APIRef_tm_net_ipsec_ipsec-policy¶
mgmt/tm/net/ipsec/ipsec-policy
Configure IPsec security policy.
REST Endpoints
- Collection URI
/mgmt/tm/net/ipsec/ipsec-policy
- Collection Methods
OPTIONS, GET
- Resource URI
/mgmt/tm/net/ipsec/ipsec-policy/~resource id
- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
- Resource Natural Key
name, partition, subPath
Properties
Name | Type | Default Value | Required | Access | Description |
---|---|---|---|---|---|
appService |
string | optional | read/write | The application service that the object belongs to. | |
description |
string | optional | read/write | User defined description. | |
ikePhase2AuthAlgorithm |
string | aes-gcm128 | optional | read/write | Specifies an payload authentication algorithm for ESP. This attribute is only valid when IKE is used to negotiate Security Associations. The possible options are: aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256, sha256, sha384, sha512 and sha1. The default value is aes-gcm128. |
ikePhase2EncryptAlgorithm |
string | aes-gcm128 | optional | read/write | Specifies an encryption algorithm for ESP. This attribute is only valid when IKE is used to negotiate security associations. The default value is B<aes-gcm128>. |
ikePhase2Lifetime |
integer | 1440 | optional | read/write | Specifies the lifetime duration in minutes, for the dynamically-negotiated security associations (SA). This attribute is only valid when IKE is used to negotiate security associations. |
ikePhase2LifetimeKilobytes |
integer | 0 | optional | read/write | Specifies the lifetime duration in kilobytes, for the dynamically-negotiated security associations (SA). This attribute is only valid when IKE is used to negotiate security associations. A value of ‘0’ means the SA will not re-key based on the number of bytes encrypted/decrypted. The minimum recommended value is 1000 kilobytes. This value is not negotiated between peers. |
ikePhase2PerfectForwardSecrecy |
string | none | optional | read/write | Defines the group of Diffie-Hellman exponentiations. This attribute is only valid when IKE is used to negotiate security associations. The value ‘none’ indicates that the PFS is disabled for phase2 SA negotiations. |
ipcomp |
string | none | optional | read/write | Specifies the compression algorithm for IPComp. |
mode |
string | transport | optional | read/write | Specifies a security protocol mode for use. The options are: transport, tunnel, isession and interface. |
tmPartition |
string | Common | optional | read/write | |
protocol |
string | esp | optional | read/write | Specifies the IPsec protocol: Encapsulating Security Payload (ESP) or Authentication Header (AH). |
tunnelLocalAddress |
string | optional | read/write | Specifies the IP address of the local IPsec tunnel endpoint. This option is only valid when mode is tunnel mode. | |
tunnelRemoteAddress |
string | optional | read/write | Specifies the IP address of the remote IPsec tunnel endpoint. This option is only valid when mode is tunnel mode. |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.