Networking::IPsecIkePeer¶
Introduced : BIG-IP_v11.2.0
This interface configures the IPsec Protocol suite for securing
Internet Protocol (IP) communications by authenticating and encrypting
each IP packet of a communication session.
Methods¶
| Method | Description | Introduced |
| add_ike_version | Adds the IPsec IKE peer versions for a set of IPsec IKE peers. | BIG-IP_v11.6.0 |
| add_traffic_selector | Adds the traffic selectors for a set of IPsec IKE peers. | BIG-IP_v11.6.0 |
| create | Creates a set of IPsec IKE peers | BIG-IP_v11.2.0 |
| delete_all_ike_peers | Deletes all IPsec IKE peers. | BIG-IP_v11.2.0 |
| delete_ike_peer | Deletes a set of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_ca_certificate_file | Gets the file object name of the root certificate authority (CA) for each IPsec IKE peer. | BIG-IP_v11.2.0 |
| get_certificate_type | Gets the IPsec IKE peer certification types for a list of IPsec IKE peers. Note that this function is only valid in IKEv1 peer configuration. | BIG-IP_v11.2.0 |
| get_crl_file | Gets the name of the crl file object for each specified IPsec IKE peer. | BIG-IP_v11.2.0 |
| get_description | Gets descriprion for each specified IPsec IKE peer. | BIG-IP_v11.2.0 |
| get_dpd_delay | Gets the IPsec IKE peer DPD delay for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_enabled_state | Gets the IPsec IKE peer state. | BIG-IP_v11.2.0 |
| get_generate_policy | Gets the IPsec IKE peer generate policy option. | BIG-IP_v11.2.0 |
| get_ike_proposal_name | This method has been deprecated immediately because it accessed functionality that never worked, and should never have been exposed. Gets the IKE proposal name. | BIG-IP_v11.2.0 |
| get_ike_version | Gets the IPsec IKE peer versions for a set of IPsec IKE peers. IKE peer version specifies which version of IKE to be used for the IPsec security negotiations. | BIG-IP_v11.6.0 |
| get_lifetime | Gets the IPsec IKE peer lifetimes of an IKE security association that will be proposed in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_list | Gets the names for all IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_mode | Gets IPsec IKE peer modes for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_my_certificate_file | Gets the name of the certificate file object for each IPsec IKE peer. | BIG-IP_v11.2.0 |
| get_my_certificate_key_file | Gets the name of the certificate key file object for each IPsec IKE peer. | BIG-IP_v11.2.0 |
| get_my_certificate_key_passphrase | Gets the certificate key passphrases (if any) for the specified IKEv2 peers. The user should not rely on the &aposdefault_flag&apos in the returned sequence of passphrases. | BIG-IP_v12.1.0 |
| get_my_id_type | Gets the IPsec IKE peer identifier types sent to the remote host to use in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_my_id_value | Gets the IPsec IKE peer identifier values sent to the remote host to use in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_nat_traversal | Gets the IPsec IKE peer NAT traversal option. | BIG-IP_v11.2.0 |
| get_passive_state | Gets the passive state for a set of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_peer_certificate_file | Gets the peer certificate file name. Note that this function is only valid in IKEv1 peer configuration. | BIG-IP_v11.2.0 |
| get_peer_id_type | Gets the peer identifier types that can be used in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_peer_id_value | Gets the peer identifier values for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_phase1_auth_method | Gets the IKE phase 1 authentication method. | BIG-IP_v11.2.0 |
| get_phase1_encryption_algorithm | Gets the IKE phase 1 encryption algorithm. | BIG-IP_v11.2.0 |
| get_phase1_hash_algorithm | Gets the IKE phase1 hash algorithm. | BIG-IP_v11.2.0 |
| get_phase1_perfect_forward_secrecy | Gets the IKE phase 1 perfect forward secrecy. | BIG-IP_v11.2.0 |
