REST API reference
Retrieve IPsec and IKE security associations
Suggest changes
PDFs
GET /security/ipsec/security-associations
Introduced In: 9.8
Retrieves the IPsec and IKE (Internet Key Exchange) security associations.
Related ONTAP commands
-
security ipsec show-ipsecsa -
security ipsec show-ikesa
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
cipher_suite |
string |
query |
False |
Filter by cipher_suite |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
ipsec.inbound.security_parameter_index |
string |
query |
False |
Filter by ipsec.inbound.security_parameter_index |
ipsec.inbound.packets |
integer |
query |
False |
Filter by ipsec.inbound.packets |
ipsec.inbound.bytes |
integer |
query |
False |
Filter by ipsec.inbound.bytes |
ipsec.action |
string |
query |
False |
Filter by ipsec.action |
ipsec.state |
string |
query |
False |
Filter by ipsec.state |
ipsec.outbound.security_parameter_index |
string |
query |
False |
Filter by ipsec.outbound.security_parameter_index |
ipsec.outbound.packets |
integer |
query |
False |
Filter by ipsec.outbound.packets |
ipsec.outbound.bytes |
integer |
query |
False |
Filter by ipsec.outbound.bytes |
lifetime |
integer |
query |
False |
Filter by lifetime |
type |
string |
query |
False |
Filter by type |
node.name |
string |
query |
False |
Filter by node.name |
node.uuid |
string |
query |
False |
Filter by node.uuid |
uuid |
string |
query |
False |
Filter by uuid |
remote_address |
string |
query |
False |
Filter by remote_address |
scope |
string |
query |
False |
Filter by scope |
ike.responder_security_parameter_index |
string |
query |
False |
Filter by ike.responder_security_parameter_index |
ike.initiator_security_parameter_index |
string |
query |
False |
Filter by ike.initiator_security_parameter_index |
ike.state |
string |
query |
False |
Filter by ike.state |
ike.authentication |
string |
query |
False |
Filter by ike.authentication |
ike.is_initiator |
boolean |
query |
False |
Filter by ike.is_initiator |
ike.version |
string |
query |
False |
Filter by ike.version |
policy_name |
string |
query |
False |
Filter by policy_name |
local_address |
string |
query |
False |
Filter by local_address |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
error |
||
num_records |
integer |
Number of records |
records |
array[records] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
},
"num_records": "1",
"records": {
"cipher_suite": "suite_aescbc",
"ike": {
"authentication": "none",
"state": "none"
},
"ipsec": {
"action": "bypass"
},
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"scope": "svm",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"type": "ipsec"
}
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |
ike
Objects containing parameters specific to IKE (Internet Key Exchange) security association.
| Name | Type | Description |
|---|---|---|
authentication |
string |
Authentication method for internet key exchange protocol. |
initiator_security_parameter_index |
string |
Initiator's security parameter index for the IKE security association. |
is_initiator |
boolean |
Indicates whether or not IKE has been initiated by this node. |
responder_security_parameter_index |
string |
Responder's security parameter index for the IKE security association. |
state |
string |
State of the IKE connection. |
version |
string |
Internet key exchange protocol version. |
inbound
Status for inbound parameters for the IPsec security association.
| Name | Type | Description |
|---|---|---|
bytes |
integer |
Number of inbound bytes for the IPsec security association. |
packets |
integer |
Number of inbound packets for the IPsec security association. |
security_parameter_index |
string |
Inbound security parameter index for the IPSec security association. |
outbound
Status for outbound parameters for the IPsec security association.
| Name | Type | Description |
|---|---|---|
bytes |
integer |
Number of outbound bytes for the IPsec security association. |
packets |
integer |
Number of outbound packets for the IPsec security association. |
security_parameter_index |
string |
Outbound security parameter index for the IPSec security association. |
ipsec
Objects containing parameters specific to IPsec security association.
| Name | Type | Description |
|---|---|---|
action |
string |
Action for the IPsec security association. |
inbound |
Status for inbound parameters for the IPsec security association. |
|
outbound |
Status for outbound parameters for the IPsec security association. |
|
state |
string |
State of the IPsec security association. |
_links
| Name | Type | Description |
|---|---|---|
self |
node
Node with the security association.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
records
Security association object for IPsec security association and IKE (Internet Key Exchange) security association.
| Name | Type | Description |
|---|---|---|
cipher_suite |
string |
Cipher suite for the security association. |
ike |
Objects containing parameters specific to IKE (Internet Key Exchange) security association. |
|
ipsec |
Objects containing parameters specific to IPsec security association. |
|
lifetime |
integer |
Lifetime for the security association in seconds. |
local_address |
string |
Local address of the security association. |
node |
Node with the security association. |
|
policy_name |
string |
Policy name for the security association. |
remote_address |
string |
Remote address of the security association. |
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
svm |
SVM, applies only to SVM-scoped objects. |
|
type |
string |
Type of security association, it can be IPsec or IKE (Internet Key Exchange). |
uuid |
string |
Unique identifier of the security association. |