Docs Home
f5 BIG-IP v3.17.10 published on Tuesday, Apr 8, 2025 by Pulumi
f5bigip.NetIkePeer
Explore with Pulumi AI
f5bigip.NetIkePeer Manages a ike_peer configuration
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
example1:
type: f5bigip:NetIkePeer
properties:
name: example1
localAddress: 192.16.81.240
profile: /Common/dslite
Create NetIkePeer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NetIkePeer(name: string, args: NetIkePeerArgs, opts?: CustomResourceOptions);@overload
def NetIkePeer(resource_name: str,
args: NetIkePeerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NetIkePeer(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
remote_address: Optional[str] = None,
peers_cert_file: Optional[str] = None,
traffic_selectors: Optional[Sequence[str]] = None,
dpd_delay: Optional[int] = None,
generate_policy: Optional[str] = None,
lifetime: Optional[int] = None,
mode: Optional[str] = None,
peers_id_type: Optional[str] = None,
my_cert_key_file: Optional[str] = None,
my_cert_key_passphrase: Optional[str] = None,
my_id_type: Optional[str] = None,
my_id_value: Optional[str] = None,
crl_file: Optional[str] = None,
nat_traversal: Optional[str] = None,
passive: Optional[str] = None,
versions: Optional[Sequence[str]] = None,
description: Optional[str] = None,
my_cert_file: Optional[str] = None,
peers_id_value: Optional[str] = None,
phase1_auth_method: Optional[str] = None,
phase1_encrypt_algorithm: Optional[str] = None,
phase1_hash_algorithm: Optional[str] = None,
phase1_perfect_forward_secrecy: Optional[str] = None,
preshared_key: Optional[str] = None,
preshared_key_encrypted: Optional[str] = None,
prf: Optional[str] = None,
proxy_support: Optional[str] = None,
ca_cert_file: Optional[str] = None,
replay_window_size: Optional[int] = None,
state: Optional[str] = None,
peers_cert_type: Optional[str] = None,
verify_cert: Optional[str] = None,
app_service: Optional[str] = None)func NewNetIkePeer(ctx *Context, name string, args NetIkePeerArgs, opts ...ResourceOption) (*NetIkePeer, error)public NetIkePeer(string name, NetIkePeerArgs args, CustomResourceOptions? opts = null)public NetIkePeer(String name, NetIkePeerArgs args)
public NetIkePeer(String name, NetIkePeerArgs args, CustomResourceOptions options)
type: f5bigip:NetIkePeer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. NetIkePeerArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. NetIkePeerArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. NetIkePeerArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. NetIkePeerArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. NetIkePeerArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var netIkePeerResource = new F5BigIP.NetIkePeer("netIkePeerResource", new()
{
Name = "string",
RemoteAddress = "string",
PeersCertFile = "string",
TrafficSelectors = new[]
{
"string",
},
DpdDelay = 0,
GeneratePolicy = "string",
Lifetime = 0,
Mode = "string",
PeersIdType = "string",
MyCertKeyFile = "string",
MyCertKeyPassphrase = "string",
MyIdType = "string",
MyIdValue = "string",
CrlFile = "string",
NatTraversal = "string",
Passive = "string",
Versions = new[]
{
"string",
},
Description = "string",
MyCertFile = "string",
PeersIdValue = "string",
Phase1AuthMethod = "string",
Phase1EncryptAlgorithm = "string",
Phase1HashAlgorithm = "string",
Phase1PerfectForwardSecrecy = "string",
PresharedKey = "string",
PresharedKeyEncrypted = "string",
Prf = "string",
ProxySupport = "string",
CaCertFile = "string",
ReplayWindowSize = 0,
State = "string",
PeersCertType = "string",
VerifyCert = "string",
AppService = "string",
});
example, err := f5bigip.NewNetIkePeer(ctx, "netIkePeerResource", &f5bigip.NetIkePeerArgs{
Name: pulumi.String("string"),
RemoteAddress: pulumi.String("string"),
PeersCertFile: pulumi.String("string"),
TrafficSelectors: pulumi.StringArray{
pulumi.String("string"),
},
DpdDelay: pulumi.Int(0),
GeneratePolicy: pulumi.String("string"),
Lifetime: pulumi.Int(0),
Mode: pulumi.String("string"),
PeersIdType: pulumi.String("string"),
MyCertKeyFile: pulumi.String("string"),
MyCertKeyPassphrase: pulumi.String("string"),
MyIdType: pulumi.String("string"),
MyIdValue: pulumi.String("string"),
CrlFile: pulumi.String("string"),
NatTraversal: pulumi.String("string"),
