f5 BIG-IP v3.17.2, Jun 26 24

f5 BIG-IP v3.17.2 published on Wednesday, Jun 26, 2024 by Pulumi

f5bigip.NetIkePeer

Explore with Pulumi AI

f5 BIG-IP v3.17.2 published on Wednesday, Jun 26, 2024 by Pulumi

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

Coming soon!

resources:
  example1:
    type: f5bigip:NetIkePeer
    properties:
      name: example1
      localAddress: 192.16.81.240
      profile: /Common/dslite

Create NetIkePeer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new NetIkePeer(name: string, args: NetIkePeerArgs, opts?: CustomResourceOptions);

@overload
def NetIkePeer(resource_name: str,
               args: NetIkePeerArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def NetIkePeer(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               name: Optional[str] = None,
               remote_address: Optional[str] = None,
               peers_cert_file: Optional[str] = None,
               traffic_selectors: Optional[Sequence[str]] = None,
               dpd_delay: Optional[int] = None,
               generate_policy: Optional[str] = None,
               lifetime: Optional[int] = None,
               mode: Optional[str] = None,
               peers_id_type: Optional[str] = None,
               my_cert_key_file: Optional[str] = None,
               my_cert_key_passphrase: Optional[str] = None,
               my_id_type: Optional[str] = None,
               my_id_value: Optional[str] = None,
               crl_file: Optional[str] = None,
               nat_traversal: Optional[str] = None,
               passive: Optional[str] = None,
               versions: Optional[Sequence[str]] = None,
               description: Optional[str] = None,
               my_cert_file: Optional[str] = None,
               peers_id_value: Optional[str] = None,
               phase1_auth_method: Optional[str] = None,
               phase1_encrypt_algorithm: Optional[str] = None,
               phase1_hash_algorithm: Optional[str] = None,
               phase1_perfect_forward_secrecy: Optional[str] = None,
               preshared_key: Optional[str] = None,
               preshared_key_encrypted: Optional[str] = None,
               prf: Optional[str] = None,
               proxy_support: Optional[str] = None,
               ca_cert_file: Optional[str] = None,
               replay_window_size: Optional[int] = None,
               state: Optional[str] = None,
               peers_cert_type: Optional[str] = None,
               verify_cert: Optional[str] = None,
               app_service: Optional[str] = None)

func NewNetIkePeer(ctx *Context, name string, args NetIkePeerArgs, opts ...ResourceOption) (*NetIkePeer, error)

public NetIkePeer(string name, NetIkePeerArgs args, CustomResourceOptions? opts = null)

public NetIkePeer(String name, NetIkePeerArgs args)
public NetIkePeer(String name, NetIkePeerArgs args, CustomResourceOptions options)

type: f5bigip:NetIkePeer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args NetIkePeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args NetIkePeerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NetIkePeerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NetIkePeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args NetIkePeerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var netIkePeerResource = new F5BigIP.NetIkePeer("netIkePeerResource", new()
{
    Name = "string",
    RemoteAddress = "string",
    PeersCertFile = "string",
    TrafficSelectors = new[]
    {
        "string",
    },
    DpdDelay = 0,
    GeneratePolicy = "string",
    Lifetime = 0,
    Mode = "string",
    PeersIdType = "string",
    MyCertKeyFile = "string",
    MyCertKeyPassphrase = "string",
    MyIdType = "string",
    MyIdValue = "string",
    CrlFile = "string",
    NatTraversal = "string",
    Passive = "string",
    Versions = new[]
    {
        "string",
    },
    Description = "string",
    MyCertFile = "string",
    PeersIdValue = "string",
    Phase1AuthMethod = "string",
    Phase1EncryptAlgorithm = "string",
    Phase1HashAlgorithm = "string",
    Phase1PerfectForwardSecrecy = "string",
    PresharedKey = "string",
    PresharedKeyEncrypted = "string",
    Prf = "string",
    ProxySupport = "string",
    CaCertFile = "string",
    ReplayWindowSize = 0,
    State = "string",
    PeersCertType = "string",
    VerifyCert = "string",
    AppService = "string",
});

example, err := f5bigip.NewNetIkePeer(ctx, "netIkePeerResource", &f5bigip.NetIkePeerArgs{
	Name:          pulumi.String("string"),
	RemoteAddress: pulumi.String("string"),
	PeersCertFile: pulumi.String("string"),
	TrafficSelectors: pulumi.StringArray{
		pulumi.String("string"),
	},
	DpdDelay:            pulumi.Int(0),
	GeneratePolicy:      pulumi.String("string"),
	Lifetime:            pulumi.Int(0),
	Mode:                pulumi.String("string"),
	PeersIdType:         pulumi.String("string"),
	MyCertKeyFile:       pulumi.String("string"),
	MyCertKeyPassphrase: pulumi.String("string"),
	MyIdType:            pulumi.String("string"),
	MyIdValue:           pulumi.String("string"),
	CrlFile:             pulumi.String("string"),
	NatTraversal:        pulumi.String("string"),
	Passive:             pulumi.String("string"),
	Versions: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:                 pulumi.String("string"),
	MyCertFile:                  pulumi.String("string"),
	PeersIdValue:                pulumi.String("string"),
	Phase1AuthMethod:            pulumi.String("string"),
	Phase1EncryptAlgorithm:      pulumi.String("string"),
	Phase1HashAlgorithm:         pulumi.String("string"),
	Phase1PerfectForwardSecrecy: pulumi.String("string"),
	PresharedKey:                pulumi.String("string"),
	PresharedKeyEncrypted:       pulumi.String("string"),
	Prf:                         pulumi.String("string"),
	ProxySupport:                pulumi.String("string"),
	CaCertFile:                  pulumi.String("string"),
	ReplayWindowSize:            pulumi.Int(0),
	State:                       pulumi.String("string"),
	PeersCertType:               pulumi.String("string"),
	VerifyCert:                  pulumi.String("string"),
	AppService:                  pulumi.String("string"),
})

var netIkePeerResource = new NetIkePeer("netIkePeerResource", NetIkePeerArgs.builder()
    .name("string")
    .remoteAddress("string")
    .peersCertFile("string")
    .trafficSelectors("string")
    .dpdDelay(0)
    .generatePolicy("string")
    .lifetime(0)
    .mode("string")
    .peersIdType("string")
    .myCertKeyFile("string")
    .myCertKeyPassphrase("string")
    .myIdType("string")
    .myIdValue("string")
    .crlFile("string")
    .natTraversal("string")
    .passive("string")
    .versions("string")
    .description("string")
    .myCertFile("string")
    .peersIdValue("string")
    .phase1AuthMethod("string")
    .phase1EncryptAlgorithm("string")
    .phase1HashAlgorithm("string")
    .phase1PerfectForwardSecrecy("string")
    .presharedKey("string")
    .presharedKeyEncrypted("string")
    .prf("string")
    .proxySupport("string")
    .caCertFile("string")
    .replayWindowSize(0)
    .state("string")
    .peersCertType("string")
    .verifyCert("string")
    .appService("string")
    .build());

net_ike_peer_resource = f5bigip.NetIkePeer("netIkePeerResource",
    name="string",
    remote_address="string",
    peers_cert_file="string",
    traffic_selectors=["string"],
    dpd_delay=0,
    generate_policy="string",
    lifetime=0,
    mode="string",
    peers_id_type="string",
    my_cert_key_file="string",
    my_cert_key_passphrase="string",
    my_id_type="string",
    my_id_value="string",
    crl_file="string",
    nat_traversal="string",
    passive="string",
    versions=["string"],
    description="string",
    my_cert_file="string",
    peers_id_value="string",
    phase1_auth_method="string",
    phase1_encrypt_algorithm="string",
    phase1_hash_algorithm="string",
    phase1_perfect_forward_secrecy="string",
    preshared_key="string",
    preshared_key_encrypted="string",
    prf="string",
    proxy_support="string",
    ca_cert_file="string",
    replay_window_size=0,
    state="string",
    peers_cert_type="string",
    verify_cert="string",
    app_service="string")

const netIkePeerResource = new f5bigip.NetIkePeer("netIkePeerResource", {
    name: "string",
    remoteAddress: "string",
    peersCertFile: "string",
    trafficSelectors: ["string"],
    dpdDelay: 0,
    generatePolicy: "string",
    lifetime: 0,
    mode: "string",
    peersIdType: "string",
    myCertKeyFile: "string",
    myCertKeyPassphrase: "string",
    myIdType: "string",
    myIdValue: "string",
    crlFile: "string",
    natTraversal: "string",
    passive: "string",
    versions: ["string"],
    description: "string",
    myCertFile: "string",
    peersIdValue: "string",
    phase1AuthMethod: "string",
    phase1EncryptAlgorithm: "string",
    phase1HashAlgorithm: "string",
    phase1PerfectForwardSecrecy: "string",
    presharedKey: "string",
    presharedKeyEncrypted: "string",
    prf: "string",
    proxySupport: "string",
    caCertFile: "string",
    replayWindowSize: 0,
    state: "string",
    peersCertType: "string",
    verifyCert: "string",
    appService: "string",
});

type: f5bigip:NetIkePeer
properties:
    appService: string
    caCertFile: string
    crlFile: string
    description: string
    dpdDelay: 0
    generatePolicy: string
    lifetime: 0
    mode: string
    myCertFile: string
    myCertKeyFile: string
    myCertKeyPassphrase: string
    myIdType: string
    myIdValue: string
    name: string
    natTraversal: string
    passive: string
    peersCertFile: string
    peersCertType: string
    peersIdType: string
    peersIdValue: string
    phase1AuthMethod: string
    phase1EncryptAlgorithm: string
    phase1HashAlgorithm: string
    phase1PerfectForwardSecrecy: string
    presharedKey: string
    presharedKeyEncrypted: string
    prf: string
    proxySupport: string
    remoteAddress: string
    replayWindowSize: 0
    state: string
    trafficSelectors:
        - string
    verifyCert: string
    versions:
        - string

NetIkePeer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The NetIkePeer resource accepts the following input properties:

Name string: Name of the ike_peer
RemoteAddress string: Specifies the IP address of the IKE remote node
AppService string: The application service that the object belongs to
CaCertFile string: the trusted root and intermediate certificate authorities
CrlFile string: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
Description string: User defined description
DpdDelay int: Specifies the number of seconds between Dead Peer Detection messages
GeneratePolicy string: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
Lifetime int: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
Mode string: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
MyCertFile string: Specifies the name of the certificate file object
MyCertKeyFile string: Specifies the name of the certificate key file object
MyCertKeyPassphrase string: Specifies the passphrase of the key used for my-cert-key-file
MyIdType string: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
MyIdValue string: Specifies the identifier value sent to the remote host in the phase 1 negotiation
NatTraversal string: Enables use of the NAT-Traversal IPsec extension
Passive string: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
PeersCertFile string: Specifies the peer’s certificate for authentication
PeersCertType string: Specifies that the only peers-cert-type supported is certfile
PeersIdType string: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
PeersIdValue string: Specifies the peer’s identifier to be received
Phase1AuthMethod string: Specifies the authentication method used for phase 1 negotiation
Phase1EncryptAlgorithm string: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
Phase1HashAlgorithm string: Defines the hash algorithm used for the isakmp phase 1 negotiation
Phase1PerfectForwardSecrecy string: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
PresharedKey string: Specifies the preshared key for ISAKMP SAs
PresharedKeyEncrypted string: Display the encrypted preshared-key for the IKE remote node
Prf string: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
ProxySupport string: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
ReplayWindowSize int: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
State string: Enables or disables this IKE remote node
TrafficSelectors List<string>: Specifies the names of the traffic-selector objects associated with this ike-peer
VerifyCert string: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
Versions List<string>: Specifies which version of IKE to be used

Name string: Name of the ike_peer
RemoteAddress string: Specifies the IP address of the IKE remote node
AppService string: The application service that the object belongs to
CaCertFile string: the trusted root and intermediate certificate authorities
CrlFile string: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
Description string: User defined description
DpdDelay int: Specifies the number of seconds between Dead Peer Detection messages
GeneratePolicy string: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
Lifetime int: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
Mode string: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
MyCertFile string: Specifies the name of the certificate file object
MyCertKeyFile string: Specifies the name of the certificate key file object
MyCertKeyPassphrase string: Specifies the passphrase of the key used for my-cert-key-file
MyIdType string: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
MyIdValue string: Specifies the identifier value sent to the remote host in the phase 1 negotiation
NatTraversal string: Enables use of the NAT-Traversal IPsec extension
Passive string: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
PeersCertFile string: Specifies the peer’s certificate for authentication
PeersCertType string: Specifies that the only peers-cert-type supported is certfile
PeersIdType string: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
PeersIdValue string: Specifies the peer’s identifier to be received
Phase1AuthMethod string: Specifies the authentication method used for phase 1 negotiation
Phase1EncryptAlgorithm string: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
Phase1HashAlgorithm string: Defines the hash algorithm used for the isakmp phase 1 negotiation
Phase1PerfectForwardSecrecy string: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
PresharedKey string: Specifies the preshared key for ISAKMP SAs
PresharedKeyEncrypted string: Display the encrypted preshared-key for the IKE remote node
Prf string: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
ProxySupport string: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
ReplayWindowSize int: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
State string: Enables or disables this IKE remote node
TrafficSelectors []string: Specifies the names of the traffic-selector objects associated with this ike-peer
VerifyCert string: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
Versions []string: Specifies which version of IKE to be used

name String: Name of the ike_peer
remoteAddress String: Specifies the IP address of the IKE remote node
appService String: The application service that the object belongs to
caCertFile String: the trusted root and intermediate certificate authorities
crlFile String: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description String: User defined description
dpdDelay Integer: Specifies the number of seconds between Dead Peer Detection messages
generatePolicy String: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime Integer: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode String: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
myCertFile String: Specifies the name of the certificate file object
myCertKeyFile String: Specifies the name of the certificate key file object
myCertKeyPassphrase String: Specifies the passphrase of the key used for my-cert-key-file
myIdType String: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
myIdValue String: Specifies the identifier value sent to the remote host in the phase 1 negotiation
natTraversal String: Enables use of the NAT-Traversal IPsec extension
passive String: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peersCertFile String: Specifies the peer’s certificate for authentication
peersCertType String: Specifies that the only peers-cert-type supported is certfile
peersIdType String: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peersIdValue String: Specifies the peer’s identifier to be received
phase1AuthMethod String: Specifies the authentication method used for phase 1 negotiation
phase1EncryptAlgorithm String: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1HashAlgorithm String: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1PerfectForwardSecrecy String: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
presharedKey String: Specifies the preshared key for ISAKMP SAs
presharedKeyEncrypted String: Display the encrypted preshared-key for the IKE remote node
prf String: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxySupport String: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
replayWindowSize Integer: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state String: Enables or disables this IKE remote node
trafficSelectors List<String>: Specifies the names of the traffic-selector objects associated with this ike-peer
verifyCert String: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions List<String>: Specifies which version of IKE to be used

name string: Name of the ike_peer
remoteAddress string: Specifies the IP address of the IKE remote node
appService string: The application service that the object belongs to
caCertFile string: the trusted root and intermediate certificate authorities
crlFile string: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description string: User defined description
dpdDelay number: Specifies the number of seconds between Dead Peer Detection messages
generatePolicy string: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime number: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode string: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
myCertFile string: Specifies the name of the certificate file object
myCertKeyFile string: Specifies the name of the certificate key file object
myCertKeyPassphrase string: Specifies the passphrase of the key used for my-cert-key-file
myIdType string: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
myIdValue string: Specifies the identifier value sent to the remote host in the phase 1 negotiation
natTraversal string: Enables use of the NAT-Traversal IPsec extension
passive string: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peersCertFile string: Specifies the peer’s certificate for authentication
peersCertType string: Specifies that the only peers-cert-type supported is certfile
peersIdType string: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peersIdValue string: Specifies the peer’s identifier to be received
phase1AuthMethod string: Specifies the authentication method used for phase 1 negotiation
phase1EncryptAlgorithm string: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1HashAlgorithm string: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1PerfectForwardSecrecy string: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
presharedKey string: Specifies the preshared key for ISAKMP SAs
presharedKeyEncrypted string: Display the encrypted preshared-key for the IKE remote node
prf string: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxySupport string: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
replayWindowSize number: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state string: Enables or disables this IKE remote node
trafficSelectors string[]: Specifies the names of the traffic-selector objects associated with this ike-peer
verifyCert string: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions string[]: Specifies which version of IKE to be used

name str: Name of the ike_peer
remote_address str: Specifies the IP address of the IKE remote node
app_service str: The application service that the object belongs to
ca_cert_file str: the trusted root and intermediate certificate authorities
crl_file str: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description str: User defined description
dpd_delay int: Specifies the number of seconds between Dead Peer Detection messages
generate_policy str: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime int: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode str: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
my_cert_file str: Specifies the name of the certificate file object
my_cert_key_file str: Specifies the name of the certificate key file object
my_cert_key_passphrase str: Specifies the passphrase of the key used for my-cert-key-file
my_id_type str: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
my_id_value str: Specifies the identifier value sent to the remote host in the phase 1 negotiation
nat_traversal str: Enables use of the NAT-Traversal IPsec extension
passive str: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peers_cert_file str: Specifies the peer’s certificate for authentication
peers_cert_type str: Specifies that the only peers-cert-type supported is certfile
peers_id_type str: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peers_id_value str: Specifies the peer’s identifier to be received
phase1_auth_method str: Specifies the authentication method used for phase 1 negotiation
phase1_encrypt_algorithm str: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1_hash_algorithm str: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1_perfect_forward_secrecy str: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
preshared_key str: Specifies the preshared key for ISAKMP SAs
preshared_key_encrypted str: Display the encrypted preshared-key for the IKE remote node
prf str: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxy_support str: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
replay_window_size int: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state str: Enables or disables this IKE remote node
traffic_selectors Sequence[str]: Specifies the names of the traffic-selector objects associated with this ike-peer
verify_cert str: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions Sequence[str]: Specifies which version of IKE to be used

name String: Name of the ike_peer
remoteAddress String: Specifies the IP address of the IKE remote node
appService String: The application service that the object belongs to
caCertFile String: the trusted root and intermediate certificate authorities
crlFile String: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description String: User defined description
dpdDelay Number: Specifies the number of seconds between Dead Peer Detection messages
generatePolicy String: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime Number: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode String: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
myCertFile String: Specifies the name of the certificate file object
myCertKeyFile String: Specifies the name of the certificate key file object
myCertKeyPassphrase String: Specifies the passphrase of the key used for my-cert-key-file
myIdType String: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
myIdValue String: Specifies the identifier value sent to the remote host in the phase 1 negotiation
natTraversal String: Enables use of the NAT-Traversal IPsec extension
passive String: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peersCertFile String: Specifies the peer’s certificate for authentication
peersCertType String: Specifies that the only peers-cert-type supported is certfile
peersIdType String: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peersIdValue String: Specifies the peer’s identifier to be received
phase1AuthMethod String: Specifies the authentication method used for phase 1 negotiation
phase1EncryptAlgorithm String: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1HashAlgorithm String: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1PerfectForwardSecrecy String: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
presharedKey String: Specifies the preshared key for ISAKMP SAs
presharedKeyEncrypted String: Display the encrypted preshared-key for the IKE remote node
prf String: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxySupport String: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
replayWindowSize Number: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state String: Enables or disables this IKE remote node
trafficSelectors List<String>: Specifies the names of the traffic-selector objects associated with this ike-peer
verifyCert String: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions List<String>: Specifies which version of IKE to be used

Outputs

All input properties are implicitly available as output properties. Additionally, the NetIkePeer resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing NetIkePeer Resource

Get an existing NetIkePeer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NetIkePeerState, opts?: CustomResourceOptions): NetIkePeer

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_service: Optional[str] = None,
        ca_cert_file: Optional[str] = None,
        crl_file: Optional[str] = None,
        description: Optional[str] = None,
        dpd_delay: Optional[int] = None,
        generate_policy: Optional[str] = None,
        lifetime: Optional[int] = None,
        mode: Optional[str] = None,
        my_cert_file: Optional[str] = None,
        my_cert_key_file: Optional[str] = None,
        my_cert_key_passphrase: Optional[str] = None,
        my_id_type: Optional[str] = None,
        my_id_value: Optional[str] = None,
        name: Optional[str] = None,
        nat_traversal: Optional[str] = None,
        passive: Optional[str] = None,
        peers_cert_file: Optional[str] = None,
        peers_cert_type: Optional[str] = None,
        peers_id_type: Optional[str] = None,
        peers_id_value: Optional[str] = None,
        phase1_auth_method: Optional[str] = None,
        phase1_encrypt_algorithm: Optional[str] = None,
        phase1_hash_algorithm: Optional[str] = None,
        phase1_perfect_forward_secrecy: Optional[str] = None,
        preshared_key: Optional[str] = None,
        preshared_key_encrypted: Optional[str] = None,
        prf: Optional[str] = None,
        proxy_support: Optional[str] = None,
        remote_address: Optional[str] = None,
        replay_window_size: Optional[int] = None,
        state: Optional[str] = None,
        traffic_selectors: Optional[Sequence[str]] = None,
        verify_cert: Optional[str] = None,
        versions: Optional[Sequence[str]] = None) -> NetIkePeer

func GetNetIkePeer(ctx *Context, name string, id IDInput, state *NetIkePeerState, opts ...ResourceOption) (*NetIkePeer, error)

public static NetIkePeer Get(string name, Input<string> id, NetIkePeerState? state, CustomResourceOptions? opts = null)

public static NetIkePeer get(String name, Output<String> id, NetIkePeerState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AppService string: The application service that the object belongs to
CaCertFile string: the trusted root and intermediate certificate authorities
CrlFile string: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
Description string: User defined description
DpdDelay int: Specifies the number of seconds between Dead Peer Detection messages
GeneratePolicy string: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
Lifetime int: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
Mode string: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
MyCertFile string: Specifies the name of the certificate file object
MyCertKeyFile string: Specifies the name of the certificate key file object
MyCertKeyPassphrase string: Specifies the passphrase of the key used for my-cert-key-file
MyIdType string: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
MyIdValue string: Specifies the identifier value sent to the remote host in the phase 1 negotiation
Name string: Name of the ike_peer
NatTraversal string: Enables use of the NAT-Traversal IPsec extension
Passive string: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
PeersCertFile string: Specifies the peer’s certificate for authentication
PeersCertType string: Specifies that the only peers-cert-type supported is certfile
PeersIdType string: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
PeersIdValue string: Specifies the peer’s identifier to be received
Phase1AuthMethod string: Specifies the authentication method used for phase 1 negotiation
Phase1EncryptAlgorithm string: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
Phase1HashAlgorithm string: Defines the hash algorithm used for the isakmp phase 1 negotiation
Phase1PerfectForwardSecrecy string: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
PresharedKey string: Specifies the preshared key for ISAKMP SAs
PresharedKeyEncrypted string: Display the encrypted preshared-key for the IKE remote node
Prf string: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
ProxySupport string: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
RemoteAddress string: Specifies the IP address of the IKE remote node
ReplayWindowSize int: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
State string: Enables or disables this IKE remote node
TrafficSelectors List<string>: Specifies the names of the traffic-selector objects associated with this ike-peer
VerifyCert string: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
Versions List<string>: Specifies which version of IKE to be used

AppService string: The application service that the object belongs to
CaCertFile string: the trusted root and intermediate certificate authorities
CrlFile string: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
Description string: User defined description
DpdDelay int: Specifies the number of seconds between Dead Peer Detection messages
GeneratePolicy string: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
Lifetime int: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
Mode string: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
MyCertFile string: Specifies the name of the certificate file object
MyCertKeyFile string: Specifies the name of the certificate key file object
MyCertKeyPassphrase string: Specifies the passphrase of the key used for my-cert-key-file
MyIdType string: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
MyIdValue string: Specifies the identifier value sent to the remote host in the phase 1 negotiation
Name string: Name of the ike_peer
NatTraversal string: Enables use of the NAT-Traversal IPsec extension
Passive string: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
PeersCertFile string: Specifies the peer’s certificate for authentication
PeersCertType string: Specifies that the only peers-cert-type supported is certfile
PeersIdType string: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
PeersIdValue string: Specifies the peer’s identifier to be received
Phase1AuthMethod string: Specifies the authentication method used for phase 1 negotiation
Phase1EncryptAlgorithm string: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
Phase1HashAlgorithm string: Defines the hash algorithm used for the isakmp phase 1 negotiation
Phase1PerfectForwardSecrecy string: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
PresharedKey string: Specifies the preshared key for ISAKMP SAs
PresharedKeyEncrypted string: Display the encrypted preshared-key for the IKE remote node
Prf string: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
ProxySupport string: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
RemoteAddress string: Specifies the IP address of the IKE remote node
ReplayWindowSize int: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
State string: Enables or disables this IKE remote node
TrafficSelectors []string: Specifies the names of the traffic-selector objects associated with this ike-peer
VerifyCert string: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
Versions []string: Specifies which version of IKE to be used

appService String: The application service that the object belongs to
caCertFile String: the trusted root and intermediate certificate authorities
crlFile String: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description String: User defined description
dpdDelay Integer: Specifies the number of seconds between Dead Peer Detection messages
generatePolicy String: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime Integer: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode String: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
myCertFile String: Specifies the name of the certificate file object
myCertKeyFile String: Specifies the name of the certificate key file object
myCertKeyPassphrase String: Specifies the passphrase of the key used for my-cert-key-file
myIdType String: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
myIdValue String: Specifies the identifier value sent to the remote host in the phase 1 negotiation
name String: Name of the ike_peer
natTraversal String: Enables use of the NAT-Traversal IPsec extension
passive String: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peersCertFile String: Specifies the peer’s certificate for authentication
peersCertType String: Specifies that the only peers-cert-type supported is certfile
peersIdType String: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peersIdValue String: Specifies the peer’s identifier to be received
phase1AuthMethod String: Specifies the authentication method used for phase 1 negotiation
phase1EncryptAlgorithm String: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1HashAlgorithm String: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1PerfectForwardSecrecy String: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
presharedKey String: Specifies the preshared key for ISAKMP SAs
presharedKeyEncrypted String: Display the encrypted preshared-key for the IKE remote node
prf String: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxySupport String: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
remoteAddress String: Specifies the IP address of the IKE remote node
replayWindowSize Integer: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state String: Enables or disables this IKE remote node
trafficSelectors List<String>: Specifies the names of the traffic-selector objects associated with this ike-peer
verifyCert String: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions List<String>: Specifies which version of IKE to be used

appService string: The application service that the object belongs to
caCertFile string: the trusted root and intermediate certificate authorities
crlFile string: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description string: User defined description
dpdDelay number: Specifies the number of seconds between Dead Peer Detection messages
generatePolicy string: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime number: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode string: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
myCertFile string: Specifies the name of the certificate file object
myCertKeyFile string: Specifies the name of the certificate key file object
myCertKeyPassphrase string: Specifies the passphrase of the key used for my-cert-key-file
myIdType string: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
myIdValue string: Specifies the identifier value sent to the remote host in the phase 1 negotiation
name string: Name of the ike_peer
natTraversal string: Enables use of the NAT-Traversal IPsec extension
passive string: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peersCertFile string: Specifies the peer’s certificate for authentication
peersCertType string: Specifies that the only peers-cert-type supported is certfile
peersIdType string: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peersIdValue string: Specifies the peer’s identifier to be received
phase1AuthMethod string: Specifies the authentication method used for phase 1 negotiation
phase1EncryptAlgorithm string: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1HashAlgorithm string: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1PerfectForwardSecrecy string: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
presharedKey string: Specifies the preshared key for ISAKMP SAs
presharedKeyEncrypted string: Display the encrypted preshared-key for the IKE remote node
prf string: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxySupport string: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
remoteAddress string: Specifies the IP address of the IKE remote node
replayWindowSize number: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state string: Enables or disables this IKE remote node
trafficSelectors string[]: Specifies the names of the traffic-selector objects associated with this ike-peer
verifyCert string: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions string[]: Specifies which version of IKE to be used

app_service str: The application service that the object belongs to
ca_cert_file str: the trusted root and intermediate certificate authorities
crl_file str: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description str: User defined description
dpd_delay int: Specifies the number of seconds between Dead Peer Detection messages
generate_policy str: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime int: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode str: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
my_cert_file str: Specifies the name of the certificate file object
my_cert_key_file str: Specifies the name of the certificate key file object
my_cert_key_passphrase str: Specifies the passphrase of the key used for my-cert-key-file
my_id_type str: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
my_id_value str: Specifies the identifier value sent to the remote host in the phase 1 negotiation
name str: Name of the ike_peer
nat_traversal str: Enables use of the NAT-Traversal IPsec extension
passive str: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peers_cert_file str: Specifies the peer’s certificate for authentication
peers_cert_type str: Specifies that the only peers-cert-type supported is certfile
peers_id_type str: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peers_id_value str: Specifies the peer’s identifier to be received
phase1_auth_method str: Specifies the authentication method used for phase 1 negotiation
phase1_encrypt_algorithm str: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1_hash_algorithm str: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1_perfect_forward_secrecy str: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
preshared_key str: Specifies the preshared key for ISAKMP SAs
preshared_key_encrypted str: Display the encrypted preshared-key for the IKE remote node
prf str: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxy_support str: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
remote_address str: Specifies the IP address of the IKE remote node
replay_window_size int: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state str: Enables or disables this IKE remote node
traffic_selectors Sequence[str]: Specifies the names of the traffic-selector objects associated with this ike-peer
verify_cert str: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions Sequence[str]: Specifies which version of IKE to be used

appService String: The application service that the object belongs to
caCertFile String: the trusted root and intermediate certificate authorities
crlFile String: Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
description String: User defined description
dpdDelay Number: Specifies the number of seconds between Dead Peer Detection messages
generatePolicy String: Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
lifetime Number: Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
mode String: Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
myCertFile String: Specifies the name of the certificate file object
myCertKeyFile String: Specifies the name of the certificate key file object
myCertKeyPassphrase String: Specifies the passphrase of the key used for my-cert-key-file
myIdType String: Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
myIdValue String: Specifies the identifier value sent to the remote host in the phase 1 negotiation
name String: Name of the ike_peer
natTraversal String: Enables use of the NAT-Traversal IPsec extension
passive String: Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
peersCertFile String: Specifies the peer’s certificate for authentication
peersCertType String: Specifies that the only peers-cert-type supported is certfile
peersIdType String: Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
peersIdValue String: Specifies the peer’s identifier to be received
phase1AuthMethod String: Specifies the authentication method used for phase 1 negotiation
phase1EncryptAlgorithm String: Specifies the encryption algorithm used for the isakmp phase 1 negotiation
phase1HashAlgorithm String: Defines the hash algorithm used for the isakmp phase 1 negotiation
phase1PerfectForwardSecrecy String: Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
presharedKey String: Specifies the preshared key for ISAKMP SAs
presharedKeyEncrypted String: Display the encrypted preshared-key for the IKE remote node
prf String: Specifies the pseudo-random function used to derive keying material for all cryptographic operations
proxySupport String: If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
remoteAddress String: Specifies the IP address of the IKE remote node
replayWindowSize Number: Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
state String: Enables or disables this IKE remote node
trafficSelectors List<String>: Specifies the names of the traffic-selector objects associated with this ike-peer
verifyCert String: Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
versions List<String>: Specifies which version of IKE to be used

Package Details

Repository: f5 BIG-IP pulumi/pulumi-f5bigip
License: Apache-2.0
Notes: This Pulumi package is based on the bigip Terraform Provider.

f5 BIG-IP v3.17.2 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-f5bigip

f5bigip.NetIkePeer

On this page

On this page

Example Usage

Create NetIkePeer Resource

Constructor syntax

Parameters

Constructor example

NetIkePeer Resource Properties

Inputs

Outputs

Look up Existing NetIkePeer Resource

Package Details

On this page

On this page