick-mode-rsp’: Outgoing Quick Mode Response; ‘v1-in-new-group-mode-req’: Incoming New Group Mode Request; ‘v1-in-new-group-mode-rsp’: Incoming New Group Mode Response; ‘v1-out-new-group-mode-req’: Outgoing New Group Mode Request; ‘v1-out-new-group-mode-rsp’: Outgoing New Group Mode Response; ‘v1-child-sa-invalid-spi’: Invalid SPI for Child SAs; ‘v2-child-sa-invalid-spi’: Invalid SPI for Child SAs; ‘ike-current-version’: IKE version;
Type: string
Supported Values: all, v2-init-rekey, v2-rsp-rekey, v2-child-sa-rekey, v2-in-invalid, v2-in-invalid-spi, v2-in-init-req, v2-in-init-rsp, v2-out-init-req, v2-out-init-rsp, v2-in-auth-req, v2-in-auth-rsp, v2-out-auth-req, v2-out-auth-rsp, v2-in-create-child-req, v2-in-create-child-rsp, v2-out-create-child-req, v2-out-create-child-rsp, v2-in-info-req, v2-in-info-rsp, v2-out-info-req, v2-out-info-rsp, v1-in-id-prot-req, v1-in-id-prot-rsp, v1-out-id-prot-req, v1-out-id-prot-rsp, v1-in-auth-only-req, v1-in-auth-only-rsp, v1-out-auth-only-req, v1-out-auth-only-rsp, v1-in-aggressive-req, v1-in-aggressive-rsp, v1-out-aggressive-req, v1-out-aggressive-rsp, v1-in-info-v1-req, v1-in-info-v1-rsp, v1-out-info-v1-req, v1-out-info-v1-rsp, v1-in-transaction-req, v1-in-transaction-rsp, v1-out-transaction-req, v1-out-transaction-rsp, v1-in-quick-mode-req, v1-in-quick-mode-rsp, v1-out-quick-mode-req, v1-out-quick-mode-rsp, v1-in-new-group-mode-req, v1-in-new-group-mode-rsp, v1-out-new-group-mode-req, v1-out-new-group-mode-rsp, v1-child-sa-invalid-spi, v2-child-sa-invalid-spi, ike-current-version
dpd¶
Specification Value Type object interval
Description Interval time in seconds
Type: number
Range: 1-3600
retry
Description Retry times
Type: number
Range: 1-10