vcd 3.14.1, Apr 14 25

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

vcd.NsxtIpsecVpnTunnel

Explore with Pulumi AI

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

Create NsxtIpsecVpnTunnel Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new NsxtIpsecVpnTunnel(name: string, args: NsxtIpsecVpnTunnelArgs, opts?: CustomResourceOptions);

@overload
def NsxtIpsecVpnTunnel(resource_name: str,
                       args: NsxtIpsecVpnTunnelArgs,
                       opts: Optional[ResourceOptions] = None)

@overload
def NsxtIpsecVpnTunnel(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       pre_shared_key: Optional[str] = None,
                       local_ip_address: Optional[str] = None,
                       remote_ip_address: Optional[str] = None,
                       local_networks: Optional[Sequence[str]] = None,
                       edge_gateway_id: Optional[str] = None,
                       nsxt_ipsec_vpn_tunnel_id: Optional[str] = None,
                       enabled: Optional[bool] = None,
                       description: Optional[str] = None,
                       ca_certificate_id: Optional[str] = None,
                       logging: Optional[bool] = None,
                       name: Optional[str] = None,
                       org: Optional[str] = None,
                       authentication_mode: Optional[str] = None,
                       remote_id: Optional[str] = None,
                       certificate_id: Optional[str] = None,
                       remote_networks: Optional[Sequence[str]] = None,
                       security_profile_customization: Optional[NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs] = None,
                       vdc: Optional[str] = None)

func NewNsxtIpsecVpnTunnel(ctx *Context, name string, args NsxtIpsecVpnTunnelArgs, opts ...ResourceOption) (*NsxtIpsecVpnTunnel, error)

public NsxtIpsecVpnTunnel(string name, NsxtIpsecVpnTunnelArgs args, CustomResourceOptions? opts = null)

public NsxtIpsecVpnTunnel(String name, NsxtIpsecVpnTunnelArgs args)
public NsxtIpsecVpnTunnel(String name, NsxtIpsecVpnTunnelArgs args, CustomResourceOptions options)

type: vcd:NsxtIpsecVpnTunnel
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args NsxtIpsecVpnTunnelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args NsxtIpsecVpnTunnelArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NsxtIpsecVpnTunnelArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NsxtIpsecVpnTunnelArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args NsxtIpsecVpnTunnelArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var nsxtIpsecVpnTunnelResource = new Vcd.NsxtIpsecVpnTunnel("nsxtIpsecVpnTunnelResource", new()
{
    PreSharedKey = "string",
    LocalIpAddress = "string",
    RemoteIpAddress = "string",
    LocalNetworks = new[]
    {
        "string",
    },
    EdgeGatewayId = "string",
    NsxtIpsecVpnTunnelId = "string",
    Enabled = false,
    Description = "string",
    CaCertificateId = "string",
    Logging = false,
    Name = "string",
    Org = "string",
    AuthenticationMode = "string",
    RemoteId = "string",
    CertificateId = "string",
    RemoteNetworks = new[]
    {
        "string",
    },
    SecurityProfileCustomization = new Vcd.Inputs.NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs
    {
        IkeDhGroups = new[]
        {
            "string",
        },
        IkeEncryptionAlgorithms = new[]
        {
            "string",
        },
        IkeVersion = "string",
        TunnelDhGroups = new[]
        {
            "string",
        },
        TunnelEncryptionAlgorithms = new[]
        {
            "string",
        },
        DpdProbeInternal = 0,
        IkeDigestAlgorithms = new[]
        {
            "string",
        },
        IkeSaLifetime = 0,
        TunnelDfPolicy = "string",
        TunnelDigestAlgorithms = new[]
        {
            "string",
        },
        TunnelPfsEnabled = false,
        TunnelSaLifetime = 0,
    },
});

