addRaVpnGroupPolicy
The addRaVpnGroupPolicy operation handles configuration related to RaVpnGroupPolicy model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | False | string | name of the RA VPN group policy | |||
| banner | False | string | Banner description for Anyconnect Field level constraints: must match pattern ^[^;]*$, length must be between 0 and 3998 (inclusive). (Note: Additional constraints might exist) |
|||
| dnsServerGroup | False | object | DNS Server Group object Allowed types are: [DNSServerGroup] |
|||
| defaultDomainName | False | string | Sets a default domain name for users of the group policy Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| simultaneousLoginPerUser | False | integer | Specifies the number of simultaneous logins allowed for any user. The default value is 3. The range is 0-2147483647 Field level constraints: must be between 0 and 2147483647 (inclusive). (Note: Additional constraints might exist) |
|||
| maxConnectionTimeout | False | integer | Configures a maximum amount of time for VPN connections. The minimum time allowed is 1 minute, and the maximum time is 35791394 minutes. There is no default value for this attribute and the behaviour is unlimited time allowed per connection as default Field level constraints: must be between 1 and 4473924 (inclusive). (Note: Additional constraints might exist) |
|||
| maxConnectionTimeAlertInterval | False | integer | Configures the time at which a session timeout alert message is displayed to the user. The default alert interval is one minute. The range is from 1 - 30 minutes. Field level constraints: must be between 1 and 30 (inclusive). (Note: Additional constraints might exist) |
|||
| vpnIdleTimeout | False | integer | Configures a VPN idle timeout period. If there is no communication activity on the connection in this period, the ASA terminates the connection. The minimum time is 1 minute, the maximum time is 35791394 minutes, and the default is 30 minutes. Field level constraints: must be between 1 and 35791394 (inclusive). (Note: Additional constraints might exist) |
|||
| vpnIdleTimeoutAlertInterval | False | integer | Configures a VPN idle timeout period. If there is no communication activity on the connection in this period, the ASA terminates the connection. The minimum time is 1 minute, the maximum time is 35791394 minutes, and the default is 30 minutes Field level constraints: must be between 1 and 30 (inclusive). (Note: Additional constraints might exist) |
|||
| ipv4LocalAddressPool | False | [object] | Names of the DHCP address pools Allowed types are: [NetworkObject] |
|||
| ipv6LocalAddressPool | False | [object] | IPV6 local address pool Allowed types are: [NetworkObject] |
|||
| dhcpScope | False | object | DHCP scope specifies the range of IP addresses (that is, a subnetwork) that the ASA DHCP server should use to assign addresses to users of this group policy Allowed types are: [NetworkObject] |
|||
| ipv4SplitTunnelSetting | False | string | Enum with values TUNNEL_ALL,TUNNEL_SPECIFIED,EXCLUDE_SPECIFIED_OVER_TUNNEL | |||
| ipv6SplitTunnelSetting | False | string | Enum with values TUNNEL_ALL,TUNNEL_SPECIFIED,EXCLUDE_SPECIFIED_OVER_TUNNEL | |||
| ipv4SplitTunnelNetworks | False | [object] | IPv4 network for split tunneling Allowed types are: [NetworkObject] |
|||
| ipv6SplitTunnelNetworks | False | [object] | IPv6 network for split tunneling Allowed types are: [NetworkObject] |
|||
| splitDNSRequestPolicy | False | string | USE_SPLIT_TUNNEL_SETTING,TUNNEL_ALL,TUNNEL_SPECIFIED_DOMAINS | |||
