Crypto
Diagram
Classes
configuration (iosxe.devices)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
crypto | Class | [crypto] | No |
crypto (iosxe.devices.configuration)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ipsec_profiles | List | [ipsec_profiles] | No | |
ipsec_transform_sets | List | [ipsec_transform_sets] | No | |
ikev2 | Class | [ikev2] | No |
ipsec_profiles (iosxe.devices.configuration.crypto)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
set_transform_set | List | String | No | |
set_ikev2_profile | String | No | ||
set_isakmp_profile | String | No |
ipsec_transform_sets (iosxe.devices.configuration.crypto)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
esp | Choice | esp-3des , esp-aes , esp-des , esp-gcm , esp-gmac , esp-null , esp-seal | Yes | |
esp_hmac | Choice | esp-md5-hmac , esp-sha-hmac , esp-sha256-hmac , esp-sha384-hmac , esp-sha512-hmac | Yes | |
mode_tunnel | Boolean | true , false | No |
ikev2 (iosxe.devices.configuration.crypto)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
nat_keepalive | Integer | min: 5 , max: 3600 | No | |
dpd_interval | Integer | min: 10 , max: 3600 | No | |
dpd_query | Choice | on-demand , periodic | No | |
dpd_retry | Integer | min: 2 , max: 60 | No | |
profiles | List | [profiles] | No | |
keyrings | List | [keyrings] | No | |
policies | List | [policies] | No | |
proposals | List | [proposals] | No |
profiles (iosxe.devices.configuration.crypto.ikev2)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
authentication_local_pre_share | Boolean | true , false | No | |
authentication_remote_pre_share | Boolean | true , false | No | |
config_exchange_request | Boolean | true , false | No | |
description | String | No | ||
dpd_interval | Integer | min: 10 , max: 3600 | No | |
dpd_query | Choice | on-demand , periodic | No | |
dpd_retry | Integer | min: 2 , max: 60 | No | |
identity_local_address | String | No | ||
identity_local_key_id | String | No | ||
ivrf | String | No | ||
keyring_local | String | No | ||
match_address_local_ip | String | No | ||
match_fvrf | String | No | ||
match_fvrf_any | Boolean | true , false | No | |
match_identity_remote_ipv4_addresses | List | [match_identity_remote_ipv4_addresses] | No | |
match_identity_remote_ipv6_prefixes | List | String | No | |
match_identity_remote_keys | List | String | No | |
match_inbound_only | Boolean | true , false | No |
keyrings (iosxe.devices.configuration.crypto.ikev2)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
peers | List | [peers] | No |
policies (iosxe.devices.configuration.crypto.ikev2)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
proposals | List | [proposals] | Yes | |
device | String | No | ||
match_address_local_ip | List | String | No | |
match_fvrf | String | No | ||
match_fvrf_any | Boolean | true , false | No | |
match_inbound_only | Boolean | true , false | No |
proposals (iosxe.devices.configuration.crypto.ikev2)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
encryption | List | Choice[aes_cbc_128 , aes_cbc_192 , aes_cbc_256 , aes_gcm_128 , aes_gcm_256 , en_3des ] | No | |
group | List | Choice[1 , 2 , 14 , 15 , 16 , 19 , 20 , 21 , 24 ] | No | |
integrity | List | Choice[md5 , sha1 , sha256 , sha384 , sha512 ] | No | |
prf | List | Choice[md5 , sha1 , sha256 , sha384 , sha512 ] | No |
match_identity_remote_ipv4_addresses (iosxe.devices.configuration.crypto.ikev2.profiles)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
address | String | Yes | ||
mask | String | No |
peers (iosxe.devices.configuration.crypto.ikev2.keyrings)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Yes | ||
description | String | No | ||
hostname | String | No | ||
identity_address | String | No | ||
identity_email_domain | String | No | ||
identity_email_name | String | No | ||
identity_fqdn_domain | String | No | ||
identity_fqdn_name | String | No | ||
identity_key_id | String | No | ||
ipv4_address | String | No | ||
ipv4_mask | String | No | ||
ipv6_prefix | String | No | ||
pre_shared_key | String | No | ||
pre_shared_key_encryption | Choice | 0 , 6 | No | |
pre_shared_key_local | String | No | ||
pre_shared_key_local_encryption | Choice | 0 , 6 | No | |
pre_shared_key_remote | String | No | ||
pre_shared_key_remote_encryption | Choice | 0 , 6 | No |
proposals (iosxe.devices.configuration.crypto.ikev2.policies)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
proposals | String | Yes |
Examples
iosxe: devices: - name: Device1 configuration: crypto: ipsec_profiles: - name: vpn200 set_transform_set: [TEST] set_isakmp_profile_ikev2_profile_ikev2_profile_case_ikev2_profile: PROFILE1 ipsec_transform_sets: - name: TEST esp: esp-aes esp_hmac: esp-sha-hmac mode_tunnel: true ikev2: nat_keepalive: 20 dpd_interval: 10 dpd_query: periodic dpd_retry: 5 profiles: - name: PROFILE1 description: My description authentication_remote_pre_share: true authentication_local_pre_share: true identity_local_key_id: KEY1 match_address_local_ip: 1.2.3.4 match_fvrf_any: true match_identity_remote_ipv4_addresses: - address: 1.2.3.4 mask: 255.255.255.0 match_identity_remote_keys: [key1] keyring_local: KEYRING1 dpd_interval: 10 dpd_retry: 2 dpd_query: periodic config_exchange_request: false keyrings: - name: KEYRING1 peers: - name: PEER1 description: My description ipv4_address: 1.2.3.4 ipv4_mask: 255.255.255.248 identity_key_id: key1 pre_shared_key_local_encryption: "6" pre_shared_key_local: cisco123 pre_shared_key_remote_encryption: "6" pre_shared_key_remote: cisco123 - name: PEER2 description: temp hostname: gateway1 ipv6_prefix: 2001::1/128 identity_email_domain: cisco.com pre_shared_key_encryption: "6" pre_shared_key: cisco123 - name: PEER3 description: temp2 hostname: gateway4 ipv6_prefix: 2001::2/128 identity_email_name: abc policies: - name: POLICY1 proposals: - proposals: PROPOSAL1 match_address_local_ip: [1.2.3.4] match_fvrf_any: true proposals: - name: PROPOSAL1 encryption_aes_cbc_256: true group_sixteen: true integrity_sha256: true - name: PROPOSAL2 encryption_aes_gcm_256: true group_twenty: true integrity_sha384: true