Passive: pulumi.String("string"),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
MyCertFile: pulumi.String("string"),
PeersIdValue: pulumi.String("string"),
Phase1AuthMethod: pulumi.String("string"),
Phase1EncryptAlgorithm: pulumi.String("string"),
Phase1HashAlgorithm: pulumi.String("string"),
Phase1PerfectForwardSecrecy: pulumi.String("string"),
PresharedKey: pulumi.String("string"),
PresharedKeyEncrypted: pulumi.String("string"),
Prf: pulumi.String("string"),
ProxySupport: pulumi.String("string"),
CaCertFile: pulumi.String("string"),
ReplayWindowSize: pulumi.Int(0),
State: pulumi.String("string"),
PeersCertType: pulumi.String("string"),
VerifyCert: pulumi.String("string"),
AppService: pulumi.String("string"),
})
var netIkePeerResource = new NetIkePeer("netIkePeerResource", NetIkePeerArgs.builder()
.name("string")
.remoteAddress("string")
.peersCertFile("string")
.trafficSelectors("string")
.dpdDelay(0)
.generatePolicy("string")
.lifetime(0)
.mode("string")
.peersIdType("string")
.myCertKeyFile("string")
.myCertKeyPassphrase("string")
.myIdType("string")
.myIdValue("string")
.crlFile("string")
.natTraversal("string")
.passive("string")
.versions("string")
.description("string")
.myCertFile("string")
.peersIdValue("string")
.phase1AuthMethod("string")
.phase1EncryptAlgorithm("string")
.phase1HashAlgorithm("string")
.phase1PerfectForwardSecrecy("string")
.presharedKey("string")
.presharedKeyEncrypted("string")
.prf("string")
.proxySupport("string")
.caCertFile("string")
.replayWindowSize(0)
.state("string")
.peersCertType("string")
.verifyCert("string")
.appService("string")
.build());
net_ike_peer_resource = f5bigip.NetIkePeer("netIkePeerResource",
name="string",
remote_address="string",
peers_cert_file="string",
traffic_selectors=["string"],
dpd_delay=0,
generate_policy="string",
lifetime=0,
mode="string",
peers_id_type="string",
my_cert_key_file="string",
my_cert_key_passphrase="string",
my_id_type="string",
my_id_value="string",
crl_file="string",
nat_traversal="string",
passive="string",
versions=["string"],
description="string",
my_cert_file="string",
peers_id_value="string",
phase1_auth_method="string",
phase1_encrypt_algorithm="string",
phase1_hash_algorithm="string",
phase1_perfect_forward_secrecy="string",
preshared_key="string",
preshared_key_encrypted="string",
prf="string",
proxy_support="string",
ca_cert_file="string",
replay_window_size=0,
state="string",
peers_cert_type="string",
verify_cert="string",
app_service="string")
const netIkePeerResource = new f5bigip.NetIkePeer("netIkePeerResource", {
name: "string",
remoteAddress: "string",
peersCertFile: "string",
trafficSelectors: ["string"],
dpdDelay: 0,
generatePolicy: "string",
lifetime: 0,
mode: "string",
peersIdType: "string",
myCertKeyFile: "string",
myCertKeyPassphrase: "string",
myIdType: "string",
myIdValue: "string",
crlFile: "string",
natTraversal: "string",
passive: "string",
versions: ["string"],
description: "string",
myCertFile: "string",
peersIdValue: "string",
phase1AuthMethod: "string",
phase1EncryptAlgorithm: "string",
phase1HashAlgorithm: "string",
phase1PerfectForwardSecrecy: "string",
presharedKey: "string",
presharedKeyEncrypted: "string",
prf: "string",
proxySupport: "string",
caCertFile: "string",
replayWindowSize: 0,
state: "string",
peersCertType: "string",
verifyCert: "string",
appService: "string",
});
type: f5bigip:NetIkePeer
properties:
appService: string
caCertFile: string
crlFile: string
description: string
dpdDelay: 0
generatePolicy: string
lifetime: 0
mode: string
myCertFile: string
myCertKeyFile: string
myCertKeyPassphrase: string
myIdType: string
myIdValue: string
name: string
natTraversal: string
passive: string
peersCertFile: string
peersCertType: string
peersIdType: string
peersIdValue: string
phase1AuthMethod: string
phase1EncryptAlgorithm: string
phase1HashAlgorithm: string
phase1PerfectForwardSecrecy: string
presharedKey: string
presharedKeyEncrypted: string
prf: string
proxySupport: string
remoteAddress: string
replayWindowSize: 0
state: string
trafficSelectors:
- string
verifyCert: string
versions:
- string
NetIkePeer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NetIkePeer resource accepts the following input properties:
- Name
string
This property is required. 