| splitDNSDomainList | False | string | comma seperated domain list when splitDNSPolicy is TUNNEL_SPECIFIED_DOMAINS Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| scepForwardingUrl | False | string | URL that is used by users of this group policy for the automatic request of digital certificates Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| periodicClientCertAuthenticationInterval | False | integer | periodic certificate authentication interval in hours. Range is 1 - 168 hours | |||
| enableDTLS | False | boolean | enables DTLS for a specified group policy | |||
| enableDTLSCompression | False | boolean | enables DTLS compression | |||
| sslCompression | False | string | ENUM with values: DISABLED, DEFLATE, LZS. Default is DISABLED | |||
| enableSSLrekey | False | boolean | enables the AnyConnect client to perform a re-key on an SSL session | |||
| rekeyMethod | False | string | ENUM with values: NEW_TUNNEL or EXISTING_TUNNEL | |||
| rekeyInterval | False | integer | Specifies the number of minutes from the start of the session until the re-key takes place. Range is 4-10080 | |||
| ignoreDFBit | False | boolean | Enable this to ignore the DF bit in packets that need fragmentation. By default this is disabled | |||
| bypassUnsupportProtocol | False | boolean | Configure this attribute to determine whether to drop network traffic for which the FTD did not assign an IP address, or allow that traffic to bypass the FTD and be sent from the client unencrypted or in the clear | |||
| mtuSize | False | integer | AnyConnect MTU size in bytes. Range is 576-1462 Field level constraints: must be between 576 and 1462 (inclusive). (Note: Additional constraints might exist) |
|||
| useAlwaysOnVPNSettingInProfile | False | boolean | A false value would switch off the Always-On-VPN functionality | |||
| enableKeepAliveMessages | False | boolean | Enabling this ensures that an connection through a proxy, firewall, or NAT device remains open | |||
| keepAliveMessageInterval | False | integer | Default is 20 seconds. Valid range is from 15 - 600 seconds | |||
| enableGatewayDPD | False | boolean | Gateway Dead Peer Detection (DPD) ensures that the security appliance (gateway) can quickly detect a condition where the peer is not responding, and the connection has failed | |||
| gatewayDPDInterval | False | integer | Enter the interval, from 5 to 3600 seconds, with which the security appliance performs DPD | |||
| enableClientDPD | False | boolean | Client-DPD ensures that the client can quickly detect a condition where the peer is not responding, and the connection has failed | |||
| clientDPDInterval | False | integer | Enter the interval, from 5 to 3600 seconds, with which the client performs DPD | |||
| clientProfiles | False | [object] | Any connect client profiles Allowed types are: [AnyConnectClientProfile] |
|||
| keepInstallerOnClient | False | boolean | Enables or disables automatic uninstalling feature of the anyconnect client | |||
| vpnTrafficFilterACL | False | object | A vpn-filter acl is applied to post-decrypted traffic after it exits a tunnel and pre-encrypted traffic before it enters a tunnel. The ACL should be configured with the client assigned IP addresses in the src_ip position of the ACL and the local network in the dest_ip position of the ACL Allowed types are: [ExtendedAccessList] |
|||
| enableRestrictVPNToVLAN | False | boolean | By default it is false | |||
| restrictVPNToVLANId | False | integer | specifies the egress VLAN for remote access VPN sessions assigned to this group policy. The range is 1-4094. There is no default value. | |||
| clientFirewallPrivateNetworkRules | False | object | Firewalls provide extra security if remote users in a group have split tunneling configured. In this case, the firewall protects the user’s computer, and thereby the corporate network, from intrusions by way of the Internet or the user’s local LAN. The private network rule is the rule applied to the VPN virtual adapter interface on the client Allowed types are: [ExtendedAccessList] |