example, err := vcd.NewNsxtIpsecVpnTunnel(ctx, "nsxtIpsecVpnTunnelResource", &vcd.NsxtIpsecVpnTunnelArgs{
	PreSharedKey:    pulumi.String("string"),
	LocalIpAddress:  pulumi.String("string"),
	RemoteIpAddress: pulumi.String("string"),
	LocalNetworks: pulumi.StringArray{
		pulumi.String("string"),
	},
	EdgeGatewayId:        pulumi.String("string"),
	NsxtIpsecVpnTunnelId: pulumi.String("string"),
	Enabled:              pulumi.Bool(false),
	Description:          pulumi.String("string"),
	CaCertificateId:      pulumi.String("string"),
	Logging:              pulumi.Bool(false),
	Name:                 pulumi.String("string"),
	Org:                  pulumi.String("string"),
	AuthenticationMode:   pulumi.String("string"),
	RemoteId:             pulumi.String("string"),
	CertificateId:        pulumi.String("string"),
	RemoteNetworks: pulumi.StringArray{
		pulumi.String("string"),
	},
	SecurityProfileCustomization: &vcd.NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs{
		IkeDhGroups: pulumi.StringArray{
			pulumi.String("string"),
		},
		IkeEncryptionAlgorithms: pulumi.StringArray{
			pulumi.String("string"),
		},
		IkeVersion: pulumi.String("string"),
		TunnelDhGroups: pulumi.StringArray{
			pulumi.String("string"),
		},
		TunnelEncryptionAlgorithms: pulumi.StringArray{
			pulumi.String("string"),
		},
		DpdProbeInternal: pulumi.Float64(0),
		IkeDigestAlgorithms: pulumi.StringArray{
			pulumi.String("string"),
		},
		IkeSaLifetime:  pulumi.Float64(0),
		TunnelDfPolicy: pulumi.String("string"),
		TunnelDigestAlgorithms: pulumi.StringArray{
			pulumi.String("string"),
		},
		TunnelPfsEnabled: pulumi.Bool(false),
		TunnelSaLifetime: pulumi.Float64(0),
	},
})

var nsxtIpsecVpnTunnelResource = new NsxtIpsecVpnTunnel("nsxtIpsecVpnTunnelResource", NsxtIpsecVpnTunnelArgs.builder()
    .preSharedKey("string")
    .localIpAddress("string")
    .remoteIpAddress("string")
    .localNetworks("string")
    .edgeGatewayId("string")
    .nsxtIpsecVpnTunnelId("string")
    .enabled(false)
    .description("string")
    .caCertificateId("string")
    .logging(false)
    .name("string")
    .org("string")
    .authenticationMode("string")
    .remoteId("string")
    .certificateId("string")
    .remoteNetworks("string")
    .securityProfileCustomization(NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs.builder()
        .ikeDhGroups("string")
        .ikeEncryptionAlgorithms("string")
        .ikeVersion("string")
        .tunnelDhGroups("string")
        .tunnelEncryptionAlgorithms("string")
        .dpdProbeInternal(0)
        .ikeDigestAlgorithms("string")
        .ikeSaLifetime(0)
        .tunnelDfPolicy("string")
        .tunnelDigestAlgorithms("string")
        .tunnelPfsEnabled(false)
        .tunnelSaLifetime(0)
        .build())
    .build());

nsxt_ipsec_vpn_tunnel_resource = vcd.NsxtIpsecVpnTunnel("nsxtIpsecVpnTunnelResource",
    pre_shared_key="string",
    local_ip_address="string",
    remote_ip_address="string",
    local_networks=["string"],
    edge_gateway_id="string",
    nsxt_ipsec_vpn_tunnel_id="string",
    enabled=False,
    description="string",
    ca_certificate_id="string",
    logging=False,
    name="string",
    org="string",
    authentication_mode="string",
    remote_id="string",
    certificate_id="string",
    remote_networks=["string"],
    security_profile_customization={
        "ike_dh_groups": ["string"],
        "ike_encryption_algorithms": ["string"],
        "ike_version": "string",
        "tunnel_dh_groups": ["string"],
        "tunnel_encryption_algorithms": ["string"],
        "dpd_probe_internal": 0,
        "ike_digest_algorithms": ["string"],
        "ike_sa_lifetime": 0,
        "tunnel_df_policy": "string",
        "tunnel_digest_algorithms": ["string"],
        "tunnel_pfs_enabled": False,
        "tunnel_sa_lifetime": 0,
    })

const nsxtIpsecVpnTunnelResource = new vcd.NsxtIpsecVpnTunnel("nsxtIpsecVpnTunnelResource", {
    preSharedKey: "string",
    localIpAddress: "string",
    remoteIpAddress: "string",
    localNetworks: ["string"],
    edgeGatewayId: "string",
    nsxtIpsecVpnTunnelId: "string",
    enabled: false,
    description: "string",
    caCertificateId: "string",
    logging: false,
    name: "string",
    org: "string",
    authenticationMode: "string",
    remoteId: "string",
    certificateId: "string",
    remoteNetworks: ["string"],
    securityProfileCustomization: {
        ikeDhGroups: ["string"],
        ikeEncryptionAlgorithms: ["string"],
        ikeVersion: "string",
        tunnelDhGroups: ["string"],
        tunnelEncryptionAlgorithms: ["string"],
        dpdProbeInternal: 0,
        ikeDigestAlgorithms: ["string"],
        ikeSaLifetime: 0,
        tunnelDfPolicy: "string",
        tunnelDigestAlgorithms: ["string"],
        tunnelPfsEnabled: false,
        tunnelSaLifetime: 0,
    },
});

type: vcd:NsxtIpsecVpnTunnel
properties:
    authenticationMode: string
    caCertificateId: string
    certificateId: string
    description: string
    edgeGatewayId: string
    enabled: false
    localIpAddress: string
    localNetworks:
        - string
    logging: false
    name: string
    nsxtIpsecVpnTunnelId: string
    org: string
    preSharedKey: string
    remoteId: string
    remoteIpAddress: string
    remoteNetworks:
        - string
    securityProfileCustomization:
        dpdProbeInternal: 0
        ikeDhGroups:
            - string
        ikeDigestAlgorithms:
            - string
        ikeEncryptionAlgorithms:
            - string
        ikeSaLifetime: 0
        ikeVersion: string
        tunnelDfPolicy: string
        tunnelDhGroups:
            - string
        tunnelDigestAlgorithms:
            - string
        tunnelEncryptionAlgorithms:
            - string
        tunnelPfsEnabled: false
        tunnelSaLifetime: 0

NsxtIpsecVpnTunnel Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The NsxtIpsecVpnTunnel resource accepts the following input properties:

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

LocalIpAddress string

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

LocalNetworks List<string>

A set of local networks in CIDR format. At least one value required

PreSharedKey string

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

RemoteIpAddress string

Public IPv4 Address of the remote device terminating the VPN connection

AuthenticationMode string

PSK (pre-shared key) or CERTIFICATE (default - PSK)

CaCertificateId string

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

CertificateId string

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

Description string

An optional description of the NSX-T IPsec VPN Tunnel

Enabled bool

Enables or disables IPsec VPN Tunnel (default true)

Logging bool

Sets whether logging for the tunnel is enabled or not. (default - false)

Name string

A name for NSX-T IPsec VPN Tunnel

NsxtIpsecVpnTunnelId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

RemoteId string

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

RemoteNetworks List<string>

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

SecurityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomization

a block allowing to customize default security profile parameters

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

LocalIpAddress string

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

LocalNetworks []string

A set of local networks in CIDR format. At least one value required

PreSharedKey string

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

RemoteIpAddress string

Public IPv4 Address of the remote device terminating the VPN connection

AuthenticationMode string

PSK (pre-shared key) or CERTIFICATE (default - PSK)

CaCertificateId string

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

CertificateId string

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

Description string

An optional description of the NSX-T IPsec VPN Tunnel

Enabled bool

Enables or disables IPsec VPN Tunnel (default true)

Logging bool

Sets whether logging for the tunnel is enabled or not. (default - false)

Name string

A name for NSX-T IPsec VPN Tunnel

NsxtIpsecVpnTunnelId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

RemoteId string

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

RemoteNetworks []string

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

SecurityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs

a block allowing to customize default security profile parameters

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

localIpAddress String

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

localNetworks List<String>

A set of local networks in CIDR format. At least one value required

preSharedKey String

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remoteIpAddress String

Public IPv4 Address of the remote device terminating the VPN connection

authenticationMode String

PSK (pre-shared key) or CERTIFICATE (default - PSK)

caCertificateId String

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificateId String

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description String

An optional description of the NSX-T IPsec VPN Tunnel

enabled Boolean

Enables or disables IPsec VPN Tunnel (default true)

logging Boolean

Sets whether logging for the tunnel is enabled or not. (default - false)

name String

A name for NSX-T IPsec VPN Tunnel

nsxtIpsecVpnTunnelId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

remoteId String

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remoteNetworks List<String>

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

securityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomization

a block allowing to customize default security profile parameters

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

localIpAddress string

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

localNetworks string[]

A set of local networks in CIDR format. At least one value required

preSharedKey string

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remoteIpAddress string

Public IPv4 Address of the remote device terminating the VPN connection

authenticationMode string

PSK (pre-shared key) or CERTIFICATE (default - PSK)

caCertificateId string

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificateId string

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description string

An optional description of the NSX-T IPsec VPN Tunnel

enabled boolean

Enables or disables IPsec VPN Tunnel (default true)

logging boolean

Sets whether logging for the tunnel is enabled or not. (default - false)

name string

A name for NSX-T IPsec VPN Tunnel

nsxtIpsecVpnTunnelId string

org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

remoteId string

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remoteNetworks string[]

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

securityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomization

a block allowing to customize default security profile parameters

vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edge_gateway_id str

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

local_ip_address str

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

local_networks Sequence[str]

A set of local networks in CIDR format. At least one value required

pre_shared_key str

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remote_ip_address str

Public IPv4 Address of the remote device terminating the VPN connection

authentication_mode str

PSK (pre-shared key) or CERTIFICATE (default - PSK)

ca_certificate_id str

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificate_id str

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description str

An optional description of the NSX-T IPsec VPN Tunnel

enabled bool

Enables or disables IPsec VPN Tunnel (default true)

logging bool

Sets whether logging for the tunnel is enabled or not. (default - false)

name str

A name for NSX-T IPsec VPN Tunnel

nsxt_ipsec_vpn_tunnel_id str

org str

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

remote_id str

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remote_networks Sequence[str]

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

security_profile_customization NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs

a block allowing to customize default security profile parameters

vdc str

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

localIpAddress String

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

localNetworks List<String>

A set of local networks in CIDR format. At least one value required

preSharedKey String

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remoteIpAddress String

Public IPv4 Address of the remote device terminating the VPN connection

authenticationMode String

PSK (pre-shared key) or CERTIFICATE (default - PSK)

caCertificateId String

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificateId String

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description String

An optional description of the NSX-T IPsec VPN Tunnel

enabled Boolean

Enables or disables IPsec VPN Tunnel (default true)

logging Boolean

Sets whether logging for the tunnel is enabled or not. (default - false)

name String

A name for NSX-T IPsec VPN Tunnel

nsxtIpsecVpnTunnelId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

remoteId String

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remoteNetworks List<String>

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

securityProfileCustomization Property Map

a block allowing to customize default security profile parameters

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

Outputs

All input properties are implicitly available as output properties. Additionally, the NsxtIpsecVpnTunnel resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
IkeFailReason string: Provides more details of failure if the IKE service is not UP
IkeServiceStatus string: Status for the actual IKE Session for the given tunnel
SecurityProfile string: DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set
Status string: Overall IPsec VPN Tunnel Status

Id string: The provider-assigned unique ID for this managed resource.
IkeFailReason string: Provides more details of failure if the IKE service is not UP
IkeServiceStatus string: Status for the actual IKE Session for the given tunnel
SecurityProfile string: DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set
Status string: Overall IPsec VPN Tunnel Status

id String: The provider-assigned unique ID for this managed resource.
ikeFailReason String: Provides more details of failure if the IKE service is not UP
ikeServiceStatus String: Status for the actual IKE Session for the given tunnel
securityProfile String: DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set
status String: Overall IPsec VPN Tunnel Status

id string: The provider-assigned unique ID for this managed resource.
ikeFailReason string: Provides more details of failure if the IKE service is not UP
ikeServiceStatus string: Status for the actual IKE Session for the given tunnel
securityProfile string: DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set
status string: Overall IPsec VPN Tunnel Status

id str: The provider-assigned unique ID for this managed resource.
ike_fail_reason str: Provides more details of failure if the IKE service is not UP
ike_service_status str: Status for the actual IKE Session for the given tunnel
security_profile str: DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set
status str: Overall IPsec VPN Tunnel Status

id String: The provider-assigned unique ID for this managed resource.
ikeFailReason String: Provides more details of failure if the IKE service is not UP
ikeServiceStatus String: Status for the actual IKE Session for the given tunnel
securityProfile String: DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set
status String: Overall IPsec VPN Tunnel Status

Look up Existing NsxtIpsecVpnTunnel Resource

Get an existing NsxtIpsecVpnTunnel resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NsxtIpsecVpnTunnelState, opts?: CustomResourceOptions): NsxtIpsecVpnTunnel

