Docs
Packagesf5 BIG-IP v3.17.2 published on Wednesday, Jun 26, 2024 by Pulumi
f5bigip.IpsecPolicy
Explore with Pulumi AI
f5bigip.IpsecPolicy Manage IPSec policies on a BIG-IP
Resources should be named with their “full path”. The full path is the combination of the partition + name (example: /Common/test-policy)
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";
const test_policy = new f5bigip.IpsecPolicy("test-policy", {
name: "/Common/test-policy",
description: "created by terraform provider",
protocol: "esp",
mode: "tunnel",
tunnelLocalAddress: "192.168.1.1",
tunnelRemoteAddress: "10.10.1.1",
authAlgorithm: "sha1",
encryptAlgorithm: "3des",
lifetime: 3,
ipcomp: "deflate",
});
import pulumi
import pulumi_f5bigip as f5bigip
test_policy = f5bigip.IpsecPolicy("test-policy",
name="/Common/test-policy",
description="created by terraform provider",
protocol="esp",
mode="tunnel",
tunnel_local_address="192.168.1.1",
tunnel_remote_address="10.10.1.1",
auth_algorithm="sha1",
encrypt_algorithm="3des",
lifetime=3,
ipcomp="deflate")
package main
import (
"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := f5bigip.NewIpsecPolicy(ctx, "test-policy", &f5bigip.IpsecPolicyArgs{
Name: pulumi.String("/Common/test-policy"),
Description: pulumi.String("created by terraform provider"),
Protocol: pulumi.String("esp"),
Mode: pulumi.String("tunnel"),
TunnelLocalAddress: pulumi.String("192.168.1.1"),
TunnelRemoteAddress: pulumi.String("10.10.1.1"),
AuthAlgorithm: pulumi.String("sha1"),
EncryptAlgorithm: pulumi.String("3des"),
Lifetime: pulumi.Int(3),
Ipcomp: pulumi.String("deflate"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using F5BigIP = Pulumi.F5BigIP;
return await Deployment.RunAsync(() =>
{
var test_policy = new F5BigIP.IpsecPolicy("test-policy", new()
{
Name = "/Common/test-policy",
Description = "created by terraform provider",
Protocol = "esp",
Mode = "tunnel",
TunnelLocalAddress = "192.168.1.1",
TunnelRemoteAddress = "10.10.1.1",
AuthAlgorithm = "sha1",
EncryptAlgorithm = "3des",
Lifetime = 3,
Ipcomp = "deflate",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.f5bigip.IpsecPolicy;
import com.pulumi.f5bigip.IpsecPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test_policy = new IpsecPolicy("test-policy", IpsecPolicyArgs.builder()
.name("/Common/test-policy")
.description("created by terraform provider")
.protocol("esp")
.mode("tunnel")
.tunnelLocalAddress("192.168.1.1")
.tunnelRemoteAddress("10.10.1.1")
.authAlgorithm("sha1")
.encryptAlgorithm("3des")
.lifetime(3)
.ipcomp("deflate")
.build());
}
}
resources:
test-policy:
type: f5bigip:IpsecPolicy
properties:
name: /Common/test-policy
description: created by terraform provider
protocol: esp
mode: tunnel
tunnelLocalAddress: 192.168.1.1
tunnelRemoteAddress: 10.10.1.1
authAlgorithm: sha1
encryptAlgorithm: 3des
lifetime: 3
ipcomp: deflate
Create IpsecPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IpsecPolicy(name: string, args: IpsecPolicyArgs, opts?: CustomResourceOptions);@overload
def IpsecPolicy(resource_name: str,
args: IpsecPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IpsecPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
auth_algorithm: Optional[str] = None,
description: Optional[str] = None,
encrypt_algorithm: Optional[str] = None,
ipcomp: Optional[str] = None,
kb_lifetime: Optional[int] = None,
lifetime: Optional[int] = None,
mode: Optional[str] = None,
perfect_forward_secrecy: Optional[str] = None,
protocol: Optional[str] = None,
tunnel_local_address: Optional[str] = None,
tunnel_remote_address: Optional[str] = None)func NewIpsecPolicy(ctx *Context, name string, args IpsecPolicyArgs, opts ...ResourceOption) (*IpsecPolicy, error)public IpsecPolicy(string name, IpsecPolicyArgs args, CustomResourceOptions? opts = null)
public IpsecPolicy(String name, IpsecPolicyArgs args)
public IpsecPolicy(String name, IpsecPolicyArgs args, CustomResourceOptions options)
type: f5bigip:IpsecPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IpsecPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IpsecPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IpsecPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IpsecPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IpsecPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ipsecPolicyResource = new F5BigIP.IpsecPolicy("ipsecPolicyResource", new()
{
Name = "string",
AuthAlgorithm = "string",
Description = "string",
EncryptAlgorithm = "string",
Ipcomp = "string",
KbLifetime = 0,
Lifetime = 0,
Mode = "string",
PerfectForwardSecrecy = "string",
Protocol = "string",
TunnelLocalAddress = "string",
TunnelRemoteAddress = "string",
});
example, err := f5bigip.NewIpsecPolicy(ctx, "ipsecPolicyResource", &f5bigip.IpsecPolicyArgs{
Name: pulumi.String("string"),
AuthAlgorithm: pulumi.String("string"),
Description: pulumi.String("string"),
EncryptAlgorithm: pulumi.String("string"),
Ipcomp: pulumi.String("string"),
KbLifetime: pulumi.Int(0),
Lifetime: pulumi.Int(0),
Mode: pulumi.String("string"),
PerfectForwardSecrecy: pulumi.String("string"),
Protocol: pulumi.String("string"),
TunnelLocalAddress: pulumi.String("string"),
TunnelRemoteAddress: pulumi.String("string"),
})
var ipsecPolicyResource = new IpsecPolicy("ipsecPolicyResource", IpsecPolicyArgs.builder()
.name("string")
.authAlgorithm("string")
.description("string")
.encryptAlgorithm("string")
.ipcomp("string")
.kbLifetime(0)
.lifetime(0)
.mode("string")
.perfectForwardSecrecy("string")
.protocol("string")
.tunnelLocalAddress("string")
.tunnelRemoteAddress("string")
.build());
ipsec_policy_resource = f5bigip.IpsecPolicy("ipsecPolicyResource",
name="string",
auth_algorithm="string",
description="string",
encrypt_algorithm="string",
ipcomp="string",
kb_lifetime=0,
lifetime=0,
mode="string",
perfect_forward_secrecy="string",
protocol="string",
tunnel_local_address="string",
tunnel_remote_address="string")
const ipsecPolicyResource = new f5bigip.IpsecPolicy("ipsecPolicyResource", {
name: "string",
authAlgorithm: "string",
description: "string",
encryptAlgorithm: "string",
ipcomp: "string",
kbLifetime: 0,
lifetime: 0,
mode: "string",
perfectForwardSecrecy: "string",
protocol: "string",
tunnelLocalAddress: "string",
tunnelRemoteAddress: "string",
});
type: f5bigip:IpsecPolicy
properties:
authAlgorithm: string
description: string
encryptAlgorithm: string
ipcomp: string
kbLifetime: 0
lifetime: 0
mode: string
name: string
perfectForwardSecrecy: string
protocol: string
tunnelLocalAddress: string
tunnelRemoteAddress: string
IpsecPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The IpsecPolicy resource accepts the following input properties:
- Name string
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - Auth
Algorithm string - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - Description string
- Description of the IPSec policy.
- Encrypt
Algorithm string - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - Ipcomp string
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - Kb
Lifetime int - Specifies the length of time before the IKE security association expires, in kilobytes.
- Lifetime int
- Specifies the length of time before the IKE security association expires, in minutes.
- Mode string
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - Perfect
Forward stringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - Protocol string
- Specifies the IPsec protocol. Valid choices are:
ah, esp - Tunnel
Local stringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- Tunnel
Remote stringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- Name string
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - Auth
Algorithm string - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - Description string
- Description of the IPSec policy.
- Encrypt
Algorithm string - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - Ipcomp string
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - Kb
Lifetime int - Specifies the length of time before the IKE security association expires, in kilobytes.
- Lifetime int
- Specifies the length of time before the IKE security association expires, in minutes.
- Mode string
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - Perfect
Forward stringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - Protocol string
- Specifies the IPsec protocol. Valid choices are:
ah, esp - Tunnel
Local stringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- Tunnel
Remote stringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- name String
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - auth
Algorithm String - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description String
- Description of the IPSec policy.
- encrypt
Algorithm String - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp String
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb
Lifetime Integer - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime Integer
- Specifies the length of time before the IKE security association expires, in minutes.
- mode String
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - perfect
Forward StringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol String
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel
Local StringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel
Remote StringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- name string
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - auth
Algorithm string - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description string
- Description of the IPSec policy.
- encrypt
Algorithm string - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp string
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb
Lifetime number - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime number
- Specifies the length of time before the IKE security association expires, in minutes.
- mode string
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - perfect
Forward stringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol string
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel
Local stringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel
Remote stringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- name str
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - auth_
algorithm str - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description str
- Description of the IPSec policy.
- encrypt_
algorithm str - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp str
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb_
lifetime int - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime int
- Specifies the length of time before the IKE security association expires, in minutes.
- mode str
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - perfect_
forward_ strsecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol str
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel_
local_ straddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel_
remote_ straddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- name String
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - auth
Algorithm String - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description String
- Description of the IPSec policy.
- encrypt
Algorithm String - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp String
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb
Lifetime Number - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime Number
- Specifies the length of time before the IKE security association expires, in minutes.
- mode String
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - perfect
Forward StringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol String
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel
Local StringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel
Remote StringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
Outputs
All input properties are implicitly available as output properties. Additionally, the IpsecPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IpsecPolicy Resource
Get an existing IpsecPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IpsecPolicyState, opts?: CustomResourceOptions): IpsecPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auth_algorithm: Optional[str] = None,
description: Optional[str] = None,
encrypt_algorithm: Optional[str] = None,
ipcomp: Optional[str] = None,
kb_lifetime: Optional[int] = None,
lifetime: Optional[int] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
perfect_forward_secrecy: Optional[str] = None,
protocol: Optional[str] = None,
tunnel_local_address: Optional[str] = None,
tunnel_remote_address: Optional[str] = None) -> IpsecPolicyfunc GetIpsecPolicy(ctx *Context, name string, id IDInput, state *IpsecPolicyState, opts ...ResourceOption) (*IpsecPolicy, error)public static IpsecPolicy Get(string name, Input<string> id, IpsecPolicyState? state, CustomResourceOptions? opts = null)public static IpsecPolicy get(String name, Output<String> id, IpsecPolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auth
Algorithm string - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - Description string
- Description of the IPSec policy.
- Encrypt
Algorithm string - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - Ipcomp string
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - Kb
Lifetime int - Specifies the length of time before the IKE security association expires, in kilobytes.
- Lifetime int
- Specifies the length of time before the IKE security association expires, in minutes.
- Mode string
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - Name string
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - Perfect
Forward stringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - Protocol string
- Specifies the IPsec protocol. Valid choices are:
ah, esp - Tunnel
Local stringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- Tunnel
Remote stringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- Auth
Algorithm string - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - Description string
- Description of the IPSec policy.
- Encrypt
Algorithm string - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - Ipcomp string
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - Kb
Lifetime int - Specifies the length of time before the IKE security association expires, in kilobytes.
- Lifetime int
- Specifies the length of time before the IKE security association expires, in minutes.
- Mode string
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - Name string
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - Perfect
Forward stringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - Protocol string
- Specifies the IPsec protocol. Valid choices are:
ah, esp - Tunnel
Local stringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- Tunnel
Remote stringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- auth
Algorithm String - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description String
- Description of the IPSec policy.
- encrypt
Algorithm String - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp String
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb
Lifetime Integer - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime Integer
- Specifies the length of time before the IKE security association expires, in minutes.
- mode String
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - name String
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - perfect
Forward StringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol String
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel
Local StringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel
Remote StringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- auth
Algorithm string - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description string
- Description of the IPSec policy.
- encrypt
Algorithm string - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp string
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb
Lifetime number - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime number
- Specifies the length of time before the IKE security association expires, in minutes.
- mode string
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - name string
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - perfect
Forward stringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol string
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel
Local stringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel
Remote stringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- auth_
algorithm str - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description str
- Description of the IPSec policy.
- encrypt_
algorithm str - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp str
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb_
lifetime int - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime int
- Specifies the length of time before the IKE security association expires, in minutes.
- mode str
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - name str
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - perfect_
forward_ strsecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol str
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel_
local_ straddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel_
remote_ straddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- auth
Algorithm String - Specifies the algorithm to use for IKE authentication. Valid choices are:
sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256 - description String
- Description of the IPSec policy.
- encrypt
Algorithm String - Specifies the algorithm to use for IKE encryption. Valid choices are:
null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128 - ipcomp String
- Specifies whether to use IPComp encapsulation. Valid choices are:
none", null", deflate - kb
Lifetime Number - Specifies the length of time before the IKE security association expires, in kilobytes.
- lifetime Number
- Specifies the length of time before the IKE security association expires, in minutes.
- mode String
- Specifies the processing mode. Valid choices are:
transport, interface, isession, tunnel - name String
- Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example
/Common/test-policy) - perfect
Forward StringSecrecy - Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are:
none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192 - protocol String
- Specifies the IPsec protocol. Valid choices are:
ah, esp - tunnel
Local StringAddress - Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
- tunnel
Remote StringAddress - Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
Package Details
- Repository
- f5 BIG-IP pulumi/pulumi-f5bigip
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
bigipTerraform Provider.