Create an IPsec policy
Suggest changes
PDFs
POST /security/ipsec/policies
Introduced In: 9.8
Creates an IPsec policy.
Related ONTAP commands
-
security ipsec policy create
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
action |
string |
Action for the IPsec policy. |
authentication_method |
string |
Authentication method for the IPsec policy. |
certificate |
Certificate for the IPsec policy. |
|
enabled |
boolean |
Indicates whether or not the policy is enabled. |
ipspace |
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input. |
|
local_endpoint |
Local endpoint for the IPsec policy. |
|
local_identity |
string |
Local Identity |
name |
string |
IPsec policy name. |
protocol |
string |
Lower layer protocol to be covered by the IPsec policy. |
remote_endpoint |
Remote endpoint for the IPsec policy. |
|
remote_identity |
string |
Remote Identity |
secret_key |
string |
Pre-shared key for IKE negotiation. |
svm |
||
uuid |
string |
Unique identifier of the IPsec policy. |
Example request
{
"action": "string",
"authentication_method": "string",
"certificate": {
"name": "cert1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"ipspace": {
"name": "exchange",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"local_endpoint": {
"address": "10.10.10.7",
"netmask": "24",
"port": "23"
},
"local_identity": "string",
"name": "string",
"protocol": "17",
"remote_endpoint": {
"address": "10.10.10.7",
"netmask": "24",
"port": "23"
},
"remote_identity": "string",
"secret_key": "string",
"svm": {
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
num_records |
integer |
Number of records |
records |
array[records] |
Example response
{
"num_records": 1,
"records": [
{
"action": "string",
"authentication_method": "string",
"certificate": {
"name": "cert1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"ipspace": {
"name": "exchange",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"local_endpoint": {
"address": "10.10.10.7",
"netmask": "24",
"port": "23"
},
"local_identity": "string",
"name": "string",
"protocol": "17",
"remote_endpoint": {
"address": "10.10.10.7",
"netmask": "24",
"port": "23"
},
"remote_identity": "string",
"secret_key": "string",
"svm": {
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
]
}Headers
| Name | Description | Type |
|---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
66257099 |
Only one protocol can be specified. |
66257100 |
Only one local port can be specified. |
66257101 |
Only one remote port can be specified. |
66257104 |
IPsec policy with same name already exists in this SVM. |
66257107 |
The specified pre-shared key is not a valid hexadecimal string. |
66257109 |
The specified pre-shared key is not a valid Base64 encoded binary string. |
66257110 |
Failed to a create policy sequencing value. |
66257111 |
The IPsec policy with action ESP TRANSPORT provides packet protection and requires a secret key or certificate for authentication. |
66257112 |
The IPsec policy with the action specified does not provide packet protection and the authentication method provided for the policy will be ignored. |
66257113 |
Only one local IP subnet can be specified. |
66257114 |
Only one remote IP subnet can be specified. |
66257115 |
Port ranges containing more than one port are not supported. |
66257117 |
IPsec is not supported on the SVM specified in the policy, IPsec is supported on data SVMs only. |
66257120 |
The subnet selector must be a host address (An IPv4 address with a 32-bit netmask or an IPv6 address with a 128-bit netmask). |
66257121 |
The maximum limit of IPsec Policies has reached for the specified SVM. |
66257125 |
The local_endpoint.address must be specified with local_endpoint.netmask. |
66257126 |
The remote_endpoint.address must be specified with remote_endpoint.netmask. |
66257132 |
Invalid value for port field. Value should be in range <1-65535>. |
66257133 |
A pre-shared key is needed for the PSK authentication method. Use the secret_key option to specify a key. |
66257134 |
An end-entity certificate is needed for the PKI authentication method. Use the certificate.uuid option to specify an end-entity certificate. |
66257137 |
A pre-shared key is not needed for the PKI authentication method. |
66257139 |
Certificate with the specified UUID was not found. |
66257140 |
Only certificates with a client or server type are supported. |
66257396 |
IPsec is not supported for the admin SVM in a MetroCluster configuration. |
Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
certificate
Certificate for the IPsec policy.
| Name | Type | Description |
|---|---|---|
name |
string |
Certificate name |
uuid |
string |
Certificate UUID |
ipspace
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input.
| Name | Type | Description |
|---|---|---|
name |
string |
IPspace name |
uuid |
string |
IPspace UUID |
local_endpoint
Local endpoint for the IPsec policy.
| Name | Type | Description |
|---|---|---|
address |
string |
IPv4 or IPv6 address |
netmask |
string |
Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always netmask length. |
port |
string |
Application port to be covered by the IPsec policy |
remote_endpoint
Remote endpoint for the IPsec policy.
| Name | Type | Description |
|---|---|---|
address |
string |
IPv4 or IPv6 address |
netmask |
string |
Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always netmask length. |
port |
string |
Application port to be covered by the IPsec policy |
svm
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
ipsec_policy
IPsec policy object.
| Name | Type | Description |
|---|---|---|
action |
string |
Action for the IPsec policy. |
authentication_method |
string |
Authentication method for the IPsec policy. |
certificate |
Certificate for the IPsec policy. |
|
enabled |
boolean |
Indicates whether or not the policy is enabled. |
ipspace |
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input. |
|
local_endpoint |
Local endpoint for the IPsec policy. |
|
local_identity |
string |
Local Identity |
name |
string |
IPsec policy name. |
protocol |
string |
Lower layer protocol to be covered by the IPsec policy. |
remote_endpoint |
Remote endpoint for the IPsec policy. |
|
remote_identity |
string |
Remote Identity |
secret_key |
string |
Pre-shared key for IKE negotiation. |
svm |
||
uuid |
string |
Unique identifier of the IPsec policy. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |
records
IPsec policy object.
| Name | Type | Description |
|---|---|---|
action |
string |
Action for the IPsec policy. |
authentication_method |
string |
Authentication method for the IPsec policy. |
certificate |
Certificate for the IPsec policy. |
|
enabled |
boolean |
Indicates whether or not the policy is enabled. |
ipspace |
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input. |
|
local_endpoint |
Local endpoint for the IPsec policy. |
|
local_identity |
string |
Local Identity |
name |
string |
IPsec policy name. |
protocol |
string |
Lower layer protocol to be covered by the IPsec policy. |
remote_endpoint |
Remote endpoint for the IPsec policy. |
|
remote_identity |
string |
Remote Identity |
secret_key |
string |
Pre-shared key for IKE negotiation. |
svm |
||
uuid |
string |
Unique identifier of the IPsec policy. |