| get_phase1_pseudo_random_function | Gets the IKE pseudo random function for a set of IKE peers. | BIG-IP_v11.6.0 |
| get_preshared_key | Gets the preshared key (if any) for each specified IPsec IKE peer. | BIG-IP_v11.5.0 |
| get_preshared_key_encrypted | This method is deprecated. Please use get_preshared_key instead. Gets the preshared key encrypted (if any) for each specified IPsec IKE peer. | BIG-IP_v11.2.0 |
| get_proxy_support_state | Gets IPsec IKE peer proxy support states. | BIG-IP_v11.2.0 |
| get_remote_address | Gets the IPsec IKE peer remote IP address for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_replay_window_size | Gets the replay window size for each specified IPsec IKE peer. | BIG-IP_v11.3.0 |
| get_traffic_selector | Gets the names of all the associated traffic selectors for a set of IPsec IKE peers. Traffic Selectors determine which traffic you want the system to protect using IPsec tunnel. | BIG-IP_v11.6.0 |
| get_verify_certificate_state | Gets the IPsec IKE peer state of verify_certificate for a set of IPsec IKE peers. | BIG-IP_v11.2.0 |
| get_version | Gets the version information for this interface. | BIG-IP_v11.2.0 |
| remove_all_ike_versions | Removes all the IPsec IKE peer versions for a set of IPsec IKE peers. | BIG-IP_v11.6.0 |
| remove_all_traffic_selectors | Removes all the associated traffic selectors for a set of IPsec IKE peers. | BIG-IP_v11.6.0 |
| remove_ike_version | Removes the IPsec IKE peer versions for a set of IPsec IKE peers. | BIG-IP_v11.6.0 |
| remove_traffic_selector | Removes the traffic selectors associated with a set of IPsec IKE peers. | BIG-IP_v11.6.0 |
| set_ca_certificate_file | Sets the file object name of the root certificate authority (CA) for each IPsec IKE peer. | BIG-IP_v11.2.0 |
| set_certificate_type | Sets the IPsec IKE peer certificate types for a list of IPsec IKE peers. Note that this function is only valid in IKEv1 peer configuration. | BIG-IP_v11.2.0 |
| set_crl_file | Sets the name of the crl file object for each specified IPsec IKE peer. | BIG-IP_v11.2.0 |
| set_description | Sets the description for the IPsec IKE peers. This is an arbitrary field which can be used for any purpose. | BIG-IP_v11.2.0 |
| set_dpd_delay | Sets the IPsec IKE peer DPD delay for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_enabled_state | Sets the IPsec IKE peer state to enable or disable. If you set the state to disable, the IKE peer is completely disabled. | BIG-IP_v11.2.0 |
| set_generate_policy | Sets the IPsec IKE peer generate policy option. | BIG-IP_v11.2.0 |
| set_ike_proposal_name | This method has been deprecated immediately because it accessed functionality that never worked, and should never have been exposed. Sets the IKE proposal name. | BIG-IP_v11.2.0 |
| set_lifetime | Sets the IPsec IKE peer lifetimes of an IKE security association that will be proposed in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_mode | Sets IPsec IKE peer modes for list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_my_certificate_authentication | Sets certificate-based authentication methods in a batch with certificates, keys and corresponding key passphrases (if any) for the specified IKEv2 peers. | BIG-IP_v12.1.0 |
| set_my_certificate_file | Sets the name of certificate file object for each of the specified IPsec IKE peers. Note that there are no default certificate files for DSS and ECDSA authentication methods. | BIG-IP_v11.2.0 |
| set_my_certificate_key_file | Sets the name of the certificate key file object for each IPsec IKE peer. Note that there are no default certificate key files for DSS and ECDSA authentication methods. | BIG-IP_v11.2.0 |
| set_my_certificate_key_passphrase | Sets the certificate key passphrases (if any) for the specified IKEv2 peers. | BIG-IP_v12.1.0 |
