Creating an IPsec Policy¶
Function¶
This API is used to create an IPsec policy.
URI¶
POST /v2.0/vpn/ipsecpolicies
Request¶
Parameter | Type | Mandatory | Description |
|---|---|---|---|
name | String | No | Specifies the IPsec policy name. The name can contain 1 to 64 characters. |
pfs | String | No | Specifies the PFS, which can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default PFS is group5. disable indicates that PFS is disabled. |
auth_algorithm | String | No | Specifies the authentication hash algorithm, which can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description | String | No | Provides supplementary information about the IPsec policy. The description can contain up to 255 characters. |
encapsulation_mode | String | No | Specifies the encapsulation mode, which is tunnel by default. |
encryption_algorithm | String | No | Specifies the encryption algorithm, which can be 3des, aes-128, aes-192, or aes-256. The default algorithm is aes-128. |
ipsecpolicy | Object | Yes | Specifies the IPsec policy object. |
lifetime | Object | No | Specifies the lifetime object of SA. |
tenant_id | String | No | Specifies the project ID. The ID can contain up to 255 characters. |
transform_protocol | String | No | Specifies the transform protocol used, which can be esp, ah, or ah-esp. The default protocol is esp. |
value | Integer | No | Specifies the lifetime value of the SA. The default unit is seconds. The default value is 3600. Supported range: 60 to 604800 |
units | String | No | Specifies the lifecycle unit. The default unit is seconds. |
Note
Parameter project_id is not supported.
Response¶
Table 2 describes the response parameters.
Parameter | Type | Description |
|---|---|---|
auth_algorithm | String | Specifies the authentication hash algorithm, which can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description | String | Provides supplementary information about the IPsec policy. |
encapsulation_mode | String | Specifies the encapsulation mode. The default mode is tunnel. |
encryption_algorithm | String | Specifies the encryption algorithm, which can be 3des, aes-128, aes-192, or aes-256. The default algorithm is aes-128. |
id | String | Specifies the IPsec policy ID. |
ipsecpolicy | Object | Specifies the IPsec policy object. |
lifetime | Object | Specifies the lifetime object of SA. |
name | String | Specifies the IPsec policy name. |
pfs | String | Specifies the PFS, which can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default PFS is group5. disable indicates that PFS is disabled. |
tenant_id | String | Specifies the project ID. |
transform_protocol | String | Specifies the transform protocol used, which can be esp, ah, or ah-esp. The default protocol is esp. |
value | Integer | Specifies the lifetime value of the SA, which is 3600 by default. The default unit is seconds. |
units | String | Specifies the lifecycle unit, which is seconds by default. |
Example¶
Example request
POST /v2.0/vpn/ipsecpolicies { "ipsecpolicy" : { "name" : "ipsecpolicy1", "transform_protocol" : "esp", "auth_algorithm" : "sha1", "encapsulation_mode" : "tunnel", "encryption_algorithm" : "aes-128", "pfs" : "group5", "lifetime" : { "units" : "seconds", "value" : 7200 } } }Example response
{ "ipsecpolicy" : { "name" : "ipsecpolicy1", "transform_protocol" : "esp", "auth_algorithm" : "sha1", "encapsulation_mode" : "tunnel", "encryption_algorithm" : "aes-128", "pfs" : "group5", "tenant_id" : "ccb81365fe36411a9011e90491fe1330", "lifetime" : { "units" : "seconds", "value" : 7200 }, "id" : "5291b189-fd84-46e5-84bd-78f40c05d69c", "description" : "" } }
Returned Values¶
For details, see Common Returned Values.