1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Core
  5. IpsecConnectionTunnelManagement
Oracle Cloud Infrastructure v1.31.0 published on Wednesday, Apr 10, 2024 by Pulumi

oci.Core.IpsecConnectionTunnelManagement

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v1.31.0 published on Wednesday, Apr 10, 2024 by Pulumi

    This resource provides the Ip Sec Connection Tunnel Management resource in Oracle Cloud Infrastructure Core service.

    Updates the specified tunnel. This operation lets you change tunnel attributes such as the routing type (BGP dynamic routing or static routing). Here are some important notes:

    * If you change the tunnel's routing type or BGP session configuration, the tunnel will go
    down while it's reprovisioned.
    
    * If you want to switch the tunnel's `routing` from `STATIC` to `BGP`, make sure the tunnel's
    BGP session configuration attributes have been set (bgpSessionConfig).
    
    * If you want to switch the tunnel's `routing` from `BGP` to `STATIC`, make sure the
    IPSecConnection already has at least one valid CIDR
    static route.
    

    ** IMPORTANT ** Destroying the oci.Core.IpsecConnectionTunnelManagement leaves the resource in its existing state. It will not destroy the tunnel and it will not return the tunnel to its default values.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as oci from "@pulumi/oci";
    
    const testIpSecConnectionTunnel = new oci.core.IpsecConnectionTunnelManagement("testIpSecConnectionTunnel", {
        ipsecId: oci_core_ipsec.test_ipsec.id,
        tunnelId: data.oci_core_ipsec_connection_tunnels.test_ip_sec_connection_tunnels.ip_sec_connection_tunnels[0].id,
        routing: _var.ip_sec_connection_tunnel_management_routing,
        bgpSessionInfos: [{
            customerBgpAsn: _var.ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn,
            customerInterfaceIp: _var.ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip,
            oracleInterfaceIp: _var.ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip,
        }],
        displayName: _var.ip_sec_connection_tunnel_management_display_name,
        encryptionDomainConfig: {
            cpeTrafficSelectors: _var.ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector,
            oracleTrafficSelectors: _var.ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector,
        },
        sharedSecret: _var.ip_sec_connection_tunnel_management_shared_secret,
        ikeVersion: "V1",
    });
    
    import pulumi
    import pulumi_oci as oci
    
    test_ip_sec_connection_tunnel = oci.core.IpsecConnectionTunnelManagement("testIpSecConnectionTunnel",
        ipsec_id=oci_core_ipsec["test_ipsec"]["id"],
        tunnel_id=data["oci_core_ipsec_connection_tunnels"]["test_ip_sec_connection_tunnels"]["ip_sec_connection_tunnels"][0]["id"],
        routing=var["ip_sec_connection_tunnel_management_routing"],
        bgp_session_infos=[oci.core.IpsecConnectionTunnelManagementBgpSessionInfoArgs(
            customer_bgp_asn=var["ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn"],
            customer_interface_ip=var["ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip"],
            oracle_interface_ip=var["ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip"],
        )],
        display_name=var["ip_sec_connection_tunnel_management_display_name"],
        encryption_domain_config=oci.core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs(
            cpe_traffic_selectors=var["ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector"],
            oracle_traffic_selectors=var["ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector"],
        ),
        shared_secret=var["ip_sec_connection_tunnel_management_shared_secret"],
        ike_version="V1")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-oci/sdk/go/oci/Core"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := Core.NewIpsecConnectionTunnelManagement(ctx, "testIpSecConnectionTunnel", &Core.IpsecConnectionTunnelManagementArgs{
    			IpsecId:  pulumi.Any(oci_core_ipsec.Test_ipsec.Id),
    			TunnelId: pulumi.Any(data.Oci_core_ipsec_connection_tunnels.Test_ip_sec_connection_tunnels.Ip_sec_connection_tunnels[0].Id),
    			Routing:  pulumi.Any(_var.Ip_sec_connection_tunnel_management_routing),
    			BgpSessionInfos: core.IpsecConnectionTunnelManagementBgpSessionInfoArray{
    				&core.IpsecConnectionTunnelManagementBgpSessionInfoArgs{
    					CustomerBgpAsn:      pulumi.Any(_var.Ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn),
    					CustomerInterfaceIp: pulumi.Any(_var.Ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip),
    					OracleInterfaceIp:   pulumi.Any(_var.Ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip),
    				},
    			},
    			DisplayName: pulumi.Any(_var.Ip_sec_connection_tunnel_management_display_name),
    			EncryptionDomainConfig: &core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs{
    				CpeTrafficSelectors:    pulumi.Any(_var.Ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector),
    				OracleTrafficSelectors: pulumi.Any(_var.Ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector),
    			},
    			SharedSecret: pulumi.Any(_var.Ip_sec_connection_tunnel_management_shared_secret),
    			IkeVersion:   pulumi.String("V1"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Oci = Pulumi.Oci;
    
    return await Deployment.RunAsync(() => 
    {
        var testIpSecConnectionTunnel = new Oci.Core.IpsecConnectionTunnelManagement("testIpSecConnectionTunnel", new()
        {
            IpsecId = oci_core_ipsec.Test_ipsec.Id,
            TunnelId = data.Oci_core_ipsec_connection_tunnels.Test_ip_sec_connection_tunnels.Ip_sec_connection_tunnels[0].Id,
            Routing = @var.Ip_sec_connection_tunnel_management_routing,
            BgpSessionInfos = new[]
            {
                new Oci.Core.Inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs
                {
                    CustomerBgpAsn = @var.Ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn,
                    CustomerInterfaceIp = @var.Ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip,
                    OracleInterfaceIp = @var.Ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip,
                },
            },
            DisplayName = @var.Ip_sec_connection_tunnel_management_display_name,
            EncryptionDomainConfig = new Oci.Core.Inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
            {
                CpeTrafficSelectors = @var.Ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector,
                OracleTrafficSelectors = @var.Ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector,
            },
            SharedSecret = @var.Ip_sec_connection_tunnel_management_shared_secret,
            IkeVersion = "V1",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.oci.Core.IpsecConnectionTunnelManagement;
    import com.pulumi.oci.Core.IpsecConnectionTunnelManagementArgs;
    import com.pulumi.oci.Core.inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs;
    import com.pulumi.oci.Core.inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testIpSecConnectionTunnel = new IpsecConnectionTunnelManagement("testIpSecConnectionTunnel", IpsecConnectionTunnelManagementArgs.builder()        
                .ipsecId(oci_core_ipsec.test_ipsec().id())
                .tunnelId(data.oci_core_ipsec_connection_tunnels().test_ip_sec_connection_tunnels().ip_sec_connection_tunnels()[0].id())
                .routing(var_.ip_sec_connection_tunnel_management_routing())
                .bgpSessionInfos(IpsecConnectionTunnelManagementBgpSessionInfoArgs.builder()
                    .customerBgpAsn(var_.ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn())
                    .customerInterfaceIp(var_.ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip())
                    .oracleInterfaceIp(var_.ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip())
                    .build())
                .displayName(var_.ip_sec_connection_tunnel_management_display_name())
                .encryptionDomainConfig(IpsecConnectionTunnelManagementEncryptionDomainConfigArgs.builder()
                    .cpeTrafficSelectors(var_.ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector())
                    .oracleTrafficSelectors(var_.ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector())
                    .build())
                .sharedSecret(var_.ip_sec_connection_tunnel_management_shared_secret())
                .ikeVersion("V1")
                .build());
    
