Change the rekey time, anti-replay window, and authentication types for IPsec.
Diagram
Classes
system_profiles (sdwan.feature_profiles)
Name | Type | Constraint | Mandatory | Default Value |
---|
security | Class | [security] | No | |
security (sdwan.feature_profiles.system_profiles)
Name | Type | Constraint | Mandatory | Default Value |
---|
name | String | Regex: ^[^&<>! "]{1,128}$ | No | security |
description | String | | No | |
anti_replay_window | Choice | 64 , 128 , 256 , 512 , 1024 , 2048 , 4096 , 8192 | No | |
anti_replay_window_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
extended_anti_replay_window | Integer | min: 10 , max: 2048 | No | |
extended_anti_replay_window_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
integrity_types | List | Choice[esp , ip-udp-esp , none , ip-udp-esp-no-id ] | No | |
integrity_types_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ipsec_pairwise_keying | Boolean | true , false | No | |
ipsec_pairwise_keying_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
key_chains | List | [key_chains] | No | |
keys | List | [keys] | No | |
rekey_time | Integer | min: 10 , max: 1209600 | No | |
rekey_time_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
key_chains (sdwan.feature_profiles.system_profiles.security)
Name | Type | Constraint | Mandatory | Default Value |
---|
key_id | Integer | min: 0 , max: 2147483647 | Yes | |
name | String | max: 236 | Yes | |
keys (sdwan.feature_profiles.system_profiles.security)
Name | Type | Constraint | Mandatory | Default Value |
---|
id | Integer | | Yes | |
accept_ao_mismatch | Boolean | true , false | No | |
accept_ao_mismatch_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
accept_life_time_duration | Integer | min: 1 , max: 2147483646 | No | |
accept_life_time_exact | Integer | | No | |
accept_life_time_infinite | Boolean | true , false | No | |
accept_life_time_local | Boolean | true , false | No | |
accept_life_time_local_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
accept_life_time_start_epoch | Integer | | Yes | |
crypto_algorithm | Choice | aes-128-cmac , hmac-sha-1 , hmac-sha-256 | Yes | |
include_tcp_options | Boolean | true , false | No | |
include_tcp_options_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
key_chain_name | String | | Yes | |
key_string | String | min: 1 | No | |
key_string_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
receiver_id | Integer | min: 0 , max: 255 | No | |
receiver_id_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
send_id | Integer | min: 0 , max: 255 | No | |
send_id_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
send_life_time_duration | Integer | min: 1 , max: 2147483646 | No | |
send_life_time_exact | Integer | | No | |
send_life_time_infinite | Boolean | true , false | No | |
send_life_time_local | Boolean | true , false | No | |
send_life_time_local_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
send_life_time_start_epoch | Integer | | Yes | |
Examples
description: this is test system profile
description: basic security
extended_anti_replay_window_variable: extended_arw
- accept_life_time_start_epoch: 1714125354
accept_life_time_exact: 1774125354
crypto_algorithm: hmac-sha-256
key_string: lpqBQBw92hQOkcsmT7pLZq
receiver_id_variable: key_recv_id
send_life_time_start_epoch: 1714125354
send_life_time_infinite: true