Creating an IKE Policy¶
Function¶
This interface is used to create an IKE policy.
URI¶
POST /v2.0/vpn/ikepolicies
Request Message¶
Table 1 describes the request parameters.
Parameter | Type | Mandatory | Description |
|---|---|---|---|
name | String | No | Specifies the IKE policy name. |
auth_algorithm | String | No | Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description | String | No | Provides supplementary information about the IKE policy. |
encryption_algorithm | String | No | Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128. |
ike_version | String | No | Specifies the IKE version. The value can be v1 or v2. The default value is v1. |
lifetime | Object | No | Specifies the lifetime object of SA. |
pfs | String | No | Specifies the PFS. The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default value is group5. |
phase1_negotiation_mode | String | No | Specifies the IKE mode The default value is main. |
tenant_id | String | No | Specifies the project ID. |
value | String | No | Specifies the lifetime value of the SA. The default unit is seconds. The default value is 3600. |
units | String | No | Specifies the lifecycle unit. The default value is seconds. |
ikepolicy | Object | Yes | Specifies the IKE policy object. |
Note
The project_id parameter is not supported.
The value of tenant_id can contain a maximum of 255 characters.
The value of name can contain 1 to 64 characters.
The value of description can contain a maximum of 255 characters.
The value of auth_algorithm can only be md5, sha1, sha2-256, sha2-384, or sha2-512.
The value of encryption_algorithm can only be 3des, aes-128, aes-192, or aes-256.
The value of phase1_negotiation_mode can only be main and aggressive.
The value of units can only be in seconds.
The value of value can only be an integer ranging from 60 to 604,800.
The value of ike_version can only be v1 or v2.
Response Message¶
Table 2 describes the response parameters.
Parameter | Type | Description |
|---|---|---|
auth_algorithm | String | Specifies the authentication hash algorithm. The value can be md5, sha1, sha2-256, sha2-384, or sha2-512. |
description | String | Provides supplementary information about the IKE policy. |
encryption_algorithm | String | Specifies the encryption algorithm. The value can be 3des, aes-128, aes-192, or aes-256. The default value is aes-128. |
lifetime | Object | Specifies the lifetime object of SA. |
name | String | Specifies the IKE policy name. |
pfs | String | Specifies the PFS. The value can be group1, group2, group5, group14, group15, group16, group19, group20, group21, or disable. The default value is group5. |
phase1_negotiation_mode | String | Specifies the IKE mode The default value is main. |
tenant_id | String | Specifies the project ID. |
ikepolicy | Object | Specifies the IKE policy object. |
value | Integer | Specifies the lifetime value of the SA. The default unit is seconds. The default value is 3600. |
units | String | Specifies the lifecycle unit. The default value is seconds. |
id | String | Specifies the IKE policy ID. |
ike_version | String | Specifies the IKE version. The value can be v1 or v2. The default value is v1. |
Example¶
Example Request
POST /v2.0/vpn/ikepolicies { "ikepolicy" : { "phase1_negotiation_mode" : "main", "auth_algorithm" : "sha1", "encryption_algorithm" : "aes-128", "pfs" : "group5", "lifetime" : { "units" : "seconds", "value" : 7200 }, "ike_version" : "v1", "name" : "ikepolicy1" } }Example Response
{ "ikepolicy" : { "name" : "ikepolicy1", "tenant_id" : "ccb81365fe36411a9011e90491fe1330", "auth_algorithm" : "sha1", "encryption_algorithm" : "aes-128", "pfs" : "group5", "phase1_negotiation_mode" : "main", "lifetime" : { "units" : "seconds", "value" : 7200 }, "ike_version" : "v1", "id" : "5522aff7-1b3c-48dd-9c3c-b50f016b73db", "description" : "" } }
Returned Values¶
For details, see section Common Returned Values.