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authentication_mode: Optional[str] = None,
        ca_certificate_id: Optional[str] = None,
        certificate_id: Optional[str] = None,
        description: Optional[str] = None,
        edge_gateway_id: Optional[str] = None,
        enabled: Optional[bool] = None,
        ike_fail_reason: Optional[str] = None,
        ike_service_status: Optional[str] = None,
        local_ip_address: Optional[str] = None,
        local_networks: Optional[Sequence[str]] = None,
        logging: Optional[bool] = None,
        name: Optional[str] = None,
        nsxt_ipsec_vpn_tunnel_id: Optional[str] = None,
        org: Optional[str] = None,
        pre_shared_key: Optional[str] = None,
        remote_id: Optional[str] = None,
        remote_ip_address: Optional[str] = None,
        remote_networks: Optional[Sequence[str]] = None,
        security_profile: Optional[str] = None,
        security_profile_customization: Optional[NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs] = None,
        status: Optional[str] = None,
        vdc: Optional[str] = None) -> NsxtIpsecVpnTunnel

func GetNsxtIpsecVpnTunnel(ctx *Context, name string, id IDInput, state *NsxtIpsecVpnTunnelState, opts ...ResourceOption) (*NsxtIpsecVpnTunnel, error)

public static NsxtIpsecVpnTunnel Get(string name, Input<string> id, NsxtIpsecVpnTunnelState? state, CustomResourceOptions? opts = null)

public static NsxtIpsecVpnTunnel get(String name, Output<String> id, NsxtIpsecVpnTunnelState state, CustomResourceOptions options)

resources:  _:    type: vcd:NsxtIpsecVpnTunnel    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthenticationMode string

PSK (pre-shared key) or CERTIFICATE (default - PSK)

CaCertificateId string

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

CertificateId string

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

Description string

An optional description of the NSX-T IPsec VPN Tunnel

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

Enabled bool

Enables or disables IPsec VPN Tunnel (default true)

IkeFailReason string

Provides more details of failure if the IKE service is not UP

IkeServiceStatus string

Status for the actual IKE Session for the given tunnel

LocalIpAddress string

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

LocalNetworks List<string>

A set of local networks in CIDR format. At least one value required

Logging bool

Sets whether logging for the tunnel is enabled or not. (default - false)

Name string

A name for NSX-T IPsec VPN Tunnel

NsxtIpsecVpnTunnelId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

PreSharedKey string

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

RemoteId string

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

RemoteIpAddress string

Public IPv4 Address of the remote device terminating the VPN connection

RemoteNetworks List<string>

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

SecurityProfile string

DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set

SecurityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomization

a block allowing to customize default security profile parameters

Status string

Overall IPsec VPN Tunnel Status

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

AuthenticationMode string

PSK (pre-shared key) or CERTIFICATE (default - PSK)

CaCertificateId string

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

CertificateId string

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

Description string

An optional description of the NSX-T IPsec VPN Tunnel

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

Enabled bool

Enables or disables IPsec VPN Tunnel (default true)

IkeFailReason string

Provides more details of failure if the IKE service is not UP

IkeServiceStatus string

Status for the actual IKE Session for the given tunnel

LocalIpAddress string

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

LocalNetworks []string

A set of local networks in CIDR format. At least one value required

Logging bool

Sets whether logging for the tunnel is enabled or not. (default - false)

Name string

A name for NSX-T IPsec VPN Tunnel

NsxtIpsecVpnTunnelId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

PreSharedKey string

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

RemoteId string

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

RemoteIpAddress string

Public IPv4 Address of the remote device terminating the VPN connection

RemoteNetworks []string

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

SecurityProfile string

DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set

SecurityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs

a block allowing to customize default security profile parameters

Status string

Overall IPsec VPN Tunnel Status

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

authenticationMode String

PSK (pre-shared key) or CERTIFICATE (default - PSK)

caCertificateId String

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificateId String

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description String

An optional description of the NSX-T IPsec VPN Tunnel

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled Boolean

Enables or disables IPsec VPN Tunnel (default true)

ikeFailReason String

Provides more details of failure if the IKE service is not UP

ikeServiceStatus String

Status for the actual IKE Session for the given tunnel

localIpAddress String

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

localNetworks List<String>

A set of local networks in CIDR format. At least one value required

logging Boolean

Sets whether logging for the tunnel is enabled or not. (default - false)

