vpn

VPN Commands.

vpn Specification

Type Configuration Resource
Element Name vpn
Element URI /axapi/v3/vpn
Element Attributes vpn_attributes
Statistics Data URI /axapi/v3/vpn/stats
Operational Data URI /axapi/v3/vpn/oper
Schema vpn schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/vpn

vpn Attributes

Get Object

GET

/axapi/v3/vpn

vpn Attributes

Modify Object

POST

/axapi/v3/vpn

vpn Attributes

Replace Object

PUT

/axapi/v3/vpn

vpn Attributes

Delete Object

DELETE

/axapi/v3/vpn

vpn Attributes

Get Stats

GET

/axapi/v3/vpn/stats

stats data

Get Oper

GET

/axapi/v3/vpn/oper

operational data

vpn Attributes

asymmetric-flow-support

Description: Enable asymmetric flow support for IPsec tunnels.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fragment-after-encap

Description: Configure fragmentation of packets after encapsulation in IPsec tunnel headers.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: fragment-after-encap and jumbo-fragment are mutually exclusive

ike-gateway-list

Description: ike-gateway-list is a JSON List . Please see below for ike-gateway-list

Type: List

Reference Object: /axapi/v3/vpn/ike-gateway/{name}

ike-sa-timeout

Description: Timeout IKE-SA in connecting state in seconds (default 600s)

Type: number

Range: 300-86400

Default: 600

ike-stats-global

Description: ike-stats-global is a JSON Block . Please see below for ike-stats-global

Type: Object

Reference Object: /axapi/v3/vpn/ike-stats-global

ipsec-list

Description: ipsec-list is a JSON List . Please see below for ipsec-list

Type: List

Reference Object: /axapi/v3/vpn/ipsec/{name}

jumbo-fragment

Description: Enable support for IKE jumbo frame fragmentation.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: jumbo-fragment and fragment-after-encap are mutually exclusive

nat-traversal-flow-affinity

Description: Choose IPsec UDP source port based on port of inner flow.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

revocation-list

Description: revocation-list is a JSON List . Please see below for revocation-list

Type: List

Reference Object: /axapi/v3/vpn/revocation/{name}

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

stateful-mode

Description: Configure the ACOS device to setup sessions for IPsec traffic.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-mss-adjust-disable

Description: Disable TCP MSS adjustment in SYN packet to avoid fragmentation overhead.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description: uuid of the object

Type: string

revocation-list

Specification
Type list
Block object keys

ca

Description: Certificate Authority file name

Type: string

crl

Description: crl is a JSON Block . Please see below for l34_crl

Type: Object

name

Description: Revocation name

Type: string

ocsp

Description: ocsp is a JSON Block . Please see below for l34_ocsp

Type: Object

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

revocation-list.ocsp

Specification
Type object

ocsp-pri

Description: Primary OCSP Authentication Server

Type: string

Reference Object: /axapi/v3/aam/authentication/server/ocsp/instance

ocsp-sec

Description: Secondary OCSP Authentication Server

Type: string

Reference Object: /axapi/v3/aam/authentication/server/ocsp/instance

revocation-list.crl

Specification
Type object

crl-pri

Description: Primary CRL URL ( http://www.example.com/ocsp ) (only .der filetypes)

Type: string

Format: string-rlx

crl-sec

Description: Secondary CRL URL ( http://www.example.com/ocsp ) (only .der filetypes)

Type: string

Format: string-rlx

ike-stats-global

Specification
Type object

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

uuid

Description: uuid of the object

Type: string

ike-stats-global.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘v2-init-rekey’: Initiate Rekey; ‘v2-rsp-rekey’: Respond Rekey; ‘v2-child-sa-rekey’: Child SA Rekey; ‘v2-in-invalid’: Incoming Invalid; ‘v2-in-invalid-spi’: Incoming Invalid SPI; ‘v2-in-init-req’: Incoming Init Request; ‘v2-in-init-rsp’: Incoming Init Response; ‘v2-out-init-req’: Outgoing Init Request; ‘v2-out-init-rsp’: Outgoing Init Response; ‘v2-in-auth-req’: Incoming Auth Request; ‘v2-in-auth-rsp’: Incoming Auth Response; ‘v2-out-auth-req’: Outgoing Auth Request; ‘v2-out-auth-rsp’: Outgoing Auth Response; ‘v2-in-create-child-req’: Incoming Create Child Request; ‘v2-in-create-child-rsp’: Incoming Create Child Response; ‘v2-out-create-child-req’: Outgoing Create Child Request; ‘v2-out-create-child-rsp’: Outgoing Create Child Response; ‘v2-in-info-req’: Incoming Info Request; ‘v2-in-info-rsp’: Incoming Info Response; ‘v2-out-info-req’: Outgoing Info Request; ‘v2-out-info-rsp’: Outgoing Info Response; ‘v1-in-id-prot-req’: Incoming ID Protection Request; ‘v1-in-id-prot-rsp’: Incoming ID Protection Response; ‘v1-out-id-prot-req’: Outgoing ID Protection Request; ‘v1-out-id-prot-rsp’: Outgoing ID Protection Response; ‘v1-in-auth-only-req’: Incoming Auth Only Request; ‘v1-in-auth-only-rsp’: Incoming Auth Only Response; ‘v1-out-auth-only-req’: Outgoing Auth Only Request; ‘v1-out-auth-only-rsp’: Outgoing Auth Only Response; ‘v1-in-aggressive-req’: Incoming Aggressive Request; ‘v1-in-aggressive-rsp’: Incoming Aggressive Response; ‘v1-out-aggressive-req’: Outgoing Aggressive Request; ‘v1-out-aggressive-rsp’: Outgoing Aggressive Response; ‘v1-in-info-v1-req’: Incoming Info Request; ‘v1-in-info-v1-rsp’: Incoming Info Response; ‘v1-out-info-v1-req’: Outgoing Info Request; ‘v1-out-info-v1-rsp’: Outgoing Info Response; ‘v1-in-transaction-req’: Incoming Transaction Request; ‘v1-in-transaction-rsp’: Incoming Transaction Response; ‘v1-out-transaction-req’: Outgoing Transaction Request; ‘v1-out-transaction-rsp’: Outgoing Transaction Response; ‘v1-in-quick-mode-req’: Incoming Quick Mode Request; ‘v1-in-quick-mode-rsp’: Incoming Quick Mode Response; ‘v1-out-quick-mode-req’: Outgoing Quick Mode Request; ‘v1-out-quick-mode-rsp’: Outgoing Quick Mode Response; ‘v1-in-new-group-mode-req’: Incoming New Group Mode Request; ‘v1-in-new-group-mode-rsp’: Incoming New Group Mode Response; ‘v1-out-new-group-mode-req’: Outgoing New Group Mode Request; ‘v1-out-new-group-mode-rsp’: Outgoing New Group Mode Response;

Type: string

Supported Values: all, v2-init-rekey, v2-rsp-rekey, v2-child-sa-rekey, v2-in-invalid, v2-in-invalid-spi, v2-in-init-req, v2-in-init-rsp, v2-out-init-req, v2-out-init-rsp, v2-in-auth-req, v2-in-auth-rsp, v2-out-auth-req, v2-out-auth-rsp, v2-in-create-child-req, v2-in-create-child-rsp, v2-out-create-child-req, v2-out-create-child-rsp, v2-in-info-req, v2-in-info-rsp, v2-out-info-req, v2-out-info-rsp, v1-in-id-prot-req, v1-in-id-prot-rsp, v1-out-id-prot-req, v1-out-id-prot-rsp, v1-in-auth-only-req, v1-in-auth-only-rsp, v1-out-auth-only-req, v1-out-auth-only-rsp, v1-in-aggressive-req, v1-in-aggressive-rsp, v1-out-aggressive-req, v1-out-aggressive-rsp, v1-in-info-v1-req, v1-in-info-v1-rsp, v1-out-info-v1-req, v1-out-info-v1-rsp, v1-in-transaction-req, v1-in-transaction-rsp, v1-out-transaction-req, v1-out-transaction-rsp, v1-in-quick-mode-req, v1-in-quick-mode-rsp, v1-out-quick-mode-req, v1-out-quick-mode-rsp, v1-in-new-group-mode-req, v1-in-new-group-mode-rsp, v1-out-new-group-mode-req, v1-out-new-group-mode-rsp

sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘passthrough’: passthrough;

Type: string

Supported Values: all, passthrough

ike-gateway-list

Specification
Type list
Block object keys

auth-method

Description: ‘preshare-key’: Authenticate the remote gateway using a pre-shared key (Default); ‘rsa-signature’: Authenticate the remote gateway using an RSA certificate;

Type: string

Supported Values: preshare-key, rsa-signature

Default: preshare-key

dh-group

Description: ‘1’: Diffie-Hellman group 1 (Default); ‘2’: Diffie-Hellman group 2; ‘5’: Diffie-Hellman group 5; ‘14’: Diffie-Hellman group 14; ‘15’: Diffie-Hellman group 15; ‘16’: Diffie-Hellman group 16; ‘18’: Diffie-Hellman group 18;

Type: string

Supported Values: 1, 2, 5, 14, 15, 16, 18

Default: 1

dpd

Description: dpd is a JSON Block . Please see below for l34_dpd

Type: Object

enc-cfg

Description: enc-cfg is a JSON List . Please see below for l34_enc-cfg

Type: List

ike-version

Description: ‘v1’: IKEv1 key exchange; ‘v2’: IKEv2 key exchange;

Type: string

Supported Values: v1, v2

Default: v2

key

Description: key is a JSON Block . Please see below for l34_key

Type: Object

lifetime

Description: IKE SA age in seconds

Type: number

Range: 300-86400

Default: 86400

local-address

Description: local-address is a JSON Block . Please see below for l34_local-address

Type: Object

local-cert

Description: local-cert is a JSON Block . Please see below for l34_local-cert

Type: Object

local-id

Description: Local Gateway Identity

Type: string

Format: string-rlx

mode

Description: ‘main’: Negotiate Main mode (Default); ‘aggressive’: Negotiate Aggressive mode;

Type: string

Supported Values: main, aggressive

Default: main

name

Description: IKE-gateway name

Type: string

nat-traversal

Description:

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preshare-key-encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED pre-shared key string)

preshare-key-value

Description: pre-shared key

Type: string

Format: password

remote-address

Description: remote-address is a JSON Block . Please see below for l34_remote-address

Type: Object

remote-ca-cert

Description: remote-ca-cert is a JSON Block . Please see below for l34_remote-ca-cert

Type: Object

remote-id

Description: Remote Gateway Identity

Type: string

Format: string-rlx

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

vrid

Description: vrid is a JSON Block . Please see below for l34_vrid

Type: Object

ike-gateway-list.local-cert

Specification
Type object

local-cert-name

Description: Certificate File Name

Type: string

ike-gateway-list.enc-cfg

Specification
Type list
Block object keys

encryption

Description: ‘des’: Data Encryption Standard algorithm; ‘3des’: Triple Data Encryption Standard algorithm; ‘aes-128’: Advanced Encryption Standard algorithm (key size: 128 bits); ‘aes-192’: Advanced Encryption Standard algorithm (key size: 192 bits); ‘aes-256’: Advanced Encryption Standard algorithm (key size: 256 bits); ‘null’: No encryption algorithm, only for IKEv2;

Type: string

Supported Values: des, 3des, aes-128, aes-192, aes-256, null

hash

Description: ‘md5’: MD5 Dessage-Digest Algorithm; ‘sha1’: Secure Hash Algorithm 1; ‘sha256’: Secure Hash Algorithm 256;

Type: string

Supported Values: md5, sha1, sha256

priority

Description: Prioritizes (1-10) security protocol, least value has highest priority

Type: number

Range: 1-10

Default: 5

ike-gateway-list.vrid

Specification
Type object

default

Description: Default VRRP-A vrid

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: default and vrid-num are mutually exclusive

vrid-num

Description: Specify ha VRRP-A vrid

Type: number

Range: 1-31

Mutual Exclusion: vrid-num and default are mutually exclusive

ike-gateway-list.local-address

Specification
Type object

local-ip

Description: Ipv4 address

Type: string

Format: ipv4-address

ike-gateway-list.key

Specification
Type object

key-name

Description: Private Key File Name

Type: string

key-passphrase

Description: Private Key Pass Phrase

Type: string

ike-gateway-list.remote-address

Specification
Type object

dns

Description: Remote IP based on Domain name

Type: string

Mutual Exclusion: dns and remote-ip are mutually exclusive

remote-ip

Description: Ipv4 address

Type: string

Format: ipv4-address

Mutual Exclusion: remote-ip and dns are mutually exclusive

ike-gateway-list.remote-ca-cert

Specification
Type object

remote-cert-name

Description: Remote CA certificate DN (C=, ST=, L=, O=, CN=) without emailAddress