        }
    }
    
    resources:
      testIpSecConnectionTunnel:
        type: oci:Core:IpsecConnectionTunnelManagement
        properties:
          #Required
          ipsecId: ${oci_core_ipsec.test_ipsec.id}
          tunnelId: ${data.oci_core_ipsec_connection_tunnels.test_ip_sec_connection_tunnels.ip_sec_connection_tunnels[0].id}
          #Optional
          routing: ${var.ip_sec_connection_tunnel_management_routing}
          bgpSessionInfos:
            - customerBgpAsn: ${var.ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn}
              customerInterfaceIp: ${var.ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip}
              oracleInterfaceIp: ${var.ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip}
          displayName: ${var.ip_sec_connection_tunnel_management_display_name}
          encryptionDomainConfig:
            cpeTrafficSelectors: ${var.ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector}
            oracleTrafficSelectors: ${var.ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector}
          sharedSecret: ${var.ip_sec_connection_tunnel_management_shared_secret}
          ikeVersion: V1
    

    Create IpsecConnectionTunnelManagement Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new IpsecConnectionTunnelManagement(name: string, args: IpsecConnectionTunnelManagementArgs, opts?: CustomResourceOptions);
    @overload
    def IpsecConnectionTunnelManagement(resource_name: str,
                                        args: IpsecConnectionTunnelManagementArgs,
                                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def IpsecConnectionTunnelManagement(resource_name: str,
                                        opts: Optional[ResourceOptions] = None,
                                        ipsec_id: Optional[str] = None,
                                        tunnel_id: Optional[str] = None,
                                        nat_translation_enabled: Optional[str] = None,
                                        encryption_domain_config: Optional[_core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs] = None,
                                        ike_version: Optional[str] = None,
                                        dpd_configs: Optional[Sequence[_core.IpsecConnectionTunnelManagementDpdConfigArgs]] = None,
                                        bgp_session_infos: Optional[Sequence[_core.IpsecConnectionTunnelManagementBgpSessionInfoArgs]] = None,
                                        oracle_can_initiate: Optional[str] = None,
                                        phase_one_details: Optional[Sequence[_core.IpsecConnectionTunnelManagementPhaseOneDetailArgs]] = None,
                                        phase_two_details: Optional[Sequence[_core.IpsecConnectionTunnelManagementPhaseTwoDetailArgs]] = None,
                                        routing: Optional[str] = None,
                                        shared_secret: Optional[str] = None,
                                        display_name: Optional[str] = None)
    func NewIpsecConnectionTunnelManagement(ctx *Context, name string, args IpsecConnectionTunnelManagementArgs, opts ...ResourceOption) (*IpsecConnectionTunnelManagement, error)
    public IpsecConnectionTunnelManagement(string name, IpsecConnectionTunnelManagementArgs args, CustomResourceOptions? opts = null)
    public IpsecConnectionTunnelManagement(String name, IpsecConnectionTunnelManagementArgs args)
    public IpsecConnectionTunnelManagement(String name, IpsecConnectionTunnelManagementArgs args, CustomResourceOptions options)
    
    type: oci:Core:IpsecConnectionTunnelManagement
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args IpsecConnectionTunnelManagementArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args IpsecConnectionTunnelManagementArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args IpsecConnectionTunnelManagementArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args IpsecConnectionTunnelManagementArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args IpsecConnectionTunnelManagementArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var ipsecConnectionTunnelManagementResource = new Oci.Core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", new()
    {
        IpsecId = "string",
        TunnelId = "string",
        NatTranslationEnabled = "string",
        EncryptionDomainConfig = new Oci.Core.Inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
        {
            CpeTrafficSelectors = new[]
            {
                "string",
            },
            OracleTrafficSelectors = new[]
            {
                "string",
            },
        },
        IkeVersion = "string",
        DpdConfigs = new[]
        {
            new Oci.Core.Inputs.IpsecConnectionTunnelManagementDpdConfigArgs
            {
                DpdMode = "string",
                DpdTimeoutInSec = 0,
            },
        },
        BgpSessionInfos = new[]
        {
            new Oci.Core.Inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs
            {
                BgpIpv6State = "string",
                BgpState = "string",
                CustomerBgpAsn = "string",
                CustomerInterfaceIp = "string",
                CustomerInterfaceIpv6 = "string",
                OracleBgpAsn = "string",
                OracleInterfaceIp = "string",
                OracleInterfaceIpv6 = "string",
            },
        },
        OracleCanInitiate = "string",
        PhaseOneDetails = new[]
        {
            new Oci.Core.Inputs.IpsecConnectionTunnelManagementPhaseOneDetailArgs
            {
                CustomAuthenticationAlgorithm = "string",
                CustomDhGroup = "string",
                CustomEncryptionAlgorithm = "string",
                IsCustomPhaseOneConfig = false,
                IsIkeEstablished = false,
                Lifetime = 0,
                NegotiatedAuthenticationAlgorithm = "string",
                NegotiatedDhGroup = "string",
                NegotiatedEncryptionAlgorithm = "string",
                RemainingLifetimeInt = 0,
                RemainingLifetimeLastRetrieved = "string",
            },
        },
        PhaseTwoDetails = new[]
        {
            new Oci.Core.Inputs.IpsecConnectionTunnelManagementPhaseTwoDetailArgs
            {
                CustomAuthenticationAlgorithm = "string",
                CustomEncryptionAlgorithm = "string",
                DhGroup = "string",
                IsCustomPhaseTwoConfig = false,
                IsEspEstablished = false,
                IsPfsEnabled = false,
                Lifetime = 0,
                NegotiatedAuthenticationAlgorithm = "string",
                NegotiatedDhGroup = "string",
                NegotiatedEncryptionAlgorithm = "string",
                RemainingLifetimeInt = 0,
                RemainingLifetimeLastRetrieved = "string",
            },
        },
        Routing = "string",
        SharedSecret = "string",
        DisplayName = "string",
    });
    
    example, err := Core.NewIpsecConnectionTunnelManagement(ctx, "ipsecConnectionTunnelManagementResource", &Core.IpsecConnectionTunnelManagementArgs{
    	IpsecId:               pulumi.String("string"),
    	TunnelId:              pulumi.String("string"),
    	NatTranslationEnabled: pulumi.String("string"),
    	EncryptionDomainConfig: &core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs{
    		CpeTrafficSelectors: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		OracleTrafficSelectors: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	IkeVersion: pulumi.String("string"),
    	DpdConfigs: core.IpsecConnectionTunnelManagementDpdConfigArray{
    		&core.IpsecConnectionTunnelManagementDpdConfigArgs{
    			DpdMode:         pulumi.String("string"),
    			DpdTimeoutInSec: pulumi.Int(0),
    		},
    	},
    	BgpSessionInfos: core.IpsecConnectionTunnelManagementBgpSessionInfoArray{
    		&core.IpsecConnectionTunnelManagementBgpSessionInfoArgs{
    			BgpIpv6State:          pulumi.String("string"),
    			BgpState:              pulumi.String("string"),
    			CustomerBgpAsn:        pulumi.String("string"),
    			CustomerInterfaceIp:   pulumi.String("string"),
    			CustomerInterfaceIpv6: pulumi.String("string"),
    			OracleBgpAsn:          pulumi.String("string"),
    			OracleInterfaceIp:     pulumi.String("string"),
    			OracleInterfaceIpv6:   pulumi.String("string"),
    		},
    	},
    	OracleCanInitiate: pulumi.String("string"),
    	PhaseOneDetails: core.IpsecConnectionTunnelManagementPhaseOneDetailArray{
    		&core.IpsecConnectionTunnelManagementPhaseOneDetailArgs{
    			CustomAuthenticationAlgorithm:     pulumi.String("string"),
    			CustomDhGroup:                     pulumi.String("string"),
    			CustomEncryptionAlgorithm:         pulumi.String("string"),
    			IsCustomPhaseOneConfig:            pulumi.Bool(false),
    			IsIkeEstablished:                  pulumi.Bool(false),
    			Lifetime:                          pulumi.Int(0),
    			NegotiatedAuthenticationAlgorithm: pulumi.String("string"),
    			NegotiatedDhGroup:                 pulumi.String("string"),
    			NegotiatedEncryptionAlgorithm:     pulumi.String("string"),
    			RemainingLifetimeInt:              pulumi.Int(0),
    			RemainingLifetimeLastRetrieved:    pulumi.String("string"),
    		},
    	},
    	PhaseTwoDetails: core.IpsecConnectionTunnelManagementPhaseTwoDetailArray{
    		&core.IpsecConnectionTunnelManagementPhaseTwoDetailArgs{
    			CustomAuthenticationAlgorithm:     pulumi.String("string"),
    			CustomEncryptionAlgorithm:         pulumi.String("string"),
    			DhGroup:                           pulumi.String("string"),
    			IsCustomPhaseTwoConfig:            pulumi.Bool(false),
    			IsEspEstablished:                  pulumi.Bool(false),
    			IsPfsEnabled:                      pulumi.Bool(false),
    			Lifetime:                          pulumi.Int(0),
    			NegotiatedAuthenticationAlgorithm: pulumi.String("string"),
    			NegotiatedDhGroup:                 pulumi.String("string"),
    			NegotiatedEncryptionAlgorithm:     pulumi.String("string"),
    			RemainingLifetimeInt:              pulumi.Int(0),
    			RemainingLifetimeLastRetrieved:    pulumi.String("string"),
    		},
    	},
    	Routing:      pulumi.String("string"),
    	SharedSecret: pulumi.String("string"),
    	DisplayName:  pulumi.String("string"),
    })
    
    var ipsecConnectionTunnelManagementResource = new IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", IpsecConnectionTunnelManagementArgs.builder()        
        .ipsecId("string")
        .tunnelId("string")
        .natTranslationEnabled("string")
        .encryptionDomainConfig(IpsecConnectionTunnelManagementEncryptionDomainConfigArgs.builder()
            .cpeTrafficSelectors("string")
            .oracleTrafficSelectors("string")
            .build())
        .ikeVersion("string")
        .dpdConfigs(IpsecConnectionTunnelManagementDpdConfigArgs.builder()
            .dpdMode("string")
            .dpdTimeoutInSec(0)
            .build())
        .bgpSessionInfos(IpsecConnectionTunnelManagementBgpSessionInfoArgs.builder()
            .bgpIpv6State("string")
            .bgpState("string")
            .customerBgpAsn("string")
            .customerInterfaceIp("string")
            .customerInterfaceIpv6("string")
            .oracleBgpAsn("string")
            .oracleInterfaceIp("string")
            .oracleInterfaceIpv6("string")
            .build())
        .oracleCanInitiate("string")
        .phaseOneDetails(IpsecConnectionTunnelManagementPhaseOneDetailArgs.builder()
            .customAuthenticationAlgorithm("string")
            .customDhGroup("string")
            .customEncryptionAlgorithm("string")
            .isCustomPhaseOneConfig(false)
            .isIkeEstablished(false)
            .lifetime(0)
            .negotiatedAuthenticationAlgorithm("string")
            .negotiatedDhGroup("string")
            .negotiatedEncryptionAlgorithm("string")
            .remainingLifetimeInt(0)
            .remainingLifetimeLastRetrieved("string")
            .build())
        .phaseTwoDetails(IpsecConnectionTunnelManagementPhaseTwoDetailArgs.builder()
            .customAuthenticationAlgorithm("string")
            .customEncryptionAlgorithm("string")
            .dhGroup("string")
            .isCustomPhaseTwoConfig(false)
            .isEspEstablished(false)
            .isPfsEnabled(false)
            .lifetime(0)
            .negotiatedAuthenticationAlgorithm("string")
            .negotiatedDhGroup("string")
            .negotiatedEncryptionAlgorithm("string")
            .remainingLifetimeInt(0)
            .remainingLifetimeLastRetrieved("string")
            .build())
        .routing("string")
        .sharedSecret("string")
        .displayName("string")
        .build());
    
    ipsec_connection_tunnel_management_resource = oci.core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource",
        ipsec_id="string",
        tunnel_id="string",
        nat_translation_enabled="string",
        encryption_domain_config=oci.core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs(
            cpe_traffic_selectors=["string"],
            oracle_traffic_selectors=["string"],
        ),
        ike_version="string",
        dpd_configs=[oci.core.IpsecConnectionTunnelManagementDpdConfigArgs(
            dpd_mode="string",
            dpd_timeout_in_sec=0,
        )],
        bgp_session_infos=[oci.core.IpsecConnectionTunnelManagementBgpSessionInfoArgs(
            bgp_ipv6_state="string",
            bgp_state="string",
            customer_bgp_asn="string",
            customer_interface_ip="string",
            customer_interface_ipv6="string",
            oracle_bgp_asn="string",
            oracle_interface_ip="string",
            oracle_interface_ipv6="string",
        )],
        oracle_can_initiate="string",
        phase_one_details=[oci.core.IpsecConnectionTunnelManagementPhaseOneDetailArgs(
            custom_authentication_algorithm="string",
            custom_dh_group="string",
            custom_encryption_algorithm="string",
            is_custom_phase_one_config=False,
            is_ike_established=False,
            lifetime=0,
            negotiated_authentication_algorithm="string",
            negotiated_dh_group="string",
            negotiated_encryption_algorithm="string",
            remaining_lifetime_int=0,
            remaining_lifetime_last_retrieved="string",
        )],
        phase_two_details=[oci.core.IpsecConnectionTunnelManagementPhaseTwoDetailArgs(
            custom_authentication_algorithm="string",
            custom_encryption_algorithm="string",
            dh_group="string",
            is_custom_phase_two_config=False,
            is_esp_established=False,
            is_pfs_enabled=False,
            lifetime=0,
            negotiated_authentication_algorithm="string",
            negotiated_dh_group="string",
            negotiated_encryption_algorithm="string",
            remaining_lifetime_int=0,
            remaining_lifetime_last_retrieved="string",
        )],
        routing="string",
        shared_secret="string",
        display_name="string")
    
    const ipsecConnectionTunnelManagementResource = new oci.core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", {
        ipsecId: "string",
        tunnelId: "string",
        natTranslationEnabled: "string",
        encryptionDomainConfig: {
            cpeTrafficSelectors: ["string"],
            oracleTrafficSelectors: ["string"],
        },
        ikeVersion: "string",
        dpdConfigs: [{
            dpdMode: "string",
            dpdTimeoutInSec: 0,
        }],
        bgpSessionInfos: [{
            bgpIpv6State: "string",
            bgpState: "string",
            customerBgpAsn: "string",
            customerInterfaceIp: "string",
            customerInterfaceIpv6: "string",
            oracleBgpAsn: "string",
            oracleInterfaceIp: "string",
            oracleInterfaceIpv6: "string",
        }],
        oracleCanInitiate: "string",
        phaseOneDetails: [{
            customAuthenticationAlgorithm: "string",
            customDhGroup: "string",
            customEncryptionAlgorithm: "string",
            isCustomPhaseOneConfig: false,
            isIkeEstablished: false,
            lifetime: 0,
            negotiatedAuthenticationAlgorithm: "string",
            negotiatedDhGroup: "string",
            negotiatedEncryptionAlgorithm: "string",
            remainingLifetimeInt: 0,
            remainingLifetimeLastRetrieved: "string",
        }],
        phaseTwoDetails: [{
            customAuthenticationAlgorithm: "string",
            customEncryptionAlgorithm: "string",
            dhGroup: "string",
            isCustomPhaseTwoConfig: false,
            isEspEstablished: false,
            isPfsEnabled: false,
            lifetime: 0,
            negotiatedAuthenticationAlgorithm: "string",
            negotiatedDhGroup: "string",
            negotiatedEncryptionAlgorithm: "string",
            remainingLifetimeInt: 0,
            remainingLifetimeLastRetrieved: "string",
        }],
        routing: "string",
        sharedSecret: "string",
        displayName: "string",
    });
    
    type: oci:Core:IpsecConnectionTunnelManagement
    properties:
        bgpSessionInfos:
            - bgpIpv6State: string
              bgpState: string
              customerBgpAsn: string
              customerInterfaceIp: string
              customerInterfaceIpv6: string
              oracleBgpAsn: string
              oracleInterfaceIp: string
              oracleInterfaceIpv6: string
        displayName: string
        dpdConfigs:
            - dpdMode: string
              dpdTimeoutInSec: 0
        encryptionDomainConfig:
            cpeTrafficSelectors:
                - string
            oracleTrafficSelectors:
                - string
        ikeVersion: string
        ipsecId: string
        natTranslationEnabled: string
        oracleCanInitiate: string
        phaseOneDetails:
            - customAuthenticationAlgorithm: string
              customDhGroup: string
              customEncryptionAlgorithm: string
              isCustomPhaseOneConfig: false
              isIkeEstablished: false
              lifetime: 0
              negotiatedAuthenticationAlgorithm: string
              negotiatedDhGroup: string
              negotiatedEncryptionAlgorithm: string
              remainingLifetimeInt: 0
              remainingLifetimeLastRetrieved: string
        phaseTwoDetails:
            - customAuthenticationAlgorithm: string
              customEncryptionAlgorithm: string
              dhGroup: string
              isCustomPhaseTwoConfig: false
              isEspEstablished: false
              isPfsEnabled: false
              lifetime: 0
              negotiatedAuthenticationAlgorithm: string
              negotiatedDhGroup: string
              negotiatedEncryptionAlgorithm: string
              remainingLifetimeInt: 0
              remainingLifetimeLastRetrieved: string
        routing: string
        sharedSecret: string
        tunnelId: string
    

    IpsecConnectionTunnelManagement Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The IpsecConnectionTunnelManagement resource accepts the following input properties:

    IpsecId string
    The OCID of the IPSec connection.
    TunnelId string
    The OCID of the IPSec connection's tunnel.
    BgpSessionInfos List<IpsecConnectionTunnelManagementBgpSessionInfo>

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    DisplayName string
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    DpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
    EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    IkeVersion string
    Internet Key Exchange protocol version.
    NatTranslationEnabled string

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    OracleCanInitiate string
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    PhaseOneDetails List<IpsecConnectionTunnelManagementPhaseOneDetail>

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    PhaseTwoDetails List<IpsecConnectionTunnelManagementPhaseTwoDetail>

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    Routing string
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    SharedSecret string
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    IpsecId string
    The OCID of the IPSec connection.
    TunnelId string
    The OCID of the IPSec connection's tunnel.
    BgpSessionInfos []IpsecConnectionTunnelManagementBgpSessionInfoArgs

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    DisplayName string
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    DpdConfigs []IpsecConnectionTunnelManagementDpdConfigArgs
    EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    IkeVersion string
    Internet Key Exchange protocol version.
    NatTranslationEnabled string

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    OracleCanInitiate string
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    PhaseOneDetails []IpsecConnectionTunnelManagementPhaseOneDetailArgs

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    PhaseTwoDetails []IpsecConnectionTunnelManagementPhaseTwoDetailArgs

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    Routing string
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    SharedSecret string
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    ipsecId String
    The OCID of the IPSec connection.
    tunnelId String
    The OCID of the IPSec connection's tunnel.
    bgpSessionInfos List<IpsecConnectionTunnelManagementBgpSessionInfo>

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    displayName String
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
    encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ikeVersion String
    Internet Key Exchange protocol version.
    natTranslationEnabled String

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracleCanInitiate String
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phaseOneDetails List<IpsecConnectionTunnelManagementPhaseOneDetail>

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phaseTwoDetails List<IpsecConnectionTunnelManagementPhaseTwoDetail>

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing String
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    sharedSecret String
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    ipsecId string
    The OCID of the IPSec connection.
    tunnelId string
    The OCID of the IPSec connection's tunnel.
    bgpSessionInfos IpsecConnectionTunnelManagementBgpSessionInfo[]

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    displayName string
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpdConfigs IpsecConnectionTunnelManagementDpdConfig[]
    encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ikeVersion string
    Internet Key Exchange protocol version.
    natTranslationEnabled string

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracleCanInitiate string
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetail[]

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetail[]

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing string
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    sharedSecret string
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    ipsec_id str
    The OCID of the IPSec connection.
    tunnel_id str
    The OCID of the IPSec connection's tunnel.
    bgp_session_infos Sequence[core.IpsecConnectionTunnelManagementBgpSessionInfoArgs]

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    display_name str
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpd_configs Sequence[core.IpsecConnectionTunnelManagementDpdConfigArgs]
    encryption_domain_config core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ike_version str
    Internet Key Exchange protocol version.
    nat_translation_enabled str

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracle_can_initiate str
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phase_one_details Sequence[core.IpsecConnectionTunnelManagementPhaseOneDetailArgs]

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phase_two_details Sequence[core.IpsecConnectionTunnelManagementPhaseTwoDetailArgs]

