alicloud logo
Alibaba Cloud v3.34.0, Mar 17 23

alicloud.vpn.Connection

Import

VPN connection can be imported using the id, e.g.

 $ pulumi import alicloud:vpn/connection:Connection example vco-abc123456

Example Usage

Basic Usage

using System.Collections.Generic;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var fooGateway = new AliCloud.Vpn.Gateway("fooGateway", new()
    {
        VpcId = "vpc-fake-id",
        Bandwidth = 10,
        EnableSsl = true,
        InstanceChargeType = "PostPaid",
        Description = "test_create_description",
    });

    var fooCustomerGateway = new AliCloud.Vpn.CustomerGateway("fooCustomerGateway", new()
    {
        IpAddress = "42.104.22.228",
        Description = "testAccVpnCgwDesc",
    });

    var fooConnection = new AliCloud.Vpn.Connection("fooConnection", new()
    {
        VpnGatewayId = fooGateway.Id,
        CustomerGatewayId = fooCustomerGateway.Id,
        LocalSubnets = new[]
        {
            "172.16.0.0/24",
            "172.16.1.0/24",
        },
        RemoteSubnets = new[]
        {
            "10.0.0.0/24",
            "10.0.1.0/24",
        },
        EffectImmediately = true,
        IkeConfig = new AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs
        {
            IkeAuthAlg = "md5",
            IkeEncAlg = "des",
            IkeVersion = "ikev1",
            IkeMode = "main",
            IkeLifetime = 86400,
            Psk = "tf-testvpn2",
            IkePfs = "group1",
            IkeRemoteId = "testbob2",
            IkeLocalId = "testalice2",
        },
        IpsecConfig = new AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs
        {
            IpsecPfs = "group5",
            IpsecEncAlg = "des",
            IpsecAuthAlg = "md5",
            IpsecLifetime = 8640,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		fooGateway, err := vpn.NewGateway(ctx, "fooGateway", &vpn.GatewayArgs{
			VpcId:              pulumi.String("vpc-fake-id"),
			Bandwidth:          pulumi.Int(10),
			EnableSsl:          pulumi.Bool(true),
			InstanceChargeType: pulumi.String("PostPaid"),
			Description:        pulumi.String("test_create_description"),
		})
		if err != nil {
			return err
		}
		fooCustomerGateway, err := vpn.NewCustomerGateway(ctx, "fooCustomerGateway", &vpn.CustomerGatewayArgs{
			IpAddress:   pulumi.String("42.104.22.228"),
			Description: pulumi.String("testAccVpnCgwDesc"),
		})
		if err != nil {
			return err
		}
		_, err = vpn.NewConnection(ctx, "fooConnection", &vpn.ConnectionArgs{
			VpnGatewayId:      fooGateway.ID(),
			CustomerGatewayId: fooCustomerGateway.ID(),
			LocalSubnets: pulumi.StringArray{
				pulumi.String("172.16.0.0/24"),
				pulumi.String("172.16.1.0/24"),
			},
			RemoteSubnets: pulumi.StringArray{
				pulumi.String("10.0.0.0/24"),
				pulumi.String("10.0.1.0/24"),
			},
			EffectImmediately: pulumi.Bool(true),
			IkeConfig: &vpn.ConnectionIkeConfigArgs{
				IkeAuthAlg:  pulumi.String("md5"),
				IkeEncAlg:   pulumi.String("des"),
				IkeVersion:  pulumi.String("ikev1"),
				IkeMode:     pulumi.String("main"),
				IkeLifetime: pulumi.Int(86400),
				Psk:         pulumi.String("tf-testvpn2"),
				IkePfs:      pulumi.String("group1"),
				IkeRemoteId: pulumi.String("testbob2"),
				IkeLocalId:  pulumi.String("testalice2"),
			},
			IpsecConfig: &vpn.ConnectionIpsecConfigArgs{
				IpsecPfs:      pulumi.String("group5"),
				IpsecEncAlg:   pulumi.String("des"),
				IpsecAuthAlg:  pulumi.String("md5"),
				IpsecLifetime: pulumi.Int(8640),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.vpn.Gateway;
import com.pulumi.alicloud.vpn.GatewayArgs;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.Connection;
import com.pulumi.alicloud.vpn.ConnectionArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionIkeConfigArgs;
import com.pulumi.alicloud.vpn.inputs.ConnectionIpsecConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var fooGateway = new Gateway("fooGateway", GatewayArgs.builder()        
            .vpcId("vpc-fake-id")
            .bandwidth("10")
            .enableSsl(true)
            .instanceChargeType("PostPaid")
            .description("test_create_description")
            .build());

