APIRef_tm_net_ipsec_ipsec-policy

mgmt/tm/net/ipsec/ipsec-policy

/tm/net/ipsec

Configure IPsec security policy.

REST Endpoints

Collection URI
/mgmt/tm/net/ipsec/ipsec-policy
Collection Methods
OPTIONS, GET
Resource URI
/mgmt/tm/net/ipsec/ipsec-policy/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
Resource Natural Key
name, partition, subPath

Properties

Name Type Default Value Required Access Description
appService string   optional read/write The application service that the object belongs to.
description string   optional read/write User defined description.
ikePhase2AuthAlgorithm string aes-gcm128 optional read/write Specifies an payload authentication algorithm for ESP. This attribute is only valid when IKE is used to negotiate Security Associations. The possible options are: aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256, sha256, sha384, sha512 and sha1. The default value is aes-gcm128.
ikePhase2EncryptAlgorithm string aes-gcm128 optional read/write Specifies an encryption algorithm for ESP. This attribute is only valid when IKE is used to negotiate security associations. The default value is B<aes-gcm128>.
ikePhase2Lifetime integer 1440 optional read/write Specifies the lifetime duration in minutes, for the dynamically-negotiated security associations (SA). This attribute is only valid when IKE is used to negotiate security associations.
ikePhase2LifetimeKilobytes integer 0 optional read/write Specifies the lifetime duration in kilobytes, for the dynamically-negotiated security associations (SA). This attribute is only valid when IKE is used to negotiate security associations. A value of ‘0’ means the SA will not re-key based on the number of bytes encrypted/decrypted. The minimum recommended value is 1000 kilobytes. This value is not negotiated between peers.
ikePhase2PerfectForwardSecrecy string none optional read/write Defines the group of Diffie-Hellman exponentiations. This attribute is only valid when IKE is used to negotiate security associations. The value ‘none’ indicates that the PFS is disabled for phase2 SA negotiations.
ipcomp string none optional read/write Specifies the compression algorithm for IPComp.
mode string transport optional read/write Specifies a security protocol mode for use. The options are: transport, tunnel, isession and interface.
tmPartition string Common optional read/write  
protocol string esp optional read/write Specifies the IPsec protocol: Encapsulating Security Payload (ESP) or Authentication Header (AH).
tunnelLocalAddress string   optional read/write Specifies the IP address of the local IPsec tunnel endpoint. This option is only valid when mode is tunnel mode.
tunnelRemoteAddress string   optional read/write Specifies the IP address of the remote IPsec tunnel endpoint. This option is only valid when mode is tunnel mode.
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.