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing str
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    shared_secret str
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    ipsecId String
    The OCID of the IPSec connection.
    tunnelId String
    The OCID of the IPSec connection's tunnel.
    bgpSessionInfos List<Property Map>

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    displayName String
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpdConfigs List<Property Map>
    encryptionDomainConfig Property Map
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ikeVersion String
    Internet Key Exchange protocol version.
    natTranslationEnabled String

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracleCanInitiate String
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phaseOneDetails List<Property Map>

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phaseTwoDetails List<Property Map>

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing String
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    sharedSecret String
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o

    Outputs

    All input properties are implicitly available as output properties. Additionally, the IpsecConnectionTunnelManagement resource produces the following output properties:

    AssociatedVirtualCircuits List<string>
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    CompartmentId string
    The OCID of the compartment containing the tunnel.
    CpeIp string
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    DpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    DpdTimeoutInSec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    Id string
    The provider-assigned unique ID for this managed resource.
    State string
    The IPSec connection's tunnel's lifecycle state.
    Status string
    The tunnel's current state.
    TimeCreated string
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    TimeStatusUpdated string
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    VpnIp string
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    AssociatedVirtualCircuits []string
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    CompartmentId string
    The OCID of the compartment containing the tunnel.
    CpeIp string
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    DpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    DpdTimeoutInSec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    Id string
    The provider-assigned unique ID for this managed resource.
    State string
    The IPSec connection's tunnel's lifecycle state.
    Status string
    The tunnel's current state.
    TimeCreated string
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    TimeStatusUpdated string
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    VpnIp string
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associatedVirtualCircuits List<String>
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    compartmentId String
    The OCID of the compartment containing the tunnel.
    cpeIp String
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    dpdMode String
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec Integer
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    id String
    The provider-assigned unique ID for this managed resource.
    state String
    The IPSec connection's tunnel's lifecycle state.
    status String
    The tunnel's current state.
    timeCreated String
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    timeStatusUpdated String
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    vpnIp String
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associatedVirtualCircuits string[]
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    compartmentId string
    The OCID of the compartment containing the tunnel.
    cpeIp string
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    dpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec number
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    id string
    The provider-assigned unique ID for this managed resource.
    state string
    The IPSec connection's tunnel's lifecycle state.
    status string
    The tunnel's current state.
    timeCreated string
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    timeStatusUpdated string
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    vpnIp string
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associated_virtual_circuits Sequence[str]
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    compartment_id str
    The OCID of the compartment containing the tunnel.
    cpe_ip str
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    dpd_mode str
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpd_timeout_in_sec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    id str
    The provider-assigned unique ID for this managed resource.
    state str
    The IPSec connection's tunnel's lifecycle state.
    status str
    The tunnel's current state.
    time_created str
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    time_status_updated str
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    vpn_ip str
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associatedVirtualCircuits List<String>
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    compartmentId String
    The OCID of the compartment containing the tunnel.
    cpeIp String
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    dpdMode String
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec Number
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    id String
    The provider-assigned unique ID for this managed resource.
    state String
    The IPSec connection's tunnel's lifecycle state.
    status String
    The tunnel's current state.
    timeCreated String
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    timeStatusUpdated String
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    vpnIp String
    The IP address of Oracle's VPN headend. Example: 129.146.17.50

    Look up Existing IpsecConnectionTunnelManagement Resource

    Get an existing IpsecConnectionTunnelManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: IpsecConnectionTunnelManagementState, opts?: CustomResourceOptions): IpsecConnectionTunnelManagement
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            associated_virtual_circuits: Optional[Sequence[str]] = None,
            bgp_session_infos: Optional[Sequence[_core.IpsecConnectionTunnelManagementBgpSessionInfoArgs]] = None,
            compartment_id: Optional[str] = None,
            cpe_ip: Optional[str] = None,
            display_name: Optional[str] = None,
            dpd_configs: Optional[Sequence[_core.IpsecConnectionTunnelManagementDpdConfigArgs]] = None,
            dpd_mode: Optional[str] = None,
            dpd_timeout_in_sec: Optional[int] = None,
            encryption_domain_config: Optional[_core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs] = None,
            ike_version: Optional[str] = None,
            ipsec_id: Optional[str] = None,
            nat_translation_enabled: Optional[str] = None,
            oracle_can_initiate: Optional[str] = None,
            phase_one_details: Optional[Sequence[_core.IpsecConnectionTunnelManagementPhaseOneDetailArgs]] = None,
            phase_two_details: Optional[Sequence[_core.IpsecConnectionTunnelManagementPhaseTwoDetailArgs]] = None,
            routing: Optional[str] = None,
            shared_secret: Optional[str] = None,
            state: Optional[str] = None,
            status: Optional[str] = None,
            time_created: Optional[str] = None,
            time_status_updated: Optional[str] = None,
            tunnel_id: Optional[str] = None,
            vpn_ip: Optional[str] = None) -> IpsecConnectionTunnelManagement
    func GetIpsecConnectionTunnelManagement(ctx *Context, name string, id IDInput, state *IpsecConnectionTunnelManagementState, opts ...ResourceOption) (*IpsecConnectionTunnelManagement, error)
    public static IpsecConnectionTunnelManagement Get(string name, Input<string> id, IpsecConnectionTunnelManagementState? state, CustomResourceOptions? opts = null)
    public static IpsecConnectionTunnelManagement get(String name, Output<String> id, IpsecConnectionTunnelManagementState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AssociatedVirtualCircuits List<string>
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    BgpSessionInfos List<IpsecConnectionTunnelManagementBgpSessionInfo>

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    CompartmentId string
    The OCID of the compartment containing the tunnel.
    CpeIp string
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    DisplayName string
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    DpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
    DpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    DpdTimeoutInSec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    IkeVersion string
    Internet Key Exchange protocol version.
    IpsecId string
    The OCID of the IPSec connection.
    NatTranslationEnabled string

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    OracleCanInitiate string
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    PhaseOneDetails List<IpsecConnectionTunnelManagementPhaseOneDetail>

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    PhaseTwoDetails List<IpsecConnectionTunnelManagementPhaseTwoDetail>

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    Routing string
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    SharedSecret string
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    State string
    The IPSec connection's tunnel's lifecycle state.
    Status string
    The tunnel's current state.
    TimeCreated string
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    TimeStatusUpdated string
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    TunnelId string
    The OCID of the IPSec connection's tunnel.
    VpnIp string
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    AssociatedVirtualCircuits []string
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    BgpSessionInfos []IpsecConnectionTunnelManagementBgpSessionInfoArgs

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    CompartmentId string
    The OCID of the compartment containing the tunnel.
    CpeIp string
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    DisplayName string
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    DpdConfigs []IpsecConnectionTunnelManagementDpdConfigArgs
    DpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    DpdTimeoutInSec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    IkeVersion string
    Internet Key Exchange protocol version.
    IpsecId string
    The OCID of the IPSec connection.
    NatTranslationEnabled string

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    OracleCanInitiate string
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    PhaseOneDetails []IpsecConnectionTunnelManagementPhaseOneDetailArgs

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    PhaseTwoDetails []IpsecConnectionTunnelManagementPhaseTwoDetailArgs