| set_my_id_type | Sets the IPsec IKE peer identifier types sent to the remote host to use in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_my_id_value | Sets the IPsec IKE peer identifier values sent to the remote host to use in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_nat_traversal | Sets the IPsec IKE peer NAT traversal option. | BIG-IP_v11.2.0 |
| set_passive_state | Sets the state to passive for a set of IPsec IKE peers. Set this to enable, if you do not want to be the initiator of the IKE negotiation with this IKE peer. | BIG-IP_v11.2.0 |
| set_peer_certificate_file | Sets the peer certificate file object name. If the peer certificate file is defined, the isakmp daemon ignores the CERT payload from the peer, and uses this certificate as the peer&aposs certificate. Note that this function is only valid in IKEv1 peer configuration. | BIG-IP_v11.2.0 |
| set_peer_id_type | Sets the peer identifier types that can be used in the phase 1 negotiation for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_peer_id_value | Sets the IPsec IKE peer identifier value to be received for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_phase1_auth_method | Sets the IKE phase 1 authentication method. Defines the authentication method used for the phase 1 negotiation. Possible values are: pre-shared-key and rsa-signature. Use rsa-signature if using X.509 certificates. | BIG-IP_v11.2.0 |
| set_phase1_encryption_algorithm | Sets the IKE phase 1 encryption algorithm. Specifies the encryption algorithm used for the isakmp phase 1 negotiation. This directive must be defined. Possible value is one of following: des, 3des, blowfish, cast128, aes, camellia. | BIG-IP_v11.2.0 |
| set_phase1_hash_algorithm | Sets the IKE phase 1 hash algorithm. Defines the hash algorithm used for the isakmp phase 1 negotiation. This directive must be defined. The algorithm should be one of following: md5, sha1, sha256, sha384, sha512. | BIG-IP_v11.2.0 |
| set_phase1_perfect_forward_secrecy | Sets the IKE phase 1 perfect forward secrecy. Defines the group used for the Diffie-Hellman exponentiations to provide perfect forward secrecy. This directive must be defined. The group is one of following: modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192. | BIG-IP_v11.2.0 |
| set_phase1_pseudo_random_function | Sets the IKE phase 1 pseudo random function (prf) for a set of IKE peers. The Pseudo random function is used to derive keying material for all cryptographic operations. This attribute is valid for IKEv2 version only. The prf function should be one of following: md5, sha1, sha256, sha384, sha512. | BIG-IP_v11.6.0 |
| set_preshared_key | Sets the preshared key for each specified IPsec IKE peer. | BIG-IP_v11.2.0 |
| set_preshared_key_encrypted | This method is deprecated. The system automatically encrypts the preshared key using the master key, and no longer requires a pre-encrypted key. Please use set_preshared_key instead. Sets the preshared key (encrypted) for each specified IPsec IKE peer. Requires an already encrypted key. | BIG-IP_v11.2.0 |
| set_proxy_support_state | Sets the IPsec IKE peer proxy support to enable or disable. Setting proxy support to enable gives the IKE peer the ability to work over a proxy. | BIG-IP_v11.2.0 |
| set_remote_address | Sets the IPsec IKE peer remote BIG-IP system IP addresses for a list of IPsec IKE peers. | BIG-IP_v11.2.0 |
| set_replay_window_size | Sets the replay window size for each specified IPsec IKE peer. This window will limit the number of out of order IPsec packets that can be received relative to the packet with the highest sequence number that has been authenticated so far. Packets with older sequence numbers that are outside of this range will be rejected. This configuration affects only dynamic negotiated IPsec SAs to the specified IPsec IKE peer. The default value is 64. The valid range is from 4 to 255. | BIG-IP_v11.3.0 |
| set_verify_certificate_state | Sets the IPsec IKE peer state to verify the peer&aposs certificate for a set of IPsec IKE peers. | BIG-IP_v11.2.0 |
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.