name String

A name for NSX-T IPsec VPN Tunnel

nsxtIpsecVpnTunnelId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

preSharedKey String

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remoteId String

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remoteIpAddress String

Public IPv4 Address of the remote device terminating the VPN connection

remoteNetworks List<String>

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

securityProfile String

DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set

securityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomization

a block allowing to customize default security profile parameters

status String

Overall IPsec VPN Tunnel Status

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

authenticationMode string

PSK (pre-shared key) or CERTIFICATE (default - PSK)

caCertificateId string

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificateId string

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description string

An optional description of the NSX-T IPsec VPN Tunnel

edgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled boolean

Enables or disables IPsec VPN Tunnel (default true)

ikeFailReason string

Provides more details of failure if the IKE service is not UP

ikeServiceStatus string

Status for the actual IKE Session for the given tunnel

localIpAddress string

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

localNetworks string[]

A set of local networks in CIDR format. At least one value required

logging boolean

Sets whether logging for the tunnel is enabled or not. (default - false)

name string

A name for NSX-T IPsec VPN Tunnel

nsxtIpsecVpnTunnelId string

org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

preSharedKey string

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remoteId string

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remoteIpAddress string

Public IPv4 Address of the remote device terminating the VPN connection

remoteNetworks string[]

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

securityProfile string

DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set

securityProfileCustomization NsxtIpsecVpnTunnelSecurityProfileCustomization

a block allowing to customize default security profile parameters

status string

Overall IPsec VPN Tunnel Status

vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

authentication_mode str

PSK (pre-shared key) or CERTIFICATE (default - PSK)

ca_certificate_id str

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificate_id str

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description str

An optional description of the NSX-T IPsec VPN Tunnel

edge_gateway_id str

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled bool

Enables or disables IPsec VPN Tunnel (default true)

ike_fail_reason str

Provides more details of failure if the IKE service is not UP

ike_service_status str

Status for the actual IKE Session for the given tunnel

local_ip_address str

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

local_networks Sequence[str]

A set of local networks in CIDR format. At least one value required

logging bool

Sets whether logging for the tunnel is enabled or not. (default - false)

name str

A name for NSX-T IPsec VPN Tunnel

nsxt_ipsec_vpn_tunnel_id str

org str

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

pre_shared_key str

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remote_id str

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remote_ip_address str

Public IPv4 Address of the remote device terminating the VPN connection

remote_networks Sequence[str]

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

security_profile str

DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set

security_profile_customization NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs

a block allowing to customize default security profile parameters

status str

Overall IPsec VPN Tunnel Status

vdc str

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

authenticationMode String

PSK (pre-shared key) or CERTIFICATE (default - PSK)

caCertificateId String

CA Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource) Note authentication_mode must be set to CERTIFICATE

certificateId String

Certificate ID (can be handled by vcd.LibraryCertificate resource or datasource). Note authentication_mode must be set to CERTIFICATE

description String

An optional description of the NSX-T IPsec VPN Tunnel

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled Boolean

Enables or disables IPsec VPN Tunnel (default true)

ikeFailReason String

Provides more details of failure if the IKE service is not UP

ikeServiceStatus String

Status for the actual IKE Session for the given tunnel

localIpAddress String

IPv4 Address for the endpoint. This has to be a suballocated IP on the Edge Gateway.

localNetworks List<String>

A set of local networks in CIDR format. At least one value required

logging Boolean

Sets whether logging for the tunnel is enabled or not. (default - false)

name String

A name for NSX-T IPsec VPN Tunnel

nsxtIpsecVpnTunnelId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

preSharedKey String

Pre-shared key for negotiation. Note the pre-shared key must be the same on the other end of the IPSec VPN tunnel and authentication_mode must be PSK

remoteId String

Remote ID uniquely identifies the peer site. If the remote ID is not set, it will default to the remote IP address

remoteIpAddress String

Public IPv4 Address of the remote device terminating the VPN connection

remoteNetworks List<String>

Set of remote networks in CIDR format. Leaving it empty is interpreted as 0.0.0.0/0

securityProfile String

DEFAULT for system provided configuration or CUSTOM if security_profile_customization is set

securityProfileCustomization Property Map

a block allowing to customize default security profile parameters

status String

Overall IPsec VPN Tunnel Status

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

Supporting Types

NsxtIpsecVpnTunnelSecurityProfileCustomization, NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs

IkeDhGroups List<string>: Diffie-Hellman groups to be used if Perfect Forward Secrecy is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
IkeEncryptionAlgorithms List<string>: Encryption algorithms. One of SHA1, SHA2_256, SHA2_384, SHA2_512
IkeVersion string: IKE version one of IKE_V1, IKE_V2, IKE_FLEX
TunnelDhGroups List<string>: Diffie-Hellman groups to be used is PFS is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
TunnelEncryptionAlgorithms List<string>: Encryption algorithms to use in IPSec tunnel establishment. One of AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION
DpdProbeInternal double: Value in seconds of dead probe detection interval. Minimum is 3 seconds and the maximum is 60 seconds
IkeDigestAlgorithms List<string>: Secure hashing algorithms to use during the IKE negotiation. One of SHA1, SHA2_256, SHA2_384, SHA2_512
IkeSaLifetime double: Security Association life time (in seconds). It is number of seconds before the IPsec tunnel needs to reestablish
TunnelDfPolicy string: Policy for handling defragmentation bit. One of COPY, CLEAR
TunnelDigestAlgorithms List<string>: Digest algorithms to be used for message digest. One of SHA1, SHA2_256, SHA2_384, SHA2_512
TunnelPfsEnabled bool: Perfect Forward Secrecy Enabled or Disabled. Default (enabled)
TunnelSaLifetime double: Security Association life time (in seconds)

IkeDhGroups []string: Diffie-Hellman groups to be used if Perfect Forward Secrecy is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
IkeEncryptionAlgorithms []string: Encryption algorithms. One of SHA1, SHA2_256, SHA2_384, SHA2_512
IkeVersion string: IKE version one of IKE_V1, IKE_V2, IKE_FLEX
TunnelDhGroups []string: Diffie-Hellman groups to be used is PFS is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
TunnelEncryptionAlgorithms []string: Encryption algorithms to use in IPSec tunnel establishment. One of AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION
DpdProbeInternal float64: Value in seconds of dead probe detection interval. Minimum is 3 seconds and the maximum is 60 seconds
IkeDigestAlgorithms []string: Secure hashing algorithms to use during the IKE negotiation. One of SHA1, SHA2_256, SHA2_384, SHA2_512
IkeSaLifetime float64: Security Association life time (in seconds). It is number of seconds before the IPsec tunnel needs to reestablish
TunnelDfPolicy string: Policy for handling defragmentation bit. One of COPY, CLEAR
TunnelDigestAlgorithms []string: Digest algorithms to be used for message digest. One of SHA1, SHA2_256, SHA2_384, SHA2_512
TunnelPfsEnabled bool: Perfect Forward Secrecy Enabled or Disabled. Default (enabled)
TunnelSaLifetime float64: Security Association life time (in seconds)

ikeDhGroups List<String>: Diffie-Hellman groups to be used if Perfect Forward Secrecy is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
ikeEncryptionAlgorithms List<String>: Encryption algorithms. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ikeVersion String: IKE version one of IKE_V1, IKE_V2, IKE_FLEX
tunnelDhGroups List<String>: Diffie-Hellman groups to be used is PFS is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
tunnelEncryptionAlgorithms List<String>: Encryption algorithms to use in IPSec tunnel establishment. One of AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION
dpdProbeInternal Double: Value in seconds of dead probe detection interval. Minimum is 3 seconds and the maximum is 60 seconds
ikeDigestAlgorithms List<String>: Secure hashing algorithms to use during the IKE negotiation. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ikeSaLifetime Double: Security Association life time (in seconds). It is number of seconds before the IPsec tunnel needs to reestablish
tunnelDfPolicy String: Policy for handling defragmentation bit. One of COPY, CLEAR
tunnelDigestAlgorithms List<String>: Digest algorithms to be used for message digest. One of SHA1, SHA2_256, SHA2_384, SHA2_512
tunnelPfsEnabled Boolean: Perfect Forward Secrecy Enabled or Disabled. Default (enabled)
tunnelSaLifetime Double: Security Association life time (in seconds)

