Skip to main content
REST API reference
A newer release of this product is available.

Retrieve IPsec and IKE security associations

PDFs

GET /security/ipsec/security-associations

Introduced In: 9.8

Retrieves the IPsec and IKE (Internet Key Exchange) security associations.

  • security ipsec show-ipsecsa

  • security ipsec show-ikesa

Parameters

Name Type In Required Description

node.name

string

query

False

Filter by node.name

node.uuid

string

query

False

Filter by node.uuid

scope

string

query

False

Filter by scope

lifetime

integer

query

False

Filter by lifetime

uuid

string

query

False

Filter by uuid

local_address

string

query

False

Filter by local_address

ike.version

integer

query

False

Filter by ike.version

ike.is_initiator

boolean

query

False

Filter by ike.is_initiator

ike.initiator_security_parameter_index

string

query

False

Filter by ike.initiator_security_parameter_index

ike.authentication

string

query

False

Filter by ike.authentication

ike.responder_security_parameter_index

string

query

False

Filter by ike.responder_security_parameter_index

ike.state

string

query

False

Filter by ike.state

cipher_suite

string

query

False

Filter by cipher_suite

ipsec.state

string

query

False

Filter by ipsec.state

ipsec.action

string

query

False

Filter by ipsec.action

ipsec.outbound.bytes

integer

query

False

Filter by ipsec.outbound.bytes

ipsec.outbound.packets

integer

query

False

Filter by ipsec.outbound.packets

ipsec.outbound.security_parameter_index

string

query

False

Filter by ipsec.outbound.security_parameter_index

ipsec.inbound.packets

integer

query

False

Filter by ipsec.inbound.packets

ipsec.inbound.bytes

integer

query

False

Filter by ipsec.inbound.bytes

ipsec.inbound.security_parameter_index

string

query

False

Filter by ipsec.inbound.security_parameter_index

policy_name

string

query

False

Filter by policy_name

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

remote_address

string

query

False

Filter by remote_address

type

string

query

False

Filter by type

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 15

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

error

error

num_records

integer

Number of records

records

array[records]
Example response 
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist"
  },
  "num_records": 1,
  "records": [
    {
      "cipher_suite": "string",
      "ike": {
        "authentication": "string",
        "initiator_security_parameter_index": "string",
        "responder_security_parameter_index": "string",
        "state": "string"
      },
      "ipsec": {
        "action": "string",
        "inbound": {
          "security_parameter_index": "string"
        },
        "outbound": {
          "security_parameter_index": "string"
        },
        "state": "string"
      },
      "local_address": "string",
      "node": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "node1",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "policy_name": "string",
      "remote_address": "string",
      "scope": "string",
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "type": "string",
      "uuid": "string"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

returned_error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

ike

Objects containing parameters specific to IKE (Internet Key Exchange) security association.

Name Type Description

authentication

string

Authentication method for internet key exchange protocol.

initiator_security_parameter_index

string

Initiator's security parameter index for the IKE security association.

is_initiator

boolean

Indicates whether or not IKE has been initiated by this node.

responder_security_parameter_index

string

Responder's security parameter index for the IKE security association.

state

string

State of the IKE connection.

version

integer

Internet key exchange protocol version.

inbound

Status for inbound parameters for the IPsec security association.

Name Type Description

bytes

integer

Number of inbound bytes for the IPsec security association.

packets

integer

Number of inbound packets for the IPsec security association.

security_parameter_index

string

Inbound security parameter index for the IPSec security association.

outbound

Status for outbound parameters for the IPsec security association.

Name Type Description

bytes

integer

Number of outbound bytes for the IPsec security association.

packets

integer

Number of outbound packets for the IPsec security association.

security_parameter_index

string

Outbound security parameter index for the IPSec security association.

ipsec

Objects containing parameters specific to IPsec security association.

Name Type Description

action

string

Action for the IPsec security association.

inbound

inbound

Status for inbound parameters for the IPsec security association.

outbound

outbound

Status for outbound parameters for the IPsec security association.

state

string

State of the IPsec security association.

_links

Name Type Description

self

href

node

Node with the security association.

Name Type Description

_links

_links

name

string

uuid

string

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

records

Security association object for IPsec security association and IKE (Internet Key Exchange) security association.

Name Type Description

cipher_suite

string

Cipher suite for the security association.

ike

ike

Objects containing parameters specific to IKE (Internet Key Exchange) security association.

ipsec

ipsec

Objects containing parameters specific to IPsec security association.

lifetime

integer

Lifetime for the security association in seconds.

local_address

string

Local address of the security association.

node

node

Node with the security association.

policy_name

string

Policy name for the security association.

remote_address

string

Remote address of the security association.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

svm

svm

SVM, applies only to SVM-scoped objects.

type

string

Type of security association, it can be IPsec or IKE (Internet Key Exchange).

uuid

string

Unique identifier of the security association.

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.