addIkevOnePolicy
The addIkevOnePolicy operation handles configuration related to IkevOnePolicy model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| name | True | string | The name of the object, up to 128 characters. | ||
| enabled | True | boolean | A mandatory Boolean value, TRUE or FALSE (the default). The TRUE value enables the policy, which means remote peers can use it when negotiating a site-to-site VPN connection. FALSE indicates that although the policy is defined, remote peers cannot negotiate connections based on the policy. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| lifeTime | False | integer | An optional integer that defines the lifetime of the security association (SA), in seconds, from 120 to 2147483647, with the typical limit being 86400. When the lifetime is exceeded, the SA expires and must be renegotiated between the two peers. Leave the option as null to specify no lifetime limit. | ||
| priority | True | integer | A required integer that determines the relative priority of the IKE policy, from 1 to 65535. The priority determines the order of the IKE policy compared by the two negotiating peers when attempting to find a common security association (SA). If the remote IPsec peer does not support the parameters selected in your highest priority policy, it tries to use the parameters defined in the next lowest priority. The lower the number, the higher the priority. A given number is meaningful only in relation to the priority numbers defined on the other IKE policies. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| authenticationType | True | string | An enum value that specifies how the peers in the VPN are authenticated. Possible values are: CERTIFICATE - authentication should be done by using certificate. PRE_SHARED_KEY - The peers use a single pre-shared key. Specify the key string in the SToSConnectionProfile object. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| encryptionType | True | string | An enum value that specifies the encryption algorithm used to establish the Phase 1 security association (SA) for protecting Phase 2 negotiations. Possible values are, in order of strength: DES - Data Encryption Standard, which encrypts using 56-bit keys, is a symmetric secret-key block algorithm. THREE_DES - Triple DES, which encrypts three times using 56-bit keys. AES - Advanced Encryption Standard is a symmetric cipher algorithm. AES uses 128-bit keys. AES192 - An Advanced Encryption Standard algorithm that uses 192-bit keys. AES256 - An Advanced Encryption Standard algorithm that uses 256-bit keys. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| hashType | True | string | An enum value that specifies the hash algorithm for creating a message digest, which is used to ensure message integrity. Possible values are: MD5 - The Message Digest 5 algorithm, which produces a 128-bit digest. SHA - The Secure Hash Algorithm, which produces a 160-bit digest. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| groupType | True | string | An enum value that specifies the Diffie-Hellman group to use for deriving a shared secret between the two IPsec peers without transmitting it to each other. A larger modulus provides higher security but requires more processing time. The two peers must have a matching modulus group. Possible values are: GROUP2 - 1024-bit modulus. GROUP5 - 1536-bit modulus. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| summaryLabel | False | string | A system-provided string that describes the IKE policy. | ||
| cryptoRestricted | False | boolean | A system-provided Boolean value, TRUE or FALSE. The TRUE value indicates that the policy uses strong cryptography, which is controlled by export regulations. A device must be registered export-controlled functionality to use a strong encryption policy. | ||
| isSystemDefined | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined. | ||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | ||
Example
- name: Execute 'addIkevOnePolicy' operation
ftd_configuration:
operation: "addIkevOnePolicy"
data:
name: "{{ name }}"
enabled: "{{ enabled }}"
lifeTime: "{{ life_time }}"
priority: "{{ priority }}"
authenticationType: "{{ authentication_type }}"
encryptionType: "{{ encryption_type }}"
hashType: "{{ hash_type }}"
groupType: "{{ group_type }}"
summaryLabel: "{{ summary_label }}"
cryptoRestricted: "{{ crypto_restricted }}"
isSystemDefined: "{{ is_system_defined }}"
type: "{{ type }}"