Skip to content

Crypto

Diagram

Diagram

Classes

configuration (iosxe.devices)

NameTypeConstraintMandatoryDefault Value
cryptoClass[crypto]No

crypto (iosxe.devices.configuration)

NameTypeConstraintMandatoryDefault Value
ipsec_profilesList[ipsec_profiles]No
ikev2_profilesList[ikev2_profiles]No
ikev2_keyringsList[ikev2_keyrings]No
ikev2_policiesList[ikev2_policies]No
ikev2_proposalsList[ikev2_proposals]No

ipsec_profiles (iosxe.devices.configuration.crypto)

NameTypeConstraintMandatoryDefault Value
nameStringYes
set_transform_setListStringNo
set_isakmp_profile_ikev2_profile_ikev2_profile_case_ikev2_profileStringNo

ikev2_profiles (iosxe.devices.configuration.crypto)

NameTypeConstraintMandatoryDefault Value
nameStringYes
authentication_local_pre_shareBooleantrue, falseNo
authentication_remote_pre_shareBooleantrue, falseNo
config_exchange_requestBooleantrue, falseNo
delete_modeChoiceall, attributesNo
descriptionStringNo
dpd_intervalIntegermin: 10, max: 3600No
dpd_queryChoiceon-demand, periodicNo
dpd_retryIntegermin: 2, max: 60No
identity_local_addressStringNo
identity_local_key_idStringNo
ivrfStringNo
keyring_localStringNo
match_address_local_ipStringNo
match_fvrfStringNo
match_fvrf_anyBooleantrue, falseNo
match_identity_remote_ipv4_addressesList[match_identity_remote_ipv4_addresses]No
match_identity_remote_ipv6_prefixesListStringNo
match_identity_remote_keysListStringNo
match_inbound_onlyBooleantrue, falseNo

ikev2_keyrings (iosxe.devices.configuration.crypto)

NameTypeConstraintMandatoryDefault Value
nameStringYes
peersList[peers]No

ikev2_policies (iosxe.devices.configuration.crypto)

NameTypeConstraintMandatoryDefault Value
nameStringYes
proposalsList[proposals]Yes
deviceStringNo
match_address_local_ipListStringNo
match_fvrfStringNo
match_fvrf_anyBooleantrue, falseNo
match_inbound_onlyBooleantrue, falseNo

ikev2_proposals (iosxe.devices.configuration.crypto)

NameTypeConstraintMandatoryDefault Value
nameStringYes
encryption_aes_cbc_128Booleantrue, falseNo
encryption_aes_cbc_192Booleantrue, falseNo
encryption_aes_cbc_256Booleantrue, falseNo
encryption_aes_gcm_128Booleantrue, falseNo
encryption_aes_gcm_256Booleantrue, falseNo
encryption_en_3desBooleantrue, falseNo
group_fifteenBooleantrue, falseNo
group_fourteenBooleantrue, falseNo
group_nineteenBooleantrue, falseNo
group_oneBooleantrue, falseNo
group_sixteenBooleantrue, falseNo
group_twentyBooleantrue, falseNo
group_twenty_fourBooleantrue, falseNo
group_twenty_oneBooleantrue, falseNo
group_twoBooleantrue, falseNo
integrity_md5Booleantrue, falseNo
integrity_sha1Booleantrue, falseNo
integrity_sha256Booleantrue, falseNo
integrity_sha384Booleantrue, falseNo
integrity_sha512Booleantrue, falseNo
prf_md5Booleantrue, falseNo
prf_sha1Booleantrue, falseNo
prf_sha256Booleantrue, falseNo
prf_sha384Booleantrue, falseNo
prf_sha512Booleantrue, falseNo

match_identity_remote_ipv4_addresses (iosxe.devices.configuration.crypto.ikev2_profiles)

NameTypeConstraintMandatoryDefault Value
addressStringYes
maskStringNo

peers (iosxe.devices.configuration.crypto.ikev2_keyrings)

NameTypeConstraintMandatoryDefault Value
nameStringYes
descriptionStringNo
hostnameStringNo
identity_addressStringNo
identity_email_domainStringNo
identity_email_nameStringNo
identity_fqdn_domainStringNo
identity_fqdn_nameStringNo
identity_key_idStringNo
ipv4_addressStringNo
ipv4_maskStringNo
ipv6_prefixStringNo
pre_shared_keyStringNo
pre_shared_key_encryptionChoice0, 6No
pre_shared_key_localStringNo
pre_shared_key_local_encryptionChoice0, 6No
pre_shared_key_remoteStringNo
pre_shared_key_remote_encryptionChoice0, 6No

proposals (iosxe.devices.configuration.crypto.ikev2_policies)

NameTypeConstraintMandatoryDefault Value
proposalsStringYes

Examples

iosxe:
devices:
- name: Device1
configuration:
crypto: