IpsecPolicy

f5bigip.IpsecPolicy Manage IPSec policies on a BIG-IP

Resources should be named with their “full path”. The full path is the combination of the partition + name (example: /Common/test-policy)

Example Usage

using Pulumi;
using F5BigIP = Pulumi.F5BigIP;

class MyStack : Stack
{
    public MyStack()
    {
        var test_policy = new F5BigIP.IpsecPolicy("test-policy", new F5BigIP.IpsecPolicyArgs
        {
            AuthAlgorithm = "sha1",
            Description = "created by terraform provider",
            EncryptAlgorithm = "3des",
            Ipcomp = "deflate",
            Lifetime = 3,
            Mode = "tunnel",
            Name = "/Common/test-policy",
            Protocol = "esp",
            TunnelLocalAddress = "192.168.1.1",
            TunnelRemoteAddress = "10.10.1.1",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := f5bigip.NewIpsecPolicy(ctx, "test_policy", &f5bigip.IpsecPolicyArgs{
			AuthAlgorithm:       pulumi.String("sha1"),
			Description:         pulumi.String("created by terraform provider"),
			EncryptAlgorithm:    pulumi.String("3des"),
			Ipcomp:              pulumi.String("deflate"),
			Lifetime:            pulumi.Int(3),
			Mode:                pulumi.String("tunnel"),
			Name:                pulumi.String("/Common/test-policy"),
			Protocol:            pulumi.String("esp"),
			TunnelLocalAddress:  pulumi.String("192.168.1.1"),
			TunnelRemoteAddress: pulumi.String("10.10.1.1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_f5bigip as f5bigip

test_policy = f5bigip.IpsecPolicy("test-policy",
    auth_algorithm="sha1",
    description="created by terraform provider",
    encrypt_algorithm="3des",
    ipcomp="deflate",
    lifetime=3,
    mode="tunnel",
    name="/Common/test-policy",
    protocol="esp",
    tunnel_local_address="192.168.1.1",
    tunnel_remote_address="10.10.1.1")
import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";

const test_policy = new f5bigip.IpsecPolicy("test-policy", {
    authAlgorithm: "sha1",
    description: "created by terraform provider",
    encryptAlgorithm: "3des",
    ipcomp: "deflate",
    lifetime: 3,
    mode: "tunnel",
    name: "/Common/test-policy",
    protocol: "esp",
    tunnelLocalAddress: "192.168.1.1",
    tunnelRemoteAddress: "10.10.1.1",
});

Create a IpsecPolicy Resource

new IpsecPolicy(name: string, args: IpsecPolicyArgs, opts?: CustomResourceOptions);
@overload
def IpsecPolicy(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                auth_algorithm: Optional[str] = None,
                description: Optional[str] = None,
                encrypt_algorithm: Optional[str] = None,
                ipcomp: Optional[str] = None,
                kb_lifetime: Optional[int] = None,
                lifetime: Optional[int] = None,
                mode: Optional[str] = None,
                name: Optional[str] = None,
                perfect_forward_secrecy: Optional[str] = None,
                protocol: Optional[str] = None,
                tunnel_local_address: Optional[str] = None,
                tunnel_remote_address: Optional[str] = None)
@overload
def IpsecPolicy(resource_name: str,
                args: IpsecPolicyArgs,
                opts: Optional[ResourceOptions] = None)
func NewIpsecPolicy(ctx *Context, name string, args IpsecPolicyArgs, opts ...ResourceOption) (*IpsecPolicy, error)
public IpsecPolicy(string name, IpsecPolicyArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args IpsecPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args IpsecPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args IpsecPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args IpsecPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

IpsecPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The IpsecPolicy resource accepts the following input properties:

Name string
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
Name string
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
name string
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
authAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description string
Description of the IPSec policy.
encryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime number
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime number
Specifies the length of time before the IKE security association expires, in minutes.
mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
perfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
name str
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
auth_algorithm str
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description str
Description of the IPSec policy.
encrypt_algorithm str
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp str
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kb_lifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
mode str
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
perfect_forward_secrecy str
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol str
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnel_local_address str
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnel_remote_address str
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.

Outputs

All input properties are implicitly available as output properties. Additionally, the IpsecPolicy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing IpsecPolicy Resource

Get an existing IpsecPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IpsecPolicyState, opts?: CustomResourceOptions): IpsecPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auth_algorithm: Optional[str] = None,
        description: Optional[str] = None,
        encrypt_algorithm: Optional[str] = None,
        ipcomp: Optional[str] = None,
        kb_lifetime: Optional[int] = None,
        lifetime: Optional[int] = None,
        mode: Optional[str] = None,
        name: Optional[str] = None,
        perfect_forward_secrecy: Optional[str] = None,
        protocol: Optional[str] = None,
        tunnel_local_address: Optional[str] = None,
        tunnel_remote_address: Optional[str] = None) -> IpsecPolicy
func GetIpsecPolicy(ctx *Context, name string, id IDInput, state *IpsecPolicyState, opts ...ResourceOption) (*IpsecPolicy, error)
public static IpsecPolicy Get(string name, Input<string> id, IpsecPolicyState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
Name string
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
AuthAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
Description string
Description of the IPSec policy.
EncryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
Ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
KbLifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
Lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
Mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
Name string
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
PerfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
Protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
TunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
TunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
authAlgorithm string
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description string
Description of the IPSec policy.
encryptAlgorithm string
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp string
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kbLifetime number
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime number
Specifies the length of time before the IKE security association expires, in minutes.
mode string
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
name string
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
perfectForwardSecrecy string
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol string
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnelLocalAddress string
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnelRemoteAddress string
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
auth_algorithm str
Specifies the algorithm to use for IKE authentication. Valid choices are: sha1, sha256, sha384, sha512, aes-gcm128, aes-gcm192, aes-gcm256, aes-gmac128, aes-gmac192, aes-gmac256
description str
Description of the IPSec policy.
encrypt_algorithm str
Specifies the algorithm to use for IKE encryption. Valid choices are: null, 3des, aes128, aes192, aes256, aes-gmac256, aes-gmac192, aes-gmac128, aes-gcm256, aes-gcm192, aes-gcm256, aes-gcm128
ipcomp str
Specifies whether to use IPComp encapsulation. Valid choices are: none", null", deflate
kb_lifetime int
Specifies the length of time before the IKE security association expires, in kilobytes.
lifetime int
Specifies the length of time before the IKE security association expires, in minutes.
mode str
Specifies the processing mode. Valid choices are: transport, interface, isession, tunnel
name str
Name of the IPSec policy,it should be “full path”.The full path is the combination of the partition + name of the IPSec policy.(For example /Common/test-policy)
perfect_forward_secrecy str
Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. Valid choices are: none, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192
protocol str
Specifies the IPsec protocol. Valid choices are: ah, esp
tunnel_local_address str
Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.
tunnel_remote_address str
Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when mode is tunnel.

Package Details

Repository
https://github.com/pulumi/pulumi-f5bigip
License
Apache-2.0
Notes
This Pulumi package is based on the bigip Terraform Provider.