Updating an IKE Policy¶
Function¶
This interface is used to update an IKE policy.
Note
If the IKE policy is updated, the IPsec VPN connection also needs to be updated.
URI¶
PUT /v2.0/vpn/ikepolicies/{ikepolicy_id}
Parameter | Type | Mandatory | Description |
|---|---|---|---|
ikepolicy_id | String | Yes | Specifies the IKE policy ID. |
Request Message¶
Table 2 describes the request parameters.
Parameter | Type | Mandatory | Description |
|---|---|---|---|
auth_algorithm | String | No | Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description | String | No | Provides supplementary information about the IKE policy. |
encryption_algorithm | String | No | Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128. |
ike_version | String | No | Specifies the IKE version. The value can be v1 or v2. The default value is v1. |
ikepolicy | Object | Yes | Specifies the IKE policy object. |
lifetime | Object | No | Specifies the lifetime object of SA. |
name | String | No | Specifies the IKE policy name. |
pfs | String | No | Specifies the PFS. The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default value is group5. |
phase1_negotiation_mode | String | No | Specifies the IKE mode The default value is main. |
value | Integer | No | Specifies the lifetime value of the SA. The default unit is seconds. The default value is 3600. |
units | String | No | Specifies the lifecycle unit. The default value is seconds. |
Note
The ikepolicy_id parameter must be specified.
The value of name can contain 1 to 64 characters.
The value of description can contain a maximum of 255 characters.
The value of auth_algorithm can only be md5, sha1, sha2-256, sha2-384, or sha2-512.
The value of encryption_algorithm can only be 3des, aes-128, aes-192, or aes-256.
The value of phase1_negotiation_mode can only be main and aggressive.
The value of units can only be in seconds.
The value of value can only be an integer ranging from 60 to 604,800.
The value of ike_version can only be v1 or v2.
The project_id parameter is not supported.
Response Message¶
Table 3 describes the response parameters.
Parameter | Type | Description |
|---|---|---|
auth_algorithm | String | Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description | String | Provides supplementary information about the IKE policy. |
encryption_algorithm | String | Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128. |
id | String | Specifies the IKE policy ID. |
ike_version | String | Specifies the IKE version. The value can be v1 or v2. The default value is v1. |
lifetime | Object | Specifies the lifetime object of SA. |
name | String | Specifies the IKE policy name. |
pfs | String | Specifies the PFS. The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default value is group5. |
phase1_negotiation_mode | String | Specifies the IKE mode The default value is main. |
tenant_id | String | Specifies the project ID. |
ikepolicy | Object | Specifies the IKE policy object. |
value | Integer | Specifies the lifetime value of the SA. The default unit is seconds. The default value is 3600. |
units | String | Specifies the lifetime unit of the SA. The default unit is seconds. The default value is 3600. |
Example¶
Example Request
{ "ikepolicy" : { "encryption_algorithm" : "aes-256" } }
Example Response
{ "ikepolicy" : { "name" : "ikepolicy1", "tenant_id" : "ccb81365fe36411a9011e90491fe1330", "auth_algorithm" : "sha1", "encryption_algorithm" : "aes-256", "pfs" : "group5", "phase1_negotiation_mode" : "main", "lifetime" : { "units" : "seconds", "value" : 3600 }, "ike_version" : "v1", "id" : "5522aff7-1b3c-48dd-9c3c-b50f016b73db", "description" : "" } }
Returned Values¶
For details, see section Common Returned Values.