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    Routing string
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    SharedSecret string
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    State string
    The IPSec connection's tunnel's lifecycle state.
    Status string
    The tunnel's current state.
    TimeCreated string
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    TimeStatusUpdated string
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    TunnelId string
    The OCID of the IPSec connection's tunnel.
    VpnIp string
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associatedVirtualCircuits List<String>
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    bgpSessionInfos List<IpsecConnectionTunnelManagementBgpSessionInfo>

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    compartmentId String
    The OCID of the compartment containing the tunnel.
    cpeIp String
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    displayName String
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
    dpdMode String
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec Integer
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ikeVersion String
    Internet Key Exchange protocol version.
    ipsecId String
    The OCID of the IPSec connection.
    natTranslationEnabled String

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracleCanInitiate String
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phaseOneDetails List<IpsecConnectionTunnelManagementPhaseOneDetail>

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phaseTwoDetails List<IpsecConnectionTunnelManagementPhaseTwoDetail>

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing String
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    sharedSecret String
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    state String
    The IPSec connection's tunnel's lifecycle state.
    status String
    The tunnel's current state.
    timeCreated String
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    timeStatusUpdated String
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    tunnelId String
    The OCID of the IPSec connection's tunnel.
    vpnIp String
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associatedVirtualCircuits string[]
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    bgpSessionInfos IpsecConnectionTunnelManagementBgpSessionInfo[]

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    compartmentId string
    The OCID of the compartment containing the tunnel.
    cpeIp string
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    displayName string
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpdConfigs IpsecConnectionTunnelManagementDpdConfig[]
    dpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec number
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ikeVersion string
    Internet Key Exchange protocol version.
    ipsecId string
    The OCID of the IPSec connection.
    natTranslationEnabled string

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracleCanInitiate string
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetail[]

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetail[]

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing string
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    sharedSecret string
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    state string
    The IPSec connection's tunnel's lifecycle state.
    status string
    The tunnel's current state.
    timeCreated string
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    timeStatusUpdated string
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    tunnelId string
    The OCID of the IPSec connection's tunnel.
    vpnIp string
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associated_virtual_circuits Sequence[str]
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    bgp_session_infos Sequence[core.IpsecConnectionTunnelManagementBgpSessionInfoArgs]

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    compartment_id str
    The OCID of the compartment containing the tunnel.
    cpe_ip str
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    display_name str
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpd_configs Sequence[core.IpsecConnectionTunnelManagementDpdConfigArgs]
    dpd_mode str
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpd_timeout_in_sec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    encryption_domain_config core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ike_version str
    Internet Key Exchange protocol version.
    ipsec_id str
    The OCID of the IPSec connection.
    nat_translation_enabled str

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracle_can_initiate str
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phase_one_details Sequence[core.IpsecConnectionTunnelManagementPhaseOneDetailArgs]

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phase_two_details Sequence[core.IpsecConnectionTunnelManagementPhaseTwoDetailArgs]

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing str
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    shared_secret str
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    state str
    The IPSec connection's tunnel's lifecycle state.
    status str
    The tunnel's current state.
    time_created str
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    time_status_updated str
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    tunnel_id str
    The OCID of the IPSec connection's tunnel.
    vpn_ip str
    The IP address of Oracle's VPN headend. Example: 129.146.17.50
    associatedVirtualCircuits List<String>
    The list of virtual circuit OCIDs over which your network can reach this tunnel.
    bgpSessionInfos List<Property Map>

    Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

    If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

    compartmentId String
    The OCID of the compartment containing the tunnel.
    cpeIp String
    The IP address of the CPE device's VPN headend. Example: 203.0.113.22
    displayName String
    A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
    dpdConfigs List<Property Map>
    dpdMode String
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec Number
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    encryptionDomainConfig Property Map
    Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
    ikeVersion String
    Internet Key Exchange protocol version.
    ipsecId String
    The OCID of the IPSec connection.
    natTranslationEnabled String

    By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

    The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

    The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

    oracleCanInitiate String
    Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
    phaseOneDetails List<Property Map>

    Configuration details for IKE phase one (ISAKMP) configuration parameters.

    See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

    phaseTwoDetails List<Property Map>

    Configuration details for IPSec phase two configuration parameters.

    See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

    routing String
    The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
    sharedSecret String
    The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
    state String
    The IPSec connection's tunnel's lifecycle state.
    status String
    The tunnel's current state.
    timeCreated String
    The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    timeStatusUpdated String
    When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    tunnelId String
    The OCID of the IPSec connection's tunnel.
    vpnIp String
    The IP address of Oracle's VPN headend. Example: 129.146.17.50

    Supporting Types

    IpsecConnectionTunnelManagementBgpSessionInfo, IpsecConnectionTunnelManagementBgpSessionInfoArgs

    BgpIpv6State string
    The state of the BGP IPv6 session.
    BgpIpv6state string

    Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

    BgpState string
    The state of the BGP session.
    CustomerBgpAsn string

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

    If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

    Example: 12345 (2-byte) or 1587232876 (4-byte)

    CustomerInterfaceIp string

    The IP address for the CPE end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.5/31

    CustomerInterfaceIpv6 string

    The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    OracleBgpAsn string
    The Oracle BGP ASN.
    OracleInterfaceIp string

    The IP address for the Oracle end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.4/31

    OracleInterfaceIpv6 string

    The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    BgpIpv6State string
    The state of the BGP IPv6 session.
    BgpIpv6state string

    Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

    BgpState string
    The state of the BGP session.
    CustomerBgpAsn string

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

    If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

    Example: 12345 (2-byte) or 1587232876 (4-byte)

    CustomerInterfaceIp string

    The IP address for the CPE end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.5/31

    CustomerInterfaceIpv6 string

    The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    OracleBgpAsn string
    The Oracle BGP ASN.
    OracleInterfaceIp string

    The IP address for the Oracle end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.4/31

    OracleInterfaceIpv6 string

    The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    bgpIpv6State String
    The state of the BGP IPv6 session.
    bgpIpv6state String

    Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

    bgpState String
    The state of the BGP session.
    customerBgpAsn String

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

    If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

    Example: 12345 (2-byte) or 1587232876 (4-byte)

    customerInterfaceIp String

    The IP address for the CPE end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.5/31

    customerInterfaceIpv6 String

    The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    oracleBgpAsn String
    The Oracle BGP ASN.
    oracleInterfaceIp String

    The IP address for the Oracle end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.4/31

    oracleInterfaceIpv6 String

    The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    bgpIpv6State string
    The state of the BGP IPv6 session.
    bgpIpv6state string

    Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

    bgpState string
    The state of the BGP session.
    customerBgpAsn string

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

    If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

    Example: 12345 (2-byte) or 1587232876 (4-byte)

    customerInterfaceIp string

    The IP address for the CPE end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.5/31

    customerInterfaceIpv6 string

    The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    oracleBgpAsn string
    The Oracle BGP ASN.
    oracleInterfaceIp string

    The IP address for the Oracle end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.4/31

    oracleInterfaceIpv6 string

    The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    bgp_ipv6_state str
    The state of the BGP IPv6 session.
    bgp_ipv6state str

    Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

    bgp_state str
    The state of the BGP session.
    customer_bgp_asn str

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

    If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

    Example: 12345 (2-byte) or 1587232876 (4-byte)

    customer_interface_ip str

    The IP address for the CPE end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.5/31

    customer_interface_ipv6 str

    The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    oracle_bgp_asn str
    The Oracle BGP ASN.
    oracle_interface_ip str

    The IP address for the Oracle end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.4/31

    oracle_interface_ipv6 str

    The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    bgpIpv6State String
    The state of the BGP IPv6 session.
    bgpIpv6state String

    Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

    bgpState String
    The state of the BGP session.
    customerBgpAsn String

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

    If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

    Example: 12345 (2-byte) or 1587232876 (4-byte)

    customerInterfaceIp String

    The IP address for the CPE end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.5/31

    customerInterfaceIpv6 String

    The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    oracleBgpAsn String
    The Oracle BGP ASN.
    oracleInterfaceIp String

    The IP address for the Oracle end of the inside tunnel interface.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

    If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

    The value must be a /30 or /31.

