Policy > Networking > Network Services > VPN > IPSEC > Sessions

Get IPSec VPN configuration for the peer site

Download IPSec VPN configuration for the peer site. Peer config also
contains PSK; be careful when sharing or storing it.
This API is only available when using VMware NSX-T.

Request:

Method:
GET
URI Path(s):
/policy/api/v1/infra/tier-1s/<tier-1-id>/ipsec-vpn-services/<service-id>/sessions/<session-id>/peer-config
Request Headers:
n/a
Query Parameters:
PolicyRuntimeOnEpRequestParameters+
Request Body:
n/a

Example Request:

GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/int_net/ipsec-vpn-services/default/sessions/rbs-1/peer-config

Successful Response:

Response Code:
200 OK
Response Headers:
Content-type: text/plain; charset=utf-8
Response Body:
string

Example Response:

# Suggestive peer configuration for Policy IPSec VPN # # IPSec VPN path : /infra/tier-1s/int_net/ipsec-vpn-services/default/sessions/rbs-1/peer-config # IPSec VPN name : rbs-1 # IPSec VPN description : # Tier 1 path : /infra/tier-1s/int_net # # Enforcement point path : /infra/deployment-zones/default/enforcement-points/nsxt # Enforcement point type : NSXT # # Suggestive peer configuration for IPSec VPN Connection # # IPSecVPNSession Id : aafeb845-e2fa-4c86-9f0e-43c5ed3ef707 # IPSecVPNSession name : PROVIDER.int_net.pa-paris-rb-vpn # IPSecVPNSession description: # IPSecVPNSession enabled : true # IPSecVPNSession type : Route based VPN # Logical router Id : d58beabb-853c-473c-ad8d-34bd9c644692 # Generated Time : Tue Apr 03 14:21:13 GMT 2018 # # Internet Key Exchange Configuration [Phase 1] # Configure the IKE SA as outlined below IKE version : IKE_V2 Connection initiation mode : INITIATOR Authentication method : PSK Pre shared key : 12345 Authentication algorithm : [SHA2_256] Encryption algorithm : [AES_128] SA life time : 86400 Negotiation mode : Not applicable for ikev2 DH group : [GROUP14] # IPsec_configuration [Phase 2] # Configure the IPsec SA as outlined below Transform Protocol : ESP Authentication algorithm : [] Sa life time : 3600 Encryption algorithm : [AES_GCM_128] Encapsulation mode : TUNNEL_MODE Enable perfect forward secrecy : true Perfect forward secrecy DH group: [GROUP14] # IPsec Dead Peer Detection (DPD) settings DPD enabled : true DPD probe interval : 60 # Peer configuration Peer address : 88.88.72.22 # Peer gateway public IP. Peer id : 88.88.72.22 Peer Subnet : 0.0.0.0/0 # Local configuration Local address : 44.44.44.46 # Local gateway public IP. Local id : 99.33.33.33 Local Subnet : 0.0.0.0/0 # Virtual Tunnel Interface Peer VTI address : 192.168.2.1 Local VTI address : 192.168.2.11 Tunnel Interface MTU : 1416 bytes # # BGP Configuration # BGP neighbour IP : 192.168.2.1 BGP neighbour AS number : 2000 BGP local IP : 192.168.2.11 BGP local AS number : 65556 BGP secret : PolicyRocks BGP hold down timer : 180 BGP keep alive timer : 60 BFD Status : false

Required Permissions:

crud

Feature:

policy_vpn

Additional Errors: