1. Packages
  2. F5bigip Provider
  3. API Docs
  4. IpsecPolicy
f5 BIG-IP v3.17.9 published on Friday, Mar 7, 2025 by Pulumi

f5bigip.IpsecPolicy

Explore with Pulumi AI

f5bigip.IpsecPolicy Manage IPSec policies on a BIG-IP

Resources should be named with their “full path”. The full path is the combination of the partition + name (example: /Common/test-policy)

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";

const test_policy = new f5bigip.IpsecPolicy("test-policy", {
    name: "/Common/test-policy",
    description: "created by terraform provider",
    protocol: "esp",
    mode: "tunnel",
    tunnelLocalAddress: "192.168.1.1",
    tunnelRemoteAddress: "10.10.1.1",
    authAlgorithm: "sha1",
    encryptAlgorithm: "3des",
    lifetime: 3,
    ipcomp: "deflate",
});
Copy
import pulumi
import pulumi_f5bigip as f5bigip

test_policy = f5bigip.IpsecPolicy("test-policy",
    name="/Common/test-policy",
    description="created by terraform provider",
    protocol="esp",
    mode="tunnel",
    tunnel_local_address="192.168.1.1",
    tunnel_remote_address="10.10.1.1",
    auth_algorithm="sha1",
    encrypt_algorithm="3des",
    lifetime=3,
    ipcomp="deflate")
Copy
package main

import (
	"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := f5bigip.NewIpsecPolicy(ctx, "test-policy", &f5bigip.IpsecPolicyArgs{
			Name:                pulumi.String("/Common/test-policy"),
			Description:         pulumi.String("created by terraform provider"),
			Protocol:            pulumi.String("esp"),
			Mode:                pulumi.String("tunnel"),
			TunnelLocalAddress:  pulumi.String("192.168.1.1"),
			TunnelRemoteAddress: pulumi.String("10.10.1.1"),
			AuthAlgorithm:       pulumi.String("sha1"),
			EncryptAlgorithm:    pulumi.String("3des"),
			Lifetime:            pulumi.Int(3),
			Ipcomp:              pulumi.String("deflate"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using F5BigIP = Pulumi.F5BigIP;

return await Deployment.RunAsync(() => 
{
    var test_policy = new F5BigIP.IpsecPolicy("test-policy", new()
    {
        Name = "/Common/test-policy",
        Description = "created by terraform provider",
        Protocol = "esp",
        Mode = "tunnel",
        TunnelLocalAddress = "192.168.1.1",
        TunnelRemoteAddress = "10.10.1.1",
        AuthAlgorithm = "sha1",
        EncryptAlgorithm = "3des",
        Lifetime = 3,
        Ipcomp = "deflate",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.f5bigip.IpsecPolicy;
import com.pulumi.f5bigip.IpsecPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test_policy = new IpsecPolicy("test-policy", IpsecPolicyArgs.builder()
            .name("/Common/test-policy")
            .description("created by terraform provider")
            .protocol("esp")
            .mode("tunnel")
            .tunnelLocalAddress("192.168.1.1")
            .tunnelRemoteAddress("10.10.1.1")
            .authAlgorithm("sha1")
            .encryptAlgorithm("3des")
            .lifetime(3)
            .ipcomp("deflate")
            .build());

    }
}
Copy
resources:
  test-policy:
    type: f5bigip:IpsecPolicy
    properties:
      name: /Common/test-policy
      description: created by terraform provider
      protocol: esp
      mode: tunnel
      tunnelLocalAddress: 192.168.1.1
      tunnelRemoteAddress: 10.10.1.1
      authAlgorithm: sha1
      encryptAlgorithm: 3des
      lifetime: 3
      ipcomp: deflate
Copy

Create IpsecPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IpsecPolicy(name: string, args: IpsecPolicyArgs, opts?: CustomResourceOptions);
@overload
def IpsecPolicy(resource_name: str,
                args: IpsecPolicyArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def IpsecPolicy(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                name: Optional[str] = None,
                auth_algorithm: Optional[str] = None,
                description: Optional[str] = None,
                encrypt_algorithm: Optional[str] = None,
                ipcomp: Optional[str] = None,
                kb_lifetime: Optional[int] = None,
                lifetime: Optional[int] = None,
                mode: Optional[str] = None,
                perfect_forward_secrecy: Optional[str] = None,
                protocol: Optional[str] = None,
                tunnel_local_address: Optional[str] = None,
                tunnel_remote_address: Optional[str] = None)
func NewIpsecPolicy(ctx *Context, name string, args IpsecPolicyArgs, opts ...ResourceOption) (*IpsecPolicy, error)
public IpsecPolicy(string name, IpsecPolicyArgs args, CustomResourceOptions? opts = null)
public IpsecPolicy(String name, IpsecPolicyArgs args)
public IpsecPolicy(String name, IpsecPolicyArgs args, CustomResourceOptions options)
type: f5bigip:IpsecPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. IpsecPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. IpsecPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. IpsecPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. IpsecPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. IpsecPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var ipsecPolicyResource = new F5BigIP.IpsecPolicy("ipsecPolicyResource", new()
{
    Name = "string",
    AuthAlgorithm = "string",
    Description = "string",
    EncryptAlgorithm = "string",
    Ipcomp = "string",
    KbLifetime = 0,
    Lifetime = 0,
    Mode = "string",
    PerfectForwardSecrecy = "string",
    Protocol = "string",
    TunnelLocalAddress = "string",
    TunnelRemoteAddress = "string",
});
Copy
example, err := f5bigip.NewIpsecPolicy(ctx, "ipsecPolicyResource", &f5bigip.IpsecPolicyArgs{
	Name:                  pulumi.String("string"),
	AuthAlgorithm:         pulumi.String("string"),
	Description:           pulumi.String("string"),
	EncryptAlgorithm:      pulumi.String("string"),
	Ipcomp:                pulumi.String("string"),
	KbLifetime:            pulumi.Int(0),
	Lifetime:              pulumi.Int(0),
	Mode:                  pulumi.String("string"),
	PerfectForwardSecrecy: pulumi.String("string"),
	Protocol:              pulumi.String("string"),
	TunnelLocalAddress:    pulumi.String("string"),
	TunnelRemoteAddress:   pulumi.String("string"),
})
Copy
var ipsecPolicyResource = new IpsecPolicy("ipsecPolicyResource", IpsecPolicyArgs.builder()
    .name("string")
    .authAlgorithm("string")
    .description("string")
    .encryptAlgorithm("string")
    .ipcomp("string")
    .kbLifetime(0)
    .lifetime(0)
    .mode("string")
    .perfectForwardSecrecy("string")
    .protocol("string")
    .tunnelLocalAddress("string")
    .tunnelRemoteAddress("string")
    .build());
Copy
ipsec_policy_resource = f5bigip.IpsecPolicy("ipsecPolicyResource",
    name="string",
    auth_algorithm="string",
    description="string",
    encrypt_algorithm="string",
    ipcomp="string",
    kb_lifetime=0,
    lifetime=0,
    mode="string",
    perfect_forward_secrecy="string",
    protocol="string",
    tunnel_local_address="string",
    tunnel_remote_address="string")
Copy
const ipsecPolicyResource = new f5bigip.IpsecPolicy("ipsecPolicyResource", {
    name: "string",
    authAlgorithm: "string",
    description: "string",
    encryptAlgorithm: "string",
    ipcomp: "string",
    kbLifetime: 0,
    lifetime: 0,
    mode: "string",
    perfectForwardSecrecy: "string",
    protocol: "string",
    tunnelLocalAddress: "string",
    tunnelRemoteAddress: "string",
});
Copy
type: f5bigip:IpsecPolicy
properties:
    authAlgorithm: string
    description: string
    encryptAlgorithm: string
    ipcomp: string
    kbLifetime: 0
    lifetime: 0
    mode: string
    name: string
    perfectForwardSecrecy: string
    protocol: string
    tunnelLocalAddress: string
    tunnelRemoteAddress: string
Copy

IpsecPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IpsecPolicy resource accepts the following input properties:

Name
This property is required.
Changes to this property will trigger replacement.
string
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
Name
This property is required.
Changes to this property will trigger replacement.
string
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
name
This property is required.
Changes to this property will trigger replacement.
String
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
authAlgorithm String
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description String
Description of the IPSec policy.
encryptAlgorithm String
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp String
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime Integer
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime Integer
Specifies the length of time before the IKE security association expires, in minutes.
mode String
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
perfectForwardSecrecy String
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol String
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress String
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress String
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
name
This property is required.
Changes to this property will trigger replacement.
string
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
authAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description string
Description of the IPSec policy.
encryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime number
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime number
Specifies the length of time before the IKE security association expires, in minutes.
mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
perfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
name
This property is required.
Changes to this property will trigger replacement.
str
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
auth_algorithm str
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description str
Description of the IPSec policy.
encrypt_algorithm str
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp str
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kb_lifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
mode str
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
perfect_forward_secrecy str
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol str
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnel_local_address str
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnel_remote_address str
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
name
This property is required.
Changes to this property will trigger replacement.
String
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
authAlgorithm String
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description String
Description of the IPSec policy.
encryptAlgorithm String
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp String
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime Number
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime Number
Specifies the length of time before the IKE security association expires, in minutes.
mode String
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
perfectForwardSecrecy String
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol String
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress String
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress String
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.

Outputs

All input properties are implicitly available as output properties. Additionally, the IpsecPolicy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing IpsecPolicy Resource

Get an existing IpsecPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IpsecPolicyState, opts?: CustomResourceOptions): IpsecPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auth_algorithm: Optional[str] = None,
        description: Optional[str] = None,
        encrypt_algorithm: Optional[str] = None,
        ipcomp: Optional[str] = None,
        kb_lifetime: Optional[int] = None,
        lifetime: Optional[int] = None,
        mode: Optional[str] = None,
        name: Optional[str] = None,
        perfect_forward_secrecy: Optional[str] = None,
        protocol: Optional[str] = None,
        tunnel_local_address: Optional[str] = None,
        tunnel_remote_address: Optional[str] = None) -> IpsecPolicy
func GetIpsecPolicy(ctx *Context, name string, id IDInput, state *IpsecPolicyState, opts ...ResourceOption) (*IpsecPolicy, error)
public static IpsecPolicy Get(string name, Input<string> id, IpsecPolicyState? state, CustomResourceOptions? opts = null)
public static IpsecPolicy get(String name, Output<String> id, IpsecPolicyState state, CustomResourceOptions options)
resources:  _:    type: f5bigip:IpsecPolicy    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
Name Changes to this property will trigger replacement. string
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
Name Changes to this property will trigger replacement. string
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
authAlgorithm String
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description String
Description of the IPSec policy.
encryptAlgorithm String
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp String
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime Integer
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime Integer
Specifies the length of time before the IKE security association expires, in minutes.
mode String
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
name Changes to this property will trigger replacement. String
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
perfectForwardSecrecy String
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol String
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress String
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress String
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
authAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description string
Description of the IPSec policy.
encryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime number
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime number
Specifies the length of time before the IKE security association expires, in minutes.
mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
name Changes to this property will trigger replacement. string
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
perfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
auth_algorithm str
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description str
Description of the IPSec policy.
encrypt_algorithm str
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp str
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kb_lifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
mode str
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
name Changes to this property will trigger replacement. str
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
perfect_forward_secrecy str
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol str
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnel_local_address str
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnel_remote_address str
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
authAlgorithm String
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description String
Description of the IPSec policy.
encryptAlgorithm String
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp String
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime Number
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime Number
Specifies the length of time before the IKE security association expires, in minutes.
mode String
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
name Changes to this property will trigger replacement. String
Name of the IPSec policy,it should be "full path".The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
perfectForwardSecrecy String
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol String
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress String
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress String
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.

Package Details

Repository
f5 BIG-IP pulumi/pulumi-f5bigip
License
Apache-2.0
Notes
This Pulumi package is based on the bigip Terraform Provider.