        var fooCustomerGateway = new CustomerGateway("fooCustomerGateway", CustomerGatewayArgs.builder()        
            .ipAddress("42.104.22.228")
            .description("testAccVpnCgwDesc")
            .build());

        var fooConnection = new Connection("fooConnection", ConnectionArgs.builder()        
            .vpnGatewayId(fooGateway.id())
            .customerGatewayId(fooCustomerGateway.id())
            .localSubnets(            
                "172.16.0.0/24",
                "172.16.1.0/24")
            .remoteSubnets(            
                "10.0.0.0/24",
                "10.0.1.0/24")
            .effectImmediately(true)
            .ikeConfig(ConnectionIkeConfigArgs.builder()
                .ikeAuthAlg("md5")
                .ikeEncAlg("des")
                .ikeVersion("ikev1")
                .ikeMode("main")
                .ikeLifetime(86400)
                .psk("tf-testvpn2")
                .ikePfs("group1")
                .ikeRemoteId("testbob2")
                .ikeLocalId("testalice2")
                .build())
            .ipsecConfig(ConnectionIpsecConfigArgs.builder()
                .ipsecPfs("group5")
                .ipsecEncAlg("des")
                .ipsecAuthAlg("md5")
                .ipsecLifetime(8640)
                .build())
            .build());

    }
}
import pulumi
import pulumi_alicloud as alicloud

foo_gateway = alicloud.vpn.Gateway("fooGateway",
    vpc_id="vpc-fake-id",
    bandwidth=10,
    enable_ssl=True,
    instance_charge_type="PostPaid",
    description="test_create_description")
foo_customer_gateway = alicloud.vpn.CustomerGateway("fooCustomerGateway",
    ip_address="42.104.22.228",
    description="testAccVpnCgwDesc")
foo_connection = alicloud.vpn.Connection("fooConnection",
    vpn_gateway_id=foo_gateway.id,
    customer_gateway_id=foo_customer_gateway.id,
    local_subnets=[
        "172.16.0.0/24",
        "172.16.1.0/24",
    ],
    remote_subnets=[
        "10.0.0.0/24",
        "10.0.1.0/24",
    ],
    effect_immediately=True,
    ike_config=alicloud.vpn.ConnectionIkeConfigArgs(
        ike_auth_alg="md5",
        ike_enc_alg="des",
        ike_version="ikev1",
        ike_mode="main",
        ike_lifetime=86400,
        psk="tf-testvpn2",
        ike_pfs="group1",
        ike_remote_id="testbob2",
        ike_local_id="testalice2",
    ),
    ipsec_config=alicloud.vpn.ConnectionIpsecConfigArgs(
        ipsec_pfs="group5",
        ipsec_enc_alg="des",
        ipsec_auth_alg="md5",
        ipsec_lifetime=8640,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const fooGateway = new alicloud.vpn.Gateway("fooGateway", {
    vpcId: "vpc-fake-id",
    bandwidth: 10,
    enableSsl: true,
    instanceChargeType: "PostPaid",
    description: "test_create_description",
});
const fooCustomerGateway = new alicloud.vpn.CustomerGateway("fooCustomerGateway", {
    ipAddress: "42.104.22.228",
    description: "testAccVpnCgwDesc",
});
const fooConnection = new alicloud.vpn.Connection("fooConnection", {
    vpnGatewayId: fooGateway.id,
    customerGatewayId: fooCustomerGateway.id,
    localSubnets: [
        "172.16.0.0/24",
        "172.16.1.0/24",
    ],
    remoteSubnets: [
        "10.0.0.0/24",
        "10.0.1.0/24",
    ],
    effectImmediately: true,
    ikeConfig: {
        ikeAuthAlg: "md5",
        ikeEncAlg: "des",
        ikeVersion: "ikev1",
        ikeMode: "main",
        ikeLifetime: 86400,
        psk: "tf-testvpn2",
        ikePfs: "group1",
        ikeRemoteId: "testbob2",
        ikeLocalId: "testalice2",
    },
    ipsecConfig: {
        ipsecPfs: "group5",
        ipsecEncAlg: "des",
        ipsecAuthAlg: "md5",
        ipsecLifetime: 8640,
    },
});
resources:
  fooGateway:
    type: alicloud:vpn:Gateway
    properties:
      vpcId: vpc-fake-id
      bandwidth: '10'
      enableSsl: true
      instanceChargeType: PostPaid
      description: test_create_description
  fooCustomerGateway:
    type: alicloud:vpn:CustomerGateway
    properties:
      ipAddress: 42.104.22.228
      description: testAccVpnCgwDesc
  fooConnection:
    type: alicloud:vpn:Connection
    properties:
      vpnGatewayId: ${fooGateway.id}
      customerGatewayId: ${fooCustomerGateway.id}
      localSubnets:
        - 172.16.0.0/24
        - 172.16.1.0/24
      remoteSubnets:
        - 10.0.0.0/24
        - 10.0.1.0/24
      effectImmediately: true
      ikeConfig:
        ikeAuthAlg: md5
        ikeEncAlg: des
        ikeVersion: ikev1
        ikeMode: main
        ikeLifetime: 86400
        psk: tf-testvpn2
        ikePfs: group1
        ikeRemoteId: testbob2
        ikeLocalId: testalice2
      ipsecConfig:
        ipsecPfs: group5
        ipsecEncAlg: des
        ipsecAuthAlg: md5
        ipsecLifetime: 8640

Create Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               bgp_config: Optional[ConnectionBgpConfigArgs] = None,
               customer_gateway_id: Optional[str] = None,
               effect_immediately: Optional[bool] = None,
               enable_dpd: Optional[bool] = None,
               enable_nat_traversal: Optional[bool] = None,
               health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
               ike_config: Optional[ConnectionIkeConfigArgs] = None,
               ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
               local_subnets: Optional[Sequence[str]] = None,
               name: Optional[str] = None,
               remote_subnets: Optional[Sequence[str]] = None,
               vpn_gateway_id: Optional[str] = None)
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: alicloud:vpn:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Connection resource accepts the following input properties:

CustomerGatewayId string

The ID of the customer gateway.

LocalSubnets List<string>

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

RemoteSubnets List<string>

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

VpnGatewayId string

The ID of the VPN gateway.

BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

EffectImmediately bool

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

EnableDpd bool

Whether to enable NAT traversal.

EnableNatTraversal bool

Whether to enable NAT traversal.

HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

Name string

The name of the IPsec connection.

CustomerGatewayId string

The ID of the customer gateway.

LocalSubnets []string

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

RemoteSubnets []string

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

VpnGatewayId string

The ID of the VPN gateway.

BgpConfig ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

EffectImmediately bool

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

EnableDpd bool

Whether to enable NAT traversal.

EnableNatTraversal bool

Whether to enable NAT traversal.

HealthCheckConfig ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

IkeConfig ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

IpsecConfig ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

Name string

The name of the IPsec connection.

customerGatewayId String

The ID of the customer gateway.

localSubnets List<String>

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

remoteSubnets List<String>

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

vpnGatewayId String

The ID of the VPN gateway.

bgpConfig ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

effectImmediately Boolean

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enableDpd Boolean

Whether to enable NAT traversal.

enableNatTraversal Boolean

Whether to enable NAT traversal.

healthCheckConfig ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

ikeConfig ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

ipsecConfig ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

name String

The name of the IPsec connection.

customerGatewayId string

The ID of the customer gateway.

localSubnets string[]

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

remoteSubnets string[]

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

vpnGatewayId string

The ID of the VPN gateway.

bgpConfig ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

effectImmediately boolean

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enableDpd boolean

Whether to enable NAT traversal.

enableNatTraversal boolean

Whether to enable NAT traversal.

healthCheckConfig ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

ikeConfig ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

ipsecConfig ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

name string

The name of the IPsec connection.

customer_gateway_id str

The ID of the customer gateway.

local_subnets Sequence[str]

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

remote_subnets Sequence[str]

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

vpn_gateway_id str

The ID of the VPN gateway.

bgp_config ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

effect_immediately bool

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enable_dpd bool

Whether to enable NAT traversal.

enable_nat_traversal bool

Whether to enable NAT traversal.

health_check_config ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

ike_config ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

ipsec_config ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

name str

The name of the IPsec connection.

customerGatewayId String

The ID of the customer gateway.

localSubnets List<String>

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

remoteSubnets List<String>

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

vpnGatewayId String

The ID of the VPN gateway.

bgpConfig Property Map

The configurations of the BGP routing protocol. See the following Block bgp_config.

effectImmediately Boolean

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enableDpd Boolean

Whether to enable NAT traversal.

enableNatTraversal Boolean

Whether to enable NAT traversal.

healthCheckConfig Property Map

The health check configurations. See the following Block health_check_config.

ikeConfig Property Map

The configurations of phase-one negotiation. See the following Block ike_config.

ipsecConfig Property Map

The configurations of phase-two negotiation. See the following Block ipsec_config.

name String

The name of the IPsec connection.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Status string

The status of VPN connection.

Id string

The provider-assigned unique ID for this managed resource.

Status string

The status of VPN connection.

id String

The provider-assigned unique ID for this managed resource.

status String

The status of VPN connection.

id string

The provider-assigned unique ID for this managed resource.

status string

The status of VPN connection.

id str

The provider-assigned unique ID for this managed resource.

status str

The status of VPN connection.

id String

The provider-assigned unique ID for this managed resource.

status String

The status of VPN connection.

Look up Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        bgp_config: Optional[ConnectionBgpConfigArgs] = None,
        customer_gateway_id: Optional[str] = None,
        effect_immediately: Optional[bool] = None,
        enable_dpd: Optional[bool] = None,
        enable_nat_traversal: Optional[bool] = None,
        health_check_config: Optional[ConnectionHealthCheckConfigArgs] = None,
        ike_config: Optional[ConnectionIkeConfigArgs] = None,
        ipsec_config: Optional[ConnectionIpsecConfigArgs] = None,
        local_subnets: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        remote_subnets: Optional[Sequence[str]] = None,
        status: Optional[str] = None,
        vpn_gateway_id: Optional[str] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
BgpConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

CustomerGatewayId string

The ID of the customer gateway.

EffectImmediately bool

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

EnableDpd bool

Whether to enable NAT traversal.

EnableNatTraversal bool

Whether to enable NAT traversal.

HealthCheckConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

IkeConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

IpsecConfig Pulumi.AliCloud.Vpn.Inputs.ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

LocalSubnets List<string>

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

Name string

The name of the IPsec connection.

RemoteSubnets List<string>

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

Status string

The status of VPN connection.

VpnGatewayId string

The ID of the VPN gateway.

BgpConfig ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

CustomerGatewayId string

The ID of the customer gateway.

EffectImmediately bool

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

EnableDpd bool

Whether to enable NAT traversal.

EnableNatTraversal bool

Whether to enable NAT traversal.

HealthCheckConfig ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

IkeConfig ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

IpsecConfig ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

LocalSubnets []string

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

Name string

The name of the IPsec connection.

RemoteSubnets []string

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

Status string

The status of VPN connection.

VpnGatewayId string

The ID of the VPN gateway.

bgpConfig ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

customerGatewayId String

The ID of the customer gateway.

effectImmediately Boolean

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enableDpd Boolean

Whether to enable NAT traversal.

enableNatTraversal Boolean

Whether to enable NAT traversal.

healthCheckConfig ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

ikeConfig ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

ipsecConfig ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

localSubnets List<String>

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

name String

The name of the IPsec connection.

remoteSubnets List<String>

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

status String

The status of VPN connection.

vpnGatewayId String

The ID of the VPN gateway.

bgpConfig ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

customerGatewayId string

The ID of the customer gateway.

effectImmediately boolean

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enableDpd boolean

Whether to enable NAT traversal.

enableNatTraversal boolean

Whether to enable NAT traversal.

healthCheckConfig ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

ikeConfig ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

ipsecConfig ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

localSubnets string[]

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

name string

The name of the IPsec connection.

remoteSubnets string[]

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

status string

The status of VPN connection.

vpnGatewayId string

The ID of the VPN gateway.

bgp_config ConnectionBgpConfigArgs

The configurations of the BGP routing protocol. See the following Block bgp_config.

customer_gateway_id str

The ID of the customer gateway.

effect_immediately bool

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enable_dpd bool

Whether to enable NAT traversal.

enable_nat_traversal bool

Whether to enable NAT traversal.

health_check_config ConnectionHealthCheckConfigArgs

The health check configurations. See the following Block health_check_config.

ike_config ConnectionIkeConfigArgs

The configurations of phase-one negotiation. See the following Block ike_config.

ipsec_config ConnectionIpsecConfigArgs

The configurations of phase-two negotiation. See the following Block ipsec_config.

local_subnets Sequence[str]

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

name str

The name of the IPsec connection.

remote_subnets Sequence[str]

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

status str

The status of VPN connection.

vpn_gateway_id str

The ID of the VPN gateway.

bgpConfig Property Map

The configurations of the BGP routing protocol. See the following Block bgp_config.

customerGatewayId String

The ID of the customer gateway.

effectImmediately Boolean

Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:true,false.

enableDpd Boolean

Whether to enable NAT traversal.

enableNatTraversal Boolean

Whether to enable NAT traversal.

healthCheckConfig Property Map

The health check configurations. See the following Block health_check_config.

ikeConfig Property Map

The configurations of phase-one negotiation. See the following Block ike_config.

ipsecConfig Property Map

The configurations of phase-two negotiation. See the following Block ipsec_config.

localSubnets List<String>

The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation.

name String

The name of the IPsec connection.

remoteSubnets List<String>

The CIDR block of the local data center. This parameter is used for phase-two negotiation.

status String

The status of VPN connection.

vpnGatewayId String

The ID of the VPN gateway.

Supporting Types

ConnectionBgpConfig

Enable bool

Whether to enable Health Check.

LocalAsn string

The ASN on the Alibaba Cloud side.

LocalBgpIp string

The BGP IP address on the Alibaba Cloud side.

TunnelCidr string

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

Enable bool

Whether to enable Health Check.

LocalAsn string

The ASN on the Alibaba Cloud side.

LocalBgpIp string

The BGP IP address on the Alibaba Cloud side.

TunnelCidr string

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean

Whether to enable Health Check.

localAsn String

The ASN on the Alibaba Cloud side.

localBgpIp String

The BGP IP address on the Alibaba Cloud side.

tunnelCidr String

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable boolean

Whether to enable Health Check.

localAsn string

The ASN on the Alibaba Cloud side.

localBgpIp string

The BGP IP address on the Alibaba Cloud side.

tunnelCidr string

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable bool

Whether to enable Health Check.

local_asn str

The ASN on the Alibaba Cloud side.

local_bgp_ip str

The BGP IP address on the Alibaba Cloud side.

tunnel_cidr str

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

enable Boolean

Whether to enable Health Check.

localAsn String

The ASN on the Alibaba Cloud side.

localBgpIp String

The BGP IP address on the Alibaba Cloud side.

tunnelCidr String

The CIDR block of the IPsec tunnel. The CIDR block belongs to 169.254.0.0/16. The mask of the CIDR block is 30 bits in length.

ConnectionHealthCheckConfig

Dip string

The destination IP address.

Enable bool

Whether to enable Health Check.

Interval int

The interval between two consecutive health checks. Unit: seconds.

Retry int

The maximum number of health check retries.

Sip string

The source IP address.

Dip string

The destination IP address.

Enable bool

Whether to enable Health Check.

Interval int

The interval between two consecutive health checks. Unit: seconds.

Retry int

The maximum number of health check retries.

Sip string

The source IP address.

dip String

The destination IP address.

enable Boolean

Whether to enable Health Check.

interval Integer

The interval between two consecutive health checks. Unit: seconds.

retry Integer

The maximum number of health check retries.

sip String

The source IP address.

dip string

The destination IP address.

enable boolean

Whether to enable Health Check.

interval number

The interval between two consecutive health checks. Unit: seconds.

retry number

The maximum number of health check retries.

sip string

The source IP address.

dip str

The destination IP address.

enable bool

Whether to enable Health Check.

interval int

The interval between two consecutive health checks. Unit: seconds.

retry int

The maximum number of health check retries.

sip str

The source IP address.

dip String

The destination IP address.

enable Boolean

Whether to enable Health Check.

interval Number

The interval between two consecutive health checks. Unit: seconds.

retry Number

The maximum number of health check retries.

sip String

The source IP address.

ConnectionIkeConfig

IkeAuthAlg string

The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5

IkeEncAlg string

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes

IkeLifetime int

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

IkeLocalId string

The identification of the VPN gateway.

IkeMode string

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main

IkePfs string

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

IkeRemoteId string

The identification of the customer gateway.

IkeVersion string

The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1

Psk string

Used for authentication between the IPsec VPN gateway and the customer gateway.

IkeAuthAlg string

The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5

IkeEncAlg string

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes

IkeLifetime int

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

IkeLocalId string

The identification of the VPN gateway.

IkeMode string

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main

IkePfs string

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

IkeRemoteId string

The identification of the customer gateway.

IkeVersion string

The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1

Psk string

Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg String

The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5

ikeEncAlg String

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes

ikeLifetime Integer

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ikeLocalId String

The identification of the VPN gateway.

ikeMode String

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main

ikePfs String

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ikeRemoteId String

The identification of the customer gateway.

ikeVersion String

The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1

psk String

Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg string

The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5

ikeEncAlg string

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes

ikeLifetime number

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ikeLocalId string

The identification of the VPN gateway.

ikeMode string

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main

ikePfs string

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ikeRemoteId string

The identification of the customer gateway.

ikeVersion string

The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1

psk string

Used for authentication between the IPsec VPN gateway and the customer gateway.

ike_auth_alg str

The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5

ike_enc_alg str

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes

ike_lifetime int

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ike_local_id str

The identification of the VPN gateway.

ike_mode str

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main

ike_pfs str

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ike_remote_id str

The identification of the customer gateway.

ike_version str

The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1

psk str

Used for authentication between the IPsec VPN gateway and the customer gateway.

ikeAuthAlg String

The authentication algorithm of phase-one negotiation. Valid value: md5 | sha1 . Default value: md5

ikeEncAlg String

The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default Valid value: aes

ikeLifetime Number

The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.

ikeLocalId String

The identification of the VPN gateway.

ikeMode String

The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main

ikePfs String

The Diffie-Hellman key exchange algorithm used by phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2

ikeRemoteId String

The identification of the customer gateway.

ikeVersion String

The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1

psk String

Used for authentication between the IPsec VPN gateway and the customer gateway.

ConnectionIpsecConfig

IpsecAuthAlg string

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

IpsecEncAlg string

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

IpsecLifetime int

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

IpsecPfs string

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

IpsecAuthAlg string

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

IpsecEncAlg string

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

IpsecLifetime int

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

IpsecPfs string

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsecEncAlg String

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsecLifetime Integer

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsecPfs String

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg string

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsecEncAlg string

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsecLifetime number

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsecPfs string

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsec_auth_alg str

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsec_enc_alg str

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsec_lifetime int

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsec_pfs str

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

ipsecAuthAlg String

The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1 | sha256 | sha384 | sha512 |. Default value: sha1

ipsecEncAlg String

The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes

ipsecLifetime Number

The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

ipsecPfs String

The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24| disabled. Default value: group2

Package Details

Repository
Alibaba Cloud pulumi/pulumi-alicloud
License
Apache-2.0
Notes

This Pulumi package is based on the alicloud Terraform Provider.