addIkevTwoProposal
The addIkevTwoProposal operation handles configuration related to IkevTwoProposal model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | True | string | The name of the object, up to 64 characters. | |||
| encryptionTypes | False | [object] | A list of enum values that specifies the Encapsulating Security Protocol (ESP) encryption algorithm for this proposal. Specify all algorithms that you want to allow. The system negotiates with the peer, starting from the strongest to the weakest algorithm, until a match is agreed upon. Possible values are, in order of strength: NULL - A null encryption algorithm provides authentication without encryption. This is typically used for testing purposes only. DES - Data Encryption Standard, which encrypts using 56-bit keys, is a symmetric secret-key block algorithm (unsupported when strong crypto license is enabled). (unsupported) THREE_DES - Triple DES, which encrypts three times using 56-bit keys. AES - Advanced Encryption Standard is a symmetric cipher algorithm. AES uses 128-bit keys. AES192 - An Advanced Encryption Standard algorithm that uses 192-bit keys. AES256 - An Advanced Encryption Standard algorithm that uses 256-bit keys. AES_GCM - Advanced Encryption Standard in Galois/Counter Mode is a block cipher mode of operation providing confidentiality and data-origin authentication. AES_GCM uses 128-bit keys. AES_GCM192 - An Advanced Encryption Standard in Galois/Counter Mode that uses 192-bit keys. AES_GCM256 - An Advanced Encryption Standard in Galois/Counter Mode that uses 256-bit keys. (unsupported) AES_GMAC - Advanced Encryption Standard Galois Message Authentication Code is a block cipher mode of operation providing only data-origin authentication. AES_GMAC uses 128-bit keys. (unsupported) AES_GMAC192 - An Advanced Encryption Standard Galois Message Authentication Code that uses 192-bit keys. (unsupported) AES_GMAC256 - An Advanced Encryption Standard Galois Message Authentication Code that uses 256-bit keys. |
|||
| integrityTypes | False | [object] | A list of enum values that specifies the hash or integrity algorithm to use for authentication. Select all algorithms that you want to allow. The system negotiates with the peer, starting from the strongest to the weakest algorithm, until a match is agreed upon. The integrity hash is not used with the AES-GCM/GMAC encryption options. Possible values are:NULL - A null hash algorithm. This is typically used for testing purposes only. However, you should choose the null integrity algorithm if you select one of the AES-GCM/GMAC options as the encryption algorithm. Even if you choose a non-null option, the integrity hash is ignored for these encryption standards. (unsupported) MD5 - The Message Digest 5 algorithm, which produces a 128-bit digest. SHA1 - The Secure Hash Algorithm, which produces a 160-bit digest. SHA256 - The Secure Hash Algorithm SHA 2 with a 256-bit digest. SHA384 - The Secure Hash Algorithm SHA 2 with a 384-bit digest. SHA512 - The Secure Hash Algorithm SHA 2 with a 512-bit digest. |
|||
| cryptoRestricted | False | boolean | A system-provided Boolean value, TRUE or FALSE. The TRUE value indicates that the proposal uses strong cryptography, which is controlled by export regulations. A device must be registered export-controlled functionality to use a strong encryption proposal. | |||
| defaultAssignable | False | boolean | A system-provided Boolean value, TRUE or FALSE. The TRUE value indicates that the proposal is part of the default set of proposals. The default set differs based on whether the device is registered for export-controlled functionality | |||
| summaryLabel | False | string | A system-provided string that describes the IKE proposal. | |||
| isSystemDefined | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined. | |||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Example
- name: Execute 'addIkevTwoProposal' operation
ftd_configuration:
operation: "addIkevTwoProposal"
data:
name: "{{ name }}"
encryptionTypes: "{{ encryption_types }}"
integrityTypes: "{{ integrity_types }}"
cryptoRestricted: "{{ crypto_restricted }}"
defaultAssignable: "{{ default_assignable }}"
summaryLabel: "{{ summary_label }}"
isSystemDefined: "{{ is_system_defined }}"
type: "{{ type }}"