Get IPSec VPN configuration for the peer site
(Deprecated)
Download IPSec VPN configuration for the peer site. Peer config also
contains PSK; be careful when sharing or storing it.
Deprecated: This API is deprecated. Please use GET /infra/tier-0s/<tier-0-id>/ipsec-vpn-services/<service-id>/sessions/<session-id>/peer-config instead.
Note:
Please note that request is validated and any error messages returned from validation may include
the new VPN path instead of the deprecated path. Both new path and old path refer to same resource.
Request:
URI Path(s):
/policy/api/v1/infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/peer-config
Query Parameters:
PolicyRuntimeOnEpRequestParameters+
enforcement_point_path |
String Path of the enforcement point
enforcement point path, forward slashes must be escaped using %2F.
|
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-0s/ext_net/locale-services/default/ipsec-vpn-services/default/sessions/rbs-1/peer-config
Successful Response:
Response Headers:
Content-type: text/plain; charset=utf-8
Example Response:
# Suggestive peer configuration for Policy IPSec VPN
#
# IPSec VPN path : /infra/tier-0s/ext_net/locale-services/default/ipsec-vpn-services/default/sessions/rbs-1/peer-config
# IPSec VPN name : rbs-1
# IPSec VPN description :
# Tier 0 path : /infra/tier-0s/ext_net
#
# Enforcement point path : /infra/deployment-zones/default/enforcement-points/nsxt
# Enforcement point type : NSXT
#
# Suggestive peer configuration for IPSec VPN Connection
#
# IPSecVPNSession Id : aafeb845-e2fa-4c86-9f0e-43c5ed3ef707
# IPSecVPNSession name : PROVIDER.ext_net.pa-paris-rb-vpn
# IPSecVPNSession description:
# IPSecVPNSession enabled : true
# IPSecVPNSession type : Route based VPN
# Logical router Id : d58beabb-853c-473c-ad8d-34bd9c644692
# Generated Time : Tue Apr 03 14:21:13 GMT 2018
#
# Internet Key Exchange Configuration [Phase 1]
# Configure the IKE SA as outlined below
IKE version : IKE_V2
Connection initiation mode : INITIATOR
Authentication method : PSK
Pre shared key : 12345
Authentication algorithm : [SHA2_256]
Encryption algorithm : [AES_128]
SA life time : 86400
Negotiation mode : Not applicable for ikev2
DH group : [GROUP14]
# IPsec_configuration [Phase 2]
# Configure the IPsec SA as outlined below
Transform Protocol : ESP
Authentication algorithm : []
Sa life time : 3600
Encryption algorithm : [AES_GCM_128]
Encapsulation mode : TUNNEL_MODE
Enable perfect forward secrecy : true
Perfect forward secrecy DH group: [GROUP14]
# IPsec Dead Peer Detection (DPD) settings
DPD enabled : true
DPD probe interval : 60
# Peer configuration
Peer address : 88.88.72.22 # Peer gateway public IP.
Peer id : 88.88.72.22
Peer Subnet : 0.0.0.0/0
# Local configuration
Local address : 44.44.44.46 # Local gateway public IP.
Local id : 99.33.33.33
Local Subnet : 0.0.0.0/0
# Virtual Tunnel Interface
Peer VTI address : 192.168.2.1
Local VTI address : 192.168.2.11
Tunnel Interface MTU : 1416 bytes
#
# BGP Configuration
#
BGP neighbour IP : 192.168.2.1
BGP neighbour AS number : 2000
BGP local IP : 192.168.2.11
BGP local AS number : 65556
BGP secret : PolicyRocks
BGP hold down timer : 180
BGP keep alive timer : 60
BFD Status : false
Required Permissions:
crud
Feature:
policy_vpn
Additional Errors: