Policy >
Networking
>
Network Services
>
VPN
>
IPSEC
>
Sessions
Get IPSec VPN configuration for the peer site
Download IPSec VPN configuration for the peer site. Peer config also
contains PSK; be careful when sharing or storing it.
This API is only available when using VMware NSX-T.
Request:
Method:
GET
URI Path(s):
/policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-service-id>/ipsec-vpn-services/<service-id>/sessions/<session-id>/peer-config
Request Headers:
n/a
Query Parameters:
PolicyRuntimeOnEpRequestParameters
+
PolicyRuntimeOnEpRequestParameters
(
schema
)
Name
Description
Type
Notes
enforcement_point_path
String Path of the enforcement point
enforcement point path, forward slashes must be escaped using %2F.
string
Request Body:
n/a
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/int_net/locale-services/default/ipsec-vpn-services/default/sessions/rbs-1/peer-config
Successful Response:
Response Code:
200 OK
Response Headers:
Content-type: text/plain; charset=utf-8
Response Body:
string
Example Response:
# Suggestive peer configuration for Policy IPSec VPN # # IPSec VPN path : /infra/tier-1s/int_net/locale-services/default/ipsec-vpn-services/default/sessions/rbs-1/peer-config # IPSec VPN name : rbs-1 # IPSec VPN description : # Tier 1 path : /infra/tier-1s/int_net # # Enforcement point path : /infra/deployment-zones/default/enforcement-points/nsxt # Enforcement point type : NSXT # # Suggestive peer configuration for IPSec VPN Connection # # IPSecVPNSession Id : aafeb845-e2fa-4c86-9f0e-43c5ed3ef707 # IPSecVPNSession name : PROVIDER.int_net.pa-paris-rb-vpn # IPSecVPNSession description: # IPSecVPNSession enabled : true # IPSecVPNSession type : Route based VPN # Logical router Id : d58beabb-853c-473c-ad8d-34bd9c644692 # Generated Time : Tue Apr 03 14:21:13 GMT 2018 # # Internet Key Exchange Configuration [Phase 1] # Configure the IKE SA as outlined below IKE version : IKE_V2 Connection initiation mode : INITIATOR Authentication method : PSK Pre shared key : 12345 Authentication algorithm : [SHA2_256] Encryption algorithm : [AES_128] SA life time : 86400 Negotiation mode : Not applicable for ikev2 DH group : [GROUP14] # IPsec_configuration [Phase 2] # Configure the IPsec SA as outlined below Transform Protocol : ESP Authentication algorithm : [] Sa life time : 3600 Encryption algorithm : [AES_GCM_128] Encapsulation mode : TUNNEL_MODE Enable perfect forward secrecy : true Perfect forward secrecy DH group: [GROUP14] # IPsec Dead Peer Detection (DPD) settings DPD enabled : true DPD probe interval : 60 # Peer configuration Peer address : 88.88.72.22 # Peer gateway public IP. Peer id : 88.88.72.22 Peer Subnet : 0.0.0.0/0 # Local configuration Local address : 44.44.44.46 # Local gateway public IP. Local id : 99.33.33.33 Local Subnet : 0.0.0.0/0 # Virtual Tunnel Interface Peer VTI address : 192.168.2.1 Local VTI address : 192.168.2.11 Tunnel Interface MTU : 1416 bytes # # BGP Configuration # BGP neighbour IP : 192.168.2.1 BGP neighbour AS number : 2000 BGP local IP : 192.168.2.11 BGP local AS number : 65556 BGP secret : PolicyRocks BGP hold down timer : 180 BGP keep alive timer : 60 BFD Status : false
Required Permissions:
crud
Feature:
policy_vpn
Additional Errors:
404 Not Found
301 Moved Permanently
307 Temporary Redirect
400 Bad Request
403 Forbidden
409 Conflict
500 Internal Server Error
503 Service Unavailable