SD-WAN Secure Internet Access Profiles
| Endpoint | Description |
|---|---|
| https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse | List Secure Internet Access Profiles |
| https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse | Create Secure Internet Access Profile |
| https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse/{sseProfileId}/cisco | Add Settings in Secure Internet Access Profile |
For information about generating your SD-WAN Manager API Gateway URL and SD-WAN Manager Cross-Site Request Forgery (CSRF) access token, see SASE Authorization.
List Secure Internet Access Profiles
List the Secure Internet Access profiles in the SD-WAN Manager organization.
GET https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse
Prerequisites
- gateway_url: The URL of the SD-WAN Manager API gateway.
- apikey: The API key for the SD-WAN Manager organization.
- xsrf_token: The SD-WAN Manager CSRF access token.
Request
curl --request GET \
--url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse \
--header 'authorization: Bearer {apikey}' \
--header 'content-type: application/json' \
--header 'x-xsrf-token: {xsrf_token}'
Response
[
{
"profileId": "a4714188-e0ad-4ce1-91e5-99fd4c943929",
"profileName": "SIA_2T",
"solution": "sdwan",
"profileType": "sse",
"createdBy": "user@cisco.com",
"lastUpdatedBy": "user@cisco.com",
"createdOn": 1771099983012,
"description": "",
"origin": "user",
"lastUpdatedOn": 1771420899056
}
]
Create Secure Internet Access Profile
Create the Secure Internet Access profile in the SD-WAN Manager organization.
POST https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse
Prerequisites
- gateway_url: The URL of the SD-WAN Manager API gateway.
- apikey: The API key for the SD-WAN Manager organization.
- xsrf_token: The SD-WAN Manager CSRF access token.
Required Fields in Request Body
- name: The name of the Secure Internet Access profile.
- description: The description for the Secure Internet Access profile.
Request
curl --request POST \
--url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse \
--header 'Authorization: Bearer {apikey}' \
--header 'Content-type: application/json' \
--header 'X-xsrf-token: {xsrf_token}' \
--data '{
"name": "API-SSE-SIA-2T",
"description": "secure internet access profile"
}'
Response
{
"id": "61f359e8-7937-4e12-afa1-4b016ad814d4"
}
Add Settings in Secure Internet Access Profile
Add the configuration settings for the Secure Internet Access profile.
POST https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse/{sseProfileId}/cisco
Prerequisites
- gateway_url: The URL of the SD-WAN Manager API gateway.
- apikey: The API key for the SD-WAN Manager organization.
- xsrf_token: The SD-WAN Manager CSRF access token.
- sseProfileId: The ID of the Secure Internet Access profile.
- To get the identifiers of the Secure Internet Access profiles in the organization, see List Secure Internet Access Profiles.
Required Fields in Request Body
In the body of the API request, add all fields as shown in the sample.
Substitute the values of the profile's name and description.
- name: The name of the Secure Internet Access profile.
- description: The description for the Secure Internet Access profile.
We recommend that you provide two interface objects:
- An interface that connects to the primary data center.
- An interface that connects to the secondary (backup) data center.
To add additional interface objects, copy the interface pairs (IPsec tunnels with primary and secondary data centers) in the sample and add the high availability (HA) interface pairs for these new interfaces.
You can add up to 16 interface objects in the list: eight primary IPsec tunnel interfaces and eight backup IPsec tunnel interfaces.
For the tunnelDcPreference field in the interface object, set optionType to global and value to one of the types of data centers.
For the primary data center, set value to primary-dc.
For example:
"tunnelDcPreference": {
"optionType": "global",
"value": "primary-dc"
}
For the backup data center, set value to secondary-dc.
For example:
"tunnelDcPreference": {
"optionType": "global",
"value": "secondary-dc"
}
For the ifName field in the interface object, set optionType to global and set value to the name of the IPsec tunnel interface.
"ifName": {
"optionType": "global",
"value": "ipsec1"
}
For each interfacePair:
- For the
activeInterfaceobject, setvalueto the value of the primary IPsec tunnel. - For the
backupInterfaceobject, setvalueto the value of the secondary IPsec tunnel.
"interfacePair": [
{
"activeInterface": {
"optionType": "global",
"value": "ipsec1"
},
"activeInterfaceWeight": {
"optionType": "global",
"value": 1
},
"backupInterface": {
"optionType": "global",
"value": "ipsec2"
},
"backupInterfaceWeight": {
"optionType": "global",
"value": 1
}
}
]
Request
curl --request POST \
--url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse/{sseProfileId}/cisco \
--header 'Authorization: Bearer {apikey}' \
--header 'Content-Type: application/json' \
--header 'X-xsrf-token: {xsrf_token}' \
--data '{
"name": "Name of the Secure Internet Access Profile",
"description": "Description for the Secure Internet Access Profile",
"data": {
"sse_instance": {
"optionType": "global",
"value": "Cisco-Secure-Access"
},
"contextSharingForVpn": {
"optionType": "global",
"value": true
},
"contextSharingForSgt": {
"optionType": "global",
"value": true
},
"region": {
"value": "auto",
"optionType": "default"
},
"ntgName": {
"optionType": "default",
"value": "auto"
},
"interface": [
{
"ifName": {
"optionType": "global",
"value": "ipsec1"
},
"shutdown": {
"optionType": "default",
"value": false
},
"tunnelSourceInterface": {
"optionType": "global",
"value": "GigabitEthernet1"
},
"tunnelRouteVia": {
"optionType": "default",
"value": "Auto"
},
"tcpMssAdjust": {
"optionType": "default"
},
"mtu": {
"optionType": "global",
"value": 1400
},
"tracker": {
"optionType": "default",
"value": "DefaultTracker"
},
"tunnelDcPreference": {
"optionType": "global",
"value": "primary-dc"
},
"dpdInterval": {
"optionType": "default",
"value": 10
},
"dpdRetries": {
"optionType": "default",
"value": 3
},
"ikeRekeyInterval": {
"optionType": "default",
"value": 14400
},
"ikeCiphersuite": {
"optionType": "default",
"value": "aes256-cbc-sha1"
},
"ikeGroup": {
"optionType": "default",
"value": "14"
},
"ipsecRekeyInterval": {
"optionType": "default",
"value": 3600
},
"ipsecReplayWindow": {
"optionType": "default",
"value": 512
},
"ipsecCiphersuite": {
"optionType": "default",
"value": "aes256-gcm"
},
"perfectForwardSecrecy": {
"optionType": "default",
"value": "none"
},
"trackEnable": {
"optionType": "default",
"value": true
}
},
{
"ifName": {
"optionType": "global",
"value": "ipsec2"
},
"shutdown": {
"optionType": "default",
"value": false
},
"tunnelSourceInterface": {
"optionType": "global",
"value": "GigabitEthernet1"
},
"tunnelRouteVia": {
"optionType": "default",
"value": "Auto"
},
"tcpMssAdjust": {
"optionType": "default"
},
"mtu": {
"optionType": "global",
"value": 1400
},
"tracker": {
"optionType": "default",
"value": "DefaultTracker"
},
"tunnelDcPreference": {
"optionType": "global",
"value": "secondary-dc"
},
"dpdInterval": {
"optionType": "default",
"value": 10
},
"dpdRetries": {
"optionType": "default",
"value": 3
},
"ikeRekeyInterval": {
"optionType": "default",
"value": 14400
},
"ikeCiphersuite": {
"optionType": "default",
"value": "aes256-cbc-sha1"
},
"ikeGroup": {
"optionType": "default",
"value": "14"
},
"ipsecRekeyInterval": {
"optionType": "default",
"value": 3600
},
"ipsecReplayWindow": {
"optionType": "default",
"value": 512
},
"ipsecCiphersuite": {
"optionType": "default",
"value": "aes256-gcm"
},
"perfectForwardSecrecy": {
"optionType": "default",
"value": "none"
},
"trackEnable": {
"optionType": "default",
"value": true
}
}
],
"interfacePair": [
{
"activeInterface": {
"optionType": "global",
"value": "ipsec1"
},
"activeInterfaceWeight": {
"optionType": "global",
"value": 1
},
"backupInterface": {
"optionType": "global",
"value": "ipsec2"
},
"backupInterfaceWeight": {
"optionType": "global",
"value": 1
}
}
],
"tracker": [],
"trackerSrcIp": {
"value": "{{tracker_Src_IP}}",
"optionType": "variable"
}
}
}'
Response
{
"parcelId": "cf150207-6533-4b14-80aa-0e4f7f064d0c"
}