Type: string

Format: string-rlx

ike-gateway-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘v2-init-rekey’: Initiate Rekey; ‘v2-rsp-rekey’: Respond Rekey; ‘v2-child-sa-rekey’: Child SA Rekey; ‘v2-in-invalid’: Incoming Invalid; ‘v2-in-invalid-spi’: Incoming Invalid SPI; ‘v2-in-init-req’: Incoming Init Request; ‘v2-in-init-rsp’: Incoming Init Response; ‘v2-out-init-req’: Outgoing Init Request; ‘v2-out-init-rsp’: Outgoing Init Response; ‘v2-in-auth-req’: Incoming Auth Request; ‘v2-in-auth-rsp’: Incoming Auth Response; ‘v2-out-auth-req’: Outgoing Auth Request; ‘v2-out-auth-rsp’: Outgoing Auth Response; ‘v2-in-create-child-req’: Incoming Create Child Request; ‘v2-in-create-child-rsp’: Incoming Create Child Response; ‘v2-out-create-child-req’: Outgoing Create Child Request; ‘v2-out-create-child-rsp’: Outgoing Create Child Response; ‘v2-in-info-req’: Incoming Info Request; ‘v2-in-info-rsp’: Incoming Info Response; ‘v2-out-info-req’: Outgoing Info Request; ‘v2-out-info-rsp’: Outgoing Info Response; ‘v1-in-id-prot-req’: Incoming ID Protection Request; ‘v1-in-id-prot-rsp’: Incoming ID Protection Response; ‘v1-out-id-prot-req’: Outgoing ID Protection Request; ‘v1-out-id-prot-rsp’: Outgoing ID Protection Response; ‘v1-in-auth-only-req’: Incoming Auth Only Request; ‘v1-in-auth-only-rsp’: Incoming Auth Only Response; ‘v1-out-auth-only-req’: Outgoing Auth Only Request; ‘v1-out-auth-only-rsp’: Outgoing Auth Only Response; ‘v1-in-aggressive-req’: Incoming Aggressive Request; ‘v1-in-aggressive-rsp’: Incoming Aggressive Response; ‘v1-out-aggressive-req’: Outgoing Aggressive Request; ‘v1-out-aggressive-rsp’: Outgoing Aggressive Response; ‘v1-in-info-v1-req’: Incoming Info Request; ‘v1-in-info-v1-rsp’: Incoming Info Response; ‘v1-out-info-v1-req’: Outgoing Info Request; ‘v1-out-info-v1-rsp’: Outgoing Info Response; ‘v1-in-transaction-req’: Incoming Transaction Request; ‘v1-in-transaction-rsp’: Incoming Transaction Response; ‘v1-out-transaction-req’: Outgoing Transaction Request; ‘v1-out-transaction-rsp’: Outgoing Transaction Response; ‘v1-in-quick-mode-req’: Incoming Quick Mode Request; ‘v1-in-quick-mode-rsp’: Incoming Quick Mode Response; ‘v1-out-quick-mode-req’: Outgoing Quick Mode Request; ‘v1-out-quick-mode-rsp’: Outgoing Quick Mode Response; ‘v1-in-new-group-mode-req’: Incoming New Group Mode Request; ‘v1-in-new-group-mode-rsp’: Incoming New Group Mode Response; ‘v1-out-new-group-mode-req’: Outgoing New Group Mode Request; ‘v1-out-new-group-mode-rsp’: Outgoing New Group Mode Response; ‘v1-child-sa-invalid-spi’: Invalid SPI for Child SAs; ‘ike-current-version’: IKE version;

