Updating an IPsec Policy¶
Function¶
This API is used to update an IPsec policy.
Note
If the IPsec policy is updated, the IPsec VPN connection also needs to be updated.
URI¶
PUT /v2.0/vpn/ipsecpolicies/{ipsecpolicy_id}
Parameter | Type | Mandatory | Description |
|---|---|---|---|
ipsecpolicy_id | String | Yes | Specifies the IPsec policy ID. |
Request¶
Table 2 describes the request parameters.
Parameter | Type | Mandatory | Description |
|---|---|---|---|
ipsecpolicy | Object | Yes | Specifies the IPsec policy object. |
description | String | No | Provides supplementary information about the IPsec policy. The description can contain a maximum of 255 characters. |
transform_protocol | String | No | Specifies the transform protocol used, which can be esp, ah, or ah-esp. The default protocol is esp. |
auth_algorithm | String | No | Specifies the authentication hash algorithm, which can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
encapsulation_mode | String | No | Specifies the encapsulation mode. The default mode is tunnel. |
encryption_algorithm | String | No | Specifies the encryption algorithm, which can be 3des, aes-128, aes-192, or aes-256. The default algorithm is aes-128. |
pfs | String | No | Specifies the PFS, which can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default PFS is group5. disable indicates that PFS is disabled. |
value | Integer | No | Specifies the lifetime value of the SA, which is 3600 by default. The default unit is seconds. Supported range: 60 to 604800 |
units | String | No | Specifies the lifecycle unit, which is seconds by default. |
lifetime | Object | No | Specifies the lifetime object of SA. |
name | String | No | Specifies the IPsec policy name. The name can contain 1 to 64 characters. |
Note
Parameter project_id is not supported.
Response¶
Table 3 describes the response parameters.
Parameter | Type | Description |
|---|---|---|
encryption_algorithm | String | Specifies the encryption algorithm, which can be 3des, aes-128, aes-192, or aes-256. The default algorithm is aes-128. |
pfs | String | Specifies the PFS, which can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default PFS is group5. disable indicates that PFS is disabled. |
lifetime | Object | Specifies the lifetime object of SA. |
name | String | Specifies the IPsec policy name. |
transform_protocol | String | Specifies the transform protocol used, which can be esp, ah, or ah-esp. The default protocol is esp. |
tenant_id | String | Specifies the project ID. |
id | String | Specifies the IPsec policy ID. |
encapsulation_mode | String | Specifies the encapsulation mode. The default mode is tunnel. |
auth_algorithm | String | Specifies the authentication hash algorithm, which can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description | String | Provides supplementary information about the IPsec policy. |
ipsecpolicy | Object | Specifies the IPsec policy object. |
value | Integer | Specifies the lifetime value of the SA, which is 3600 by default. The default unit is seconds. |
units | String | Specifies the lifecycle unit, which is seconds by default. |
Example¶
Example request
PUT /v2.0/vpn/ipsecpolicies/{ipsecpolicy_id} { "ipsecpolicy" : { "pfs" : "group14" } }Example response
{ "ipsecpolicy": { "name": "ipsecpolicy1", "transform_protocol": "esp", "auth_algorithm": "sha1", "encapsulation_mode": "tunnel", "encryption_algorithm": "aes-128", "pfs": "group14", "tenant_id": "ccb81365fe36411a9011e90491fe1330", "lifetime": { "units": "seconds", "value": 3600 }, "id": "5291b189-fd84-46e5-84bd-78f40c05d69c", "description": "" } }
Returned Values¶
For details, see Common Returned Values.