|||
| clientFirewallPublicNetworkRules | False | object | The public network rule is the rule applied to other non-vpn interfaces on the client Allowed types are: [ExtendedAccessList] |
|||
| browserProxyType | False | string | Enum with values NO_PROXY, NO_MODIFY, AUTO_DETECT and USE_SERVER | |||
| proxy | False | object | Proxy server and port of type serverhostandport | |||
| proxyExceptions | False | [object] | A list of type serverhostandport | |||
| enabledAnyConnectModules | False | [object] | Set of Enums with values DART, FEEDBACK, WEB_SECURITY, ANY_CONNECT_CLIENT_PROFILE, AMP_ENABLER, NETWORK_ACCESS_MANAGER, NETWORK_VISIBILITY, START_BEFORE_LOGIN, ISE_POSTURE, UMBRELLA | |||
| isEnablePeriodicClientCertAuthentication | False | boolean | When you enable periodic certificate authentication, the ASA stores certificate chains received from VPN clients and re-authenticates them periodically. By default this is disabled. | |||
| type | True | string | ravpngrouppolicy | |||
Example
- name: Execute 'addRaVpnGroupPolicy' operation
ftd_configuration:
operation: "addRaVpnGroupPolicy"
data:
name: "{{ name }}"
banner: "{{ banner }}"
dnsServerGroup: "{{ dns_server_group }}"
defaultDomainName: "{{ default_domain_name }}"
simultaneousLoginPerUser: "{{ simultaneous_login_per_user }}"
maxConnectionTimeout: "{{ max_connection_timeout }}"
maxConnectionTimeAlertInterval: "{{ max_connection_time_alert_interval }}"
vpnIdleTimeout: "{{ vpn_idle_timeout }}"
vpnIdleTimeoutAlertInterval: "{{ vpn_idle_timeout_alert_interval }}"
ipv4LocalAddressPool: "{{ ipv4_local_address_pool }}"
ipv6LocalAddressPool: "{{ ipv6_local_address_pool }}"
dhcpScope: "{{ dhcp_scope }}"
ipv4SplitTunnelSetting: "{{ ipv4_split_tunnel_setting }}"
ipv6SplitTunnelSetting: "{{ ipv6_split_tunnel_setting }}"
ipv4SplitTunnelNetworks: "{{ ipv4_split_tunnel_networks }}"
ipv6SplitTunnelNetworks: "{{ ipv6_split_tunnel_networks }}"
splitDNSRequestPolicy: "{{ split_dns_request_policy }}"
splitDNSDomainList: "{{ split_dns_domain_list }}"
scepForwardingUrl: "{{ scep_forwarding_url }}"
periodicClientCertAuthenticationInterval: "{{ periodic_client_cert_authentication_interval }}"
enableDTLS: "{{ enable_dtls }}"
enableDTLSCompression: "{{ enable_dtls_compression }}"
sslCompression: "{{ ssl_compression }}"
enableSSLrekey: "{{ enable_ss_lrekey }}"
rekeyMethod: "{{ rekey_method }}"
rekeyInterval: "{{ rekey_interval }}"
ignoreDFBit: "{{ ignore_df_bit }}"
bypassUnsupportProtocol: "{{ bypass_unsupport_protocol }}"
mtuSize: "{{ mtu_size }}"
useAlwaysOnVPNSettingInProfile: "{{ use_always_on_vpn_setting_in_profile }}"
enableKeepAliveMessages: "{{ enable_keep_alive_messages }}"
keepAliveMessageInterval: "{{ keep_alive_message_interval }}"
enableGatewayDPD: "{{ enable_gateway_dpd }}"
gatewayDPDInterval: "{{ gateway_dpd_interval }}"
enableClientDPD: "{{ enable_client_dpd }}"
clientDPDInterval: "{{ client_dpd_interval }}"
clientProfiles: "{{ client_profiles }}"
keepInstallerOnClient: "{{ keep_installer_on_client }}"
vpnTrafficFilterACL: "{{ vpn_traffic_filter_acl }}"
enableRestrictVPNToVLAN: "{{ enable_restrict_vpn_to_vlan }}"
restrictVPNToVLANId: "{{ restrict_vpn_to_vlan_id }}"
clientFirewallPrivateNetworkRules: "{{ client_firewall_private_network_rules }}"
clientFirewallPublicNetworkRules: "{{ client_firewall_public_network_rules }}"
browserProxyType: "{{ browser_proxy_type }}"
proxy: "{{ proxy }}"
proxyExceptions: "{{ proxy_exceptions }}"
enabledAnyConnectModules: "{{ enabled_any_connect_modules }}"
isEnablePeriodicClientCertAuthentication: "{{ is_enable_periodic_client_cert_authentication }}"
type: "{{ type }}"