Type: string

Supported Values: all, v2-init-rekey, v2-rsp-rekey, v2-child-sa-rekey, v2-in-invalid, v2-in-invalid-spi, v2-in-init-req, v2-in-init-rsp, v2-out-init-req, v2-out-init-rsp, v2-in-auth-req, v2-in-auth-rsp, v2-out-auth-req, v2-out-auth-rsp, v2-in-create-child-req, v2-in-create-child-rsp, v2-out-create-child-req, v2-out-create-child-rsp, v2-in-info-req, v2-in-info-rsp, v2-out-info-req, v2-out-info-rsp, v1-in-id-prot-req, v1-in-id-prot-rsp, v1-out-id-prot-req, v1-out-id-prot-rsp, v1-in-auth-only-req, v1-in-auth-only-rsp, v1-out-auth-only-req, v1-out-auth-only-rsp, v1-in-aggressive-req, v1-in-aggressive-rsp, v1-out-aggressive-req, v1-out-aggressive-rsp, v1-in-info-v1-req, v1-in-info-v1-rsp, v1-out-info-v1-req, v1-out-info-v1-rsp, v1-in-transaction-req, v1-in-transaction-rsp, v1-out-transaction-req, v1-out-transaction-rsp, v1-in-quick-mode-req, v1-in-quick-mode-rsp, v1-out-quick-mode-req, v1-out-quick-mode-rsp, v1-in-new-group-mode-req, v1-in-new-group-mode-rsp, v1-out-new-group-mode-req, v1-out-new-group-mode-rsp, v1-child-sa-invalid-spi, ike-current-version

ike-gateway-list.dpd

Specification
Type object

interval

Description: Interval time in seconds

Type: number

Range: 10-3600

retry

Description: Retry times

Type: number

Range: 1-10

ipsec-list

Specification
Type list
Block object keys

anti-replay-window

Description: ‘0’: Disable Anti-Replay Window Check; ‘16’: Window Size of 16 bits; ‘32’: Window Size of 32 bits; ‘64’: Window Size of 64 bits; ‘128’: Window Size of 128 bits; ‘256’: Window Size of 256 bits;

Type: string

Supported Values: 0, 16, 32, 64, 128, 256

Default: 0

bind-tunnel

Description: bind-tunnel is a JSON Block . Please see below for l34_bind-tunnel

Type: Object

Reference Object: /axapi/v3/vpn/ipsec/{name}/bind-tunnel

dh-group

Description: ‘0’: Diffie-Hellman group 0 (Default); ‘1’: Diffie-Hellman group 1; ‘2’: Diffie-Hellman group 2; ‘5’: Diffie-Hellman group 5; ‘14’: Diffie-Hellman group 14; ‘15’: Diffie-Hellman group 15; ‘16’: Diffie-Hellman group 16; ‘18’: Diffie-Hellman group 18;

Type: string

Supported Values: 0, 1, 2, 5, 14, 15, 16, 18

Default: 0

enc-cfg

Description: enc-cfg is a JSON List . Please see below for l34_enc-cfg

Type: List

ike-gateway

Description: Gateway to use for IPsec SA

Type: string

Reference Object: /axapi/v3/vpn/ike-gateway

lifebytes

Description: IPsec SA age in megabytes (0 indicates unlimited bytes)

Type: number

Range: 0-8000000

Default: 0

lifetime

Description: IPsec SA age in seconds

Type: number

Range: 300-28800

Default: 28800

mode

Description: ‘tunnel’: Encapsulating the packet in IPsec tunnel mode (Default);

Type: string

Supported Values: tunnel

Default: tunnel

name

Description: IPsec name

Type: string

proto

Description: ‘esp’: Encapsulating security protocol (Default);

Type: string

Supported Values: esp

Default: esp

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

sequence-number-disable

Description: Do not use incremental sequence number in the ESP header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

traffic-selector

Description: traffic-selector is a JSON Block . Please see below for l34_traffic-selector