    Example: 10.0.0.4/31

    oracleInterfaceIpv6 String

    The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

    If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

    If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

    Only subnet masks from /64 up to /127 are allowed.

    Example: 2001:db8::1/64

    IpsecConnectionTunnelManagementDpdConfig, IpsecConnectionTunnelManagementDpdConfigArgs

    DpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    DpdTimeoutInSec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    DpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    DpdTimeoutInSec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    dpdMode String
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec Integer
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    dpdMode string
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec number
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    dpd_mode str
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpd_timeout_in_sec int
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
    dpdMode String
    This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
    dpdTimeoutInSec Number
    DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.

    IpsecConnectionTunnelManagementEncryptionDomainConfig, IpsecConnectionTunnelManagementEncryptionDomainConfigArgs

    CpeTrafficSelectors List<string>
    Lists IPv4 or IPv6-enabled subnets in your on-premises network.
    OracleTrafficSelectors List<string>
    Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
    CpeTrafficSelectors []string
    Lists IPv4 or IPv6-enabled subnets in your on-premises network.
    OracleTrafficSelectors []string
    Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
    cpeTrafficSelectors List<String>
    Lists IPv4 or IPv6-enabled subnets in your on-premises network.
    oracleTrafficSelectors List<String>
    Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
    cpeTrafficSelectors string[]
    Lists IPv4 or IPv6-enabled subnets in your on-premises network.
    oracleTrafficSelectors string[]
    Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
    cpe_traffic_selectors Sequence[str]
    Lists IPv4 or IPv6-enabled subnets in your on-premises network.
    oracle_traffic_selectors Sequence[str]
    Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
    cpeTrafficSelectors List<String>
    Lists IPv4 or IPv6-enabled subnets in your on-premises network.
    oracleTrafficSelectors List<String>
    Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

    IpsecConnectionTunnelManagementPhaseOneDetail, IpsecConnectionTunnelManagementPhaseOneDetailArgs

    CustomAuthenticationAlgorithm string
    The authentication algorithm proposed during phase two tunnel negotiation.
    CustomDhGroup string
    The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
    CustomEncryptionAlgorithm string
    The encryption algorithm proposed during phase two tunnel negotiation.
    IsCustomPhaseOneConfig bool
    Indicates whether custom configuration is enabled for phase one options.
    IsIkeEstablished bool
    Indicates whether IKE phase one is established.
    Lifetime int
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    NegotiatedAuthenticationAlgorithm string
    The negotiated phase two authentication algorithm.
    NegotiatedDhGroup string
    The negotiated Diffie-Hellman group.
    NegotiatedEncryptionAlgorithm string
    The negotiated encryption algorithm.
    RemainingLifetime string

    Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

    RemainingLifetimeInt int
    The remaining lifetime before the key is refreshed.
    RemainingLifetimeLastRetrieved string
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    CustomAuthenticationAlgorithm string
    The authentication algorithm proposed during phase two tunnel negotiation.
    CustomDhGroup string
    The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
    CustomEncryptionAlgorithm string
    The encryption algorithm proposed during phase two tunnel negotiation.
    IsCustomPhaseOneConfig bool
    Indicates whether custom configuration is enabled for phase one options.
    IsIkeEstablished bool
    Indicates whether IKE phase one is established.
    Lifetime int
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    NegotiatedAuthenticationAlgorithm string
    The negotiated phase two authentication algorithm.
    NegotiatedDhGroup string
    The negotiated Diffie-Hellman group.
    NegotiatedEncryptionAlgorithm string
    The negotiated encryption algorithm.
    RemainingLifetime string

    Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

    RemainingLifetimeInt int
    The remaining lifetime before the key is refreshed.
    RemainingLifetimeLastRetrieved string
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    customAuthenticationAlgorithm String
    The authentication algorithm proposed during phase two tunnel negotiation.
    customDhGroup String
    The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
    customEncryptionAlgorithm String
    The encryption algorithm proposed during phase two tunnel negotiation.
    isCustomPhaseOneConfig Boolean
    Indicates whether custom configuration is enabled for phase one options.
    isIkeEstablished Boolean
    Indicates whether IKE phase one is established.
    lifetime Integer
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiatedAuthenticationAlgorithm String
    The negotiated phase two authentication algorithm.
    negotiatedDhGroup String
    The negotiated Diffie-Hellman group.
    negotiatedEncryptionAlgorithm String
    The negotiated encryption algorithm.
    remainingLifetime String

    Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

    remainingLifetimeInt Integer
    The remaining lifetime before the key is refreshed.
    remainingLifetimeLastRetrieved String
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    customAuthenticationAlgorithm string
    The authentication algorithm proposed during phase two tunnel negotiation.
    customDhGroup string
    The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
    customEncryptionAlgorithm string
    The encryption algorithm proposed during phase two tunnel negotiation.
    isCustomPhaseOneConfig boolean
    Indicates whether custom configuration is enabled for phase one options.
    isIkeEstablished boolean
    Indicates whether IKE phase one is established.
    lifetime number
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiatedAuthenticationAlgorithm string
    The negotiated phase two authentication algorithm.
    negotiatedDhGroup string
    The negotiated Diffie-Hellman group.
    negotiatedEncryptionAlgorithm string
    The negotiated encryption algorithm.
    remainingLifetime string

    Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

    remainingLifetimeInt number
    The remaining lifetime before the key is refreshed.
    remainingLifetimeLastRetrieved string
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    custom_authentication_algorithm str
    The authentication algorithm proposed during phase two tunnel negotiation.
    custom_dh_group str
    The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
    custom_encryption_algorithm str
    The encryption algorithm proposed during phase two tunnel negotiation.
    is_custom_phase_one_config bool
    Indicates whether custom configuration is enabled for phase one options.
    is_ike_established bool
    Indicates whether IKE phase one is established.
    lifetime int
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiated_authentication_algorithm str
    The negotiated phase two authentication algorithm.
    negotiated_dh_group str
    The negotiated Diffie-Hellman group.
    negotiated_encryption_algorithm str
    The negotiated encryption algorithm.
    remaining_lifetime str

    Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

    remaining_lifetime_int int
    The remaining lifetime before the key is refreshed.
    remaining_lifetime_last_retrieved str
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    customAuthenticationAlgorithm String
    The authentication algorithm proposed during phase two tunnel negotiation.
    customDhGroup String
    The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
    customEncryptionAlgorithm String
    The encryption algorithm proposed during phase two tunnel negotiation.
    isCustomPhaseOneConfig Boolean
    Indicates whether custom configuration is enabled for phase one options.
    isIkeEstablished Boolean
    Indicates whether IKE phase one is established.
    lifetime Number
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiatedAuthenticationAlgorithm String
    The negotiated phase two authentication algorithm.
    negotiatedDhGroup String
    The negotiated Diffie-Hellman group.
    negotiatedEncryptionAlgorithm String
    The negotiated encryption algorithm.
    remainingLifetime String

    Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

    remainingLifetimeInt Number
    The remaining lifetime before the key is refreshed.
    remainingLifetimeLastRetrieved String
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

    IpsecConnectionTunnelManagementPhaseTwoDetail, IpsecConnectionTunnelManagementPhaseTwoDetailArgs

    CustomAuthenticationAlgorithm string
    The authentication algorithm proposed during phase two tunnel negotiation.
    CustomEncryptionAlgorithm string
    The encryption algorithm proposed during phase two tunnel negotiation.
    DhGroup string
    The Diffie-Hellman group used for PFS, if PFS is enabled.
    IsCustomPhaseTwoConfig bool
    Indicates whether custom configuration is enabled for phase two options.
    IsEspEstablished bool
    Indicates that ESP phase two is established.
    IsPfsEnabled bool
    Indicates whether perfect forward secrecy (PFS) is enabled.
    Lifetime int
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    NegotiatedAuthenticationAlgorithm string
    The negotiated phase two authentication algorithm.
    NegotiatedDhGroup string
    The negotiated Diffie-Hellman group.
    NegotiatedEncryptionAlgorithm string
    The negotiated encryption algorithm.
    RemainingLifetime string

    Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

    RemainingLifetimeInt int
    The remaining lifetime before the key is refreshed.
    RemainingLifetimeLastRetrieved string
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    CustomAuthenticationAlgorithm string
    The authentication algorithm proposed during phase two tunnel negotiation.
    CustomEncryptionAlgorithm string
    The encryption algorithm proposed during phase two tunnel negotiation.
    DhGroup string
    The Diffie-Hellman group used for PFS, if PFS is enabled.
    IsCustomPhaseTwoConfig bool
    Indicates whether custom configuration is enabled for phase two options.
    IsEspEstablished bool
    Indicates that ESP phase two is established.
    IsPfsEnabled bool
    Indicates whether perfect forward secrecy (PFS) is enabled.
    Lifetime int
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    NegotiatedAuthenticationAlgorithm string
    The negotiated phase two authentication algorithm.
    NegotiatedDhGroup string
    The negotiated Diffie-Hellman group.
    NegotiatedEncryptionAlgorithm string
    The negotiated encryption algorithm.
    RemainingLifetime string

    Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

    RemainingLifetimeInt int
    The remaining lifetime before the key is refreshed.
    RemainingLifetimeLastRetrieved string
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    customAuthenticationAlgorithm String
    The authentication algorithm proposed during phase two tunnel negotiation.
    customEncryptionAlgorithm String
    The encryption algorithm proposed during phase two tunnel negotiation.
    dhGroup String
    The Diffie-Hellman group used for PFS, if PFS is enabled.
    isCustomPhaseTwoConfig Boolean
    Indicates whether custom configuration is enabled for phase two options.
    isEspEstablished Boolean
    Indicates that ESP phase two is established.
    isPfsEnabled Boolean
    Indicates whether perfect forward secrecy (PFS) is enabled.
    lifetime Integer
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiatedAuthenticationAlgorithm String
    The negotiated phase two authentication algorithm.
    negotiatedDhGroup String
    The negotiated Diffie-Hellman group.
    negotiatedEncryptionAlgorithm String
    The negotiated encryption algorithm.
    remainingLifetime String

    Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

    remainingLifetimeInt Integer
    The remaining lifetime before the key is refreshed.
    remainingLifetimeLastRetrieved String
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    customAuthenticationAlgorithm string
    The authentication algorithm proposed during phase two tunnel negotiation.
    customEncryptionAlgorithm string
    The encryption algorithm proposed during phase two tunnel negotiation.
    dhGroup string
    The Diffie-Hellman group used for PFS, if PFS is enabled.
    isCustomPhaseTwoConfig boolean
    Indicates whether custom configuration is enabled for phase two options.
    isEspEstablished boolean
    Indicates that ESP phase two is established.
    isPfsEnabled boolean
    Indicates whether perfect forward secrecy (PFS) is enabled.
    lifetime number
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiatedAuthenticationAlgorithm string
    The negotiated phase two authentication algorithm.
    negotiatedDhGroup string
    The negotiated Diffie-Hellman group.
    negotiatedEncryptionAlgorithm string
    The negotiated encryption algorithm.
    remainingLifetime string

    Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

    remainingLifetimeInt number
    The remaining lifetime before the key is refreshed.
    remainingLifetimeLastRetrieved string
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    custom_authentication_algorithm str
    The authentication algorithm proposed during phase two tunnel negotiation.
    custom_encryption_algorithm str
    The encryption algorithm proposed during phase two tunnel negotiation.
    dh_group str
    The Diffie-Hellman group used for PFS, if PFS is enabled.
    is_custom_phase_two_config bool
    Indicates whether custom configuration is enabled for phase two options.
    is_esp_established bool
    Indicates that ESP phase two is established.
    is_pfs_enabled bool
    Indicates whether perfect forward secrecy (PFS) is enabled.
    lifetime int
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiated_authentication_algorithm str
    The negotiated phase two authentication algorithm.
    negotiated_dh_group str
    The negotiated Diffie-Hellman group.
    negotiated_encryption_algorithm str
    The negotiated encryption algorithm.
    remaining_lifetime str

    Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

    remaining_lifetime_int int
    The remaining lifetime before the key is refreshed.
    remaining_lifetime_last_retrieved str
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
    customAuthenticationAlgorithm String
    The authentication algorithm proposed during phase two tunnel negotiation.
    customEncryptionAlgorithm String
    The encryption algorithm proposed during phase two tunnel negotiation.
    dhGroup String
    The Diffie-Hellman group used for PFS, if PFS is enabled.
    isCustomPhaseTwoConfig Boolean
    Indicates whether custom configuration is enabled for phase two options.
    isEspEstablished Boolean
    Indicates that ESP phase two is established.
    isPfsEnabled Boolean
    Indicates whether perfect forward secrecy (PFS) is enabled.
    lifetime Number
    Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
    negotiatedAuthenticationAlgorithm String
    The negotiated phase two authentication algorithm.
    negotiatedDhGroup String
    The negotiated Diffie-Hellman group.
    negotiatedEncryptionAlgorithm String
    The negotiated encryption algorithm.
    remainingLifetime String

    Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

    remainingLifetimeInt Number
    The remaining lifetime before the key is refreshed.
    remainingLifetimeLastRetrieved String
    The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v1.31.0 published on Wednesday, Apr 10, 2024 by Pulumi