Function
This interface is used to create an IPsec policy.
URI
POST /v2.0/vpn/ipsecpolicies
Request Message
Parameter |
Type |
Mandatory |
Description |
|---|---|---|---|
name |
String |
No |
Specifies the IPsec policy name. |
pfs |
String |
No |
Specifies the PFS. The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default value is group5. The value disable indicates that the PFS function is disabled. |
auth_algorithm |
String |
No |
Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description |
String |
No |
Provides supplementary information about the IPsec policy. |
encapsulation_mode |
String |
No |
Specifies the encapsulation mode. The default value is tunnel. |
encryption_algorithm |
String |
No |
Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128. |
ipsecpolicy |
Object |
Yes |
Specifies the IPsec policy object. |
lifetime |
Object |
No |
Specifies the lifetime object of SA. |
tenant_id |
String |
No |
Specifies the project ID. |
transform_protocol |
String |
No |
Specifies the transform protocol used. The value can be esp, ah, or ah-esp. The default value is esp. |
value |
Integer |
No |
Specifies the lifetime value of the SA. The default unit is seconds. The default value is 3600. |
units |
String |
No |
Specifies the lifecycle unit. The default value is seconds. |
- The project_id parameter is not supported.
- The value of tenant_id can contain a maximum of 255 characters.
- The value of name can contain 1 to 64 characters.
- The value of description can contain a maximum of 255 characters.
- The value of transform_protocol can only be esp, ah, or ah-esp.
- The value of auth_algorithm can only be md5, sha1, sha2-256, sha2-384, or sha2-512.
- The value of encapsulation_mode can only be tunnel.
- The value of units can only be in seconds.
- The value of value can only be an integer ranging from 60 to 604,800.
- The value of encryption_algorithm can only be aes-192, aes-256, group2, group5, or group14.
Response Message
Table 2 describes the response parameters.
Parameter |
Type |
Description |
|---|---|---|
auth_algorithm |
String |
Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description |
String |
Provides supplementary information about the IPsec policy. |
encapsulation_mode |
String |
Specifies the encapsulation mode. The default value is tunnel. |
encryption_algorithm |
String |
Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128. |
id |
String |
Specifies the IPsec policy ID. |
ipsecpolicy |
Object |
Specifies the IPsec policy object. |
lifetime |
Object |
Specifies the lifetime object of SA. |
name |
String |
Specifies the IPsec policy name. |
pfs |
String |
Specifies the PFS. The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default value is group5. The value disable indicates that the PFS function is disabled. |
tenant_id |
String |
Specifies the project ID. |
transform_protocol |
String |
Specifies the transform protocol used. The value can be esp, ah, or ah-esp. The default value is esp. |
value |
Integer |
Specifies the lifetime value of the SA. The default unit is seconds. The default value is 3600. |
units |
String |
Specifies the lifecycle unit. The default value is seconds. |
Example
- Request Example
POST /v2.0/vpn/ipsecpolicies { "ipsecpolicy" : { "name" : "ipsecpolicy1", "transform_protocol" : "esp", "auth_algorithm" : "sha1", "encapsulation_mode" : "tunnel", "encryption_algorithm" : "aes-128", "pfs" : "group5", "lifetime" : { "units" : "seconds", "value" : 7200 } } }
- Example Response
{ "ipsecpolicy" : { "name" : "ipsecpolicy1", "transform_protocol" : "esp", "auth_algorithm" : "sha1", "encapsulation_mode" : "tunnel", "encryption_algorithm" : "aes-128", "pfs" : "group5", "project_id" : "ccb81365fe36411a9011e90491fe1330", "tenant_id" : "ccb81365fe36411a9011e90491fe1330", "lifetime" : { "units" : "seconds", "value" : 7200 }, "id" : "5291b189-fd84-46e5-84bd-78f40c05d69c", "description" : "" } }
Returned Values
For details, see section Common Returned Values.