Type: Object

up

Description: Initiates SA negotiation to bring the IPsec connection up

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

ipsec-list.bind-tunnel

Specification
Type object

next-hop

Description: IPsec Next Hop IP Address

Type: string

Format: ipv4-address

tunnel

Description: Tunnel interface index

Type: number

Range: 1-128

Reference Object: /axapi/v3/interface/tunnel

uuid

Description: uuid of the object

Type: string

ipsec-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘packets-encrypted’: Encrypted Packets; ‘packets-decrypted’: Decrypted Packets; ‘anti-replay-num’: Anti-Replay Failure; ‘rekey-num’: Rekey Times; ‘packets-err-inactive’: Inactive Error; ‘packets-err-encryption’: Encryption Error; ‘packets-err-pad-check’: Pad Check Error; ‘packets-err-pkt-sanity’: Packets Sanity Error; ‘packets-err-icv-check’: ICV Check Error; ‘packets-err-lifetime-lifebytes’: Lifetime Lifebytes Error; ‘bytes-encrypted’: Encrypted Bytes; ‘bytes-decrypted’: Decrypted Bytes; ‘prefrag-success’: Pre-frag Success; ‘prefrag-error’: Pre-frag Error; ‘cavium-bytes-encrypted’: CAVIUM Encrypted Bytes; ‘cavium-bytes-decrypted’: CAVIUM Decrypted Bytes; ‘cavium-packets-encrypted’: CAVIUM Encrypted Packets; ‘cavium-packets-decrypted’: CAVIUM Decrypted Packets; ‘tunnel-intf-down’: Packet dropped: Tunnel Interface Down; ‘pkt-fail-prep-to-send’: Packet dropped: Failed in prepare to send; ‘no-next-hop’: Packet dropped: No next hop; ‘invalid-tunnel-id’: Packet dropped: Invalid tunnel ID; ‘no-tunnel-found’: Packet dropped: No tunnel found; ‘pkt-fail-to-send’: Packet dropped: Failed to send;

Type: string

Supported Values: all, packets-encrypted, packets-decrypted, anti-replay-num, rekey-num, packets-err-inactive, packets-err-encryption, packets-err-pad-check, packets-err-pkt-sanity, packets-err-icv-check, packets-err-lifetime-lifebytes, bytes-encrypted, bytes-decrypted, prefrag-success, prefrag-error, cavium-bytes-encrypted, cavium-bytes-decrypted, cavium-packets-encrypted, cavium-packets-decrypted, tunnel-intf-down, pkt-fail-prep-to-send, no-next-hop, invalid-tunnel-id, no-tunnel-found, pkt-fail-to-send

ipsec-list.traffic-selector

Specification
Type object

ipv4

Description: ipv4 is a JSON Block . Please see below for l34_ipv4

Type: Object

ipsec-list.traffic-selector.ipv4

Specification
Type object

local

Description: Local Traffic Selector

Type: string

Format: ipv4-address

local_netmask

Description: IPv4 Address Network Mask

Type: string

Format: ipv4-netmask

local_port

Description: Port Number

Type: number

Range: 0-65535

protocol

Description: IP Protocol Number (0-255)

Type: number

Range: 0-255

remote

Description: IPv4 Address

Type: string

Format: ipv4-address

remote_netmask

Description: IPv4 Address Network Mask

Type: string

Format: ipv4-netmask

remote_port

Description: Port Number

Type: number

Range: 0-65535

ipsec-list.enc-cfg

Specification
Type list
Block object keys

encryption

Description: ‘des’: Data Encryption Standard algorithm; ‘3des’: Triple Data Encryption Standard algorithm; ‘aes-128’: Advanced Encryption Standard algorithm (key size: 128 bits); ‘aes-192’: Advanced Encryption Standard algorithm (key size: 192 bits); ‘aes-256’: Advanced Encryption Standard algorithm (key size: 256 bits); ‘null’: No encryption algorithm;

Type: string

Supported Values: des, 3des, aes-128, aes-192, aes-256, null

hash

Description: ‘md5’: MD5 Dessage-Digest Algorithm; ‘sha1’: Secure Hash Algorithm 1; ‘sha256’: Secure Hash Algorithm 256; ‘null’: No hash algorithm;

Type: string

Supported Values: md5, sha1, sha256, null

priority

Description: Prioritizes (1-10) security protocol, least value has highest priority

Type: number

Range: 1-10

Default: 5

stats data

Counter Size Description
passthrough 8 passthrough

operational data

Name Type Description
Num-hardware-devices number Num-hardware-devices
IPsec-mode string IPsec-mode
IKE-Gateway-total number IKE-Gateway-total
IPsec-SA-total number IPsec-SA-total
Crypto-cores-assigned-to-IPsec number Crypto-cores-assigned-to-IPsec
IKE-SA-total number IKE-SA-total
Crypto-cores-total number Crypto-cores-total
IPsec-total number IPsec-total