ikeDhGroups string[]: Diffie-Hellman groups to be used if Perfect Forward Secrecy is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
ikeEncryptionAlgorithms string[]: Encryption algorithms. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ikeVersion string: IKE version one of IKE_V1, IKE_V2, IKE_FLEX
tunnelDhGroups string[]: Diffie-Hellman groups to be used is PFS is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
tunnelEncryptionAlgorithms string[]: Encryption algorithms to use in IPSec tunnel establishment. One of AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION
dpdProbeInternal number: Value in seconds of dead probe detection interval. Minimum is 3 seconds and the maximum is 60 seconds
ikeDigestAlgorithms string[]: Secure hashing algorithms to use during the IKE negotiation. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ikeSaLifetime number: Security Association life time (in seconds). It is number of seconds before the IPsec tunnel needs to reestablish
tunnelDfPolicy string: Policy for handling defragmentation bit. One of COPY, CLEAR
tunnelDigestAlgorithms string[]: Digest algorithms to be used for message digest. One of SHA1, SHA2_256, SHA2_384, SHA2_512
tunnelPfsEnabled boolean: Perfect Forward Secrecy Enabled or Disabled. Default (enabled)
tunnelSaLifetime number: Security Association life time (in seconds)

ike_dh_groups Sequence[str]: Diffie-Hellman groups to be used if Perfect Forward Secrecy is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
ike_encryption_algorithms Sequence[str]: Encryption algorithms. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ike_version str: IKE version one of IKE_V1, IKE_V2, IKE_FLEX
tunnel_dh_groups Sequence[str]: Diffie-Hellman groups to be used is PFS is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
tunnel_encryption_algorithms Sequence[str]: Encryption algorithms to use in IPSec tunnel establishment. One of AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION
dpd_probe_internal float: Value in seconds of dead probe detection interval. Minimum is 3 seconds and the maximum is 60 seconds
ike_digest_algorithms Sequence[str]: Secure hashing algorithms to use during the IKE negotiation. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ike_sa_lifetime float: Security Association life time (in seconds). It is number of seconds before the IPsec tunnel needs to reestablish
tunnel_df_policy str: Policy for handling defragmentation bit. One of COPY, CLEAR
tunnel_digest_algorithms Sequence[str]: Digest algorithms to be used for message digest. One of SHA1, SHA2_256, SHA2_384, SHA2_512
tunnel_pfs_enabled bool: Perfect Forward Secrecy Enabled or Disabled. Default (enabled)
tunnel_sa_lifetime float: Security Association life time (in seconds)

ikeDhGroups List<String>: Diffie-Hellman groups to be used if Perfect Forward Secrecy is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
ikeEncryptionAlgorithms List<String>: Encryption algorithms. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ikeVersion String: IKE version one of IKE_V1, IKE_V2, IKE_FLEX
tunnelDhGroups List<String>: Diffie-Hellman groups to be used is PFS is enabled. One of GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21
tunnelEncryptionAlgorithms List<String>: Encryption algorithms to use in IPSec tunnel establishment. One of AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION
dpdProbeInternal Number: Value in seconds of dead probe detection interval. Minimum is 3 seconds and the maximum is 60 seconds
ikeDigestAlgorithms List<String>: Secure hashing algorithms to use during the IKE negotiation. One of SHA1, SHA2_256, SHA2_384, SHA2_512
ikeSaLifetime Number: Security Association life time (in seconds). It is number of seconds before the IPsec tunnel needs to reestablish
tunnelDfPolicy String: Policy for handling defragmentation bit. One of COPY, CLEAR
tunnelDigestAlgorithms List<String>: Digest algorithms to be used for message digest. One of SHA1, SHA2_256, SHA2_384, SHA2_512
tunnelPfsEnabled Boolean: Perfect Forward Secrecy Enabled or Disabled. Default (enabled)
tunnelSaLifetime Number: Security Association life time (in seconds)

Package Details

Repository: vcd vmware/terraform-provider-vcd
License
Notes: This Pulumi package is based on the vcd Terraform Provider.

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

vmware/terraform-provider-vcd

vcd.NsxtIpsecVpnTunnel

On this page

On this page

Create NsxtIpsecVpnTunnel Resource

Constructor syntax

Parameters

Constructor example

NsxtIpsecVpnTunnel Resource Properties

Inputs

Outputs

Look up Existing NsxtIpsecVpnTunnel Resource

Supporting Types

NsxtIpsecVpnTunnelSecurityProfileCustomization, NsxtIpsecVpnTunnelSecurityProfileCustomizationArgs

Package Details

On this page

On this page