Changes to this property will trigger replacement. - Name of the ike_peer
- Remote
Address This property is required. string - Specifies the IP address of the IKE remote node
- App
Service string - The application service that the object belongs to
- Ca
Cert stringFile - the trusted root and intermediate certificate authorities
- Crl
File string - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- Description string
- User defined description
- Dpd
Delay int - Specifies the number of seconds between Dead Peer Detection messages
- Generate
Policy string - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- Lifetime int
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- Mode string
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- My
Cert stringFile - Specifies the name of the certificate file object
- My
Cert stringKey File - Specifies the name of the certificate key file object
- My
Cert stringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- My
Id stringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- My
Id stringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- Nat
Traversal string - Enables use of the NAT-Traversal IPsec extension
- Passive string
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- Peers
Cert stringFile - Specifies the peer’s certificate for authentication
- Peers
Cert stringType - Specifies that the only peers-cert-type supported is certfile
- Peers
Id stringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- Peers
Id stringValue - Specifies the peer’s identifier to be received
- Phase1Auth
Method string - Specifies the authentication method used for phase 1 negotiation
- Phase1Encrypt
Algorithm string - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- Phase1Hash
Algorithm string - Defines the hash algorithm used for the isakmp phase 1 negotiation
- Phase1Perfect
Forward stringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- string
- Specifies the preshared key for ISAKMP SAs
- string
- Display the encrypted preshared-key for the IKE remote node
- Prf string
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- Proxy
Support string - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- Replay
Window intSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- State string
- Enables or disables this IKE remote node
- Traffic
Selectors List<string> - Specifies the names of the traffic-selector objects associated with this ike-peer
- Verify
Cert string - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- Versions List<string>
- Specifies which version of IKE to be used
- Name
string
This property is required. Changes to this property will trigger replacement. - Name of the ike_peer
- Remote
Address This property is required. string - Specifies the IP address of the IKE remote node
- App
Service string - The application service that the object belongs to
- Ca
Cert stringFile - the trusted root and intermediate certificate authorities
- Crl
File string - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- Description string
- User defined description
- Dpd
Delay int - Specifies the number of seconds between Dead Peer Detection messages
- Generate
Policy string - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- Lifetime int
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- Mode string
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- My
Cert stringFile - Specifies the name of the certificate file object
- My
Cert stringKey File - Specifies the name of the certificate key file object
- My
Cert stringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- My
Id stringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- My
Id stringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- Nat
Traversal string - Enables use of the NAT-Traversal IPsec extension
- Passive string
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- Peers
Cert stringFile - Specifies the peer’s certificate for authentication
- Peers
Cert stringType - Specifies that the only peers-cert-type supported is certfile
- Peers
Id stringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- Peers
Id stringValue - Specifies the peer’s identifier to be received
- Phase1Auth
Method string - Specifies the authentication method used for phase 1 negotiation
- Phase1Encrypt
Algorithm string - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- Phase1Hash
Algorithm string - Defines the hash algorithm used for the isakmp phase 1 negotiation
- Phase1Perfect
Forward stringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- string
- Specifies the preshared key for ISAKMP SAs
- string
- Display the encrypted preshared-key for the IKE remote node
- Prf string
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- Proxy
Support string - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- Replay
Window intSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- State string
- Enables or disables this IKE remote node
- Traffic
Selectors []string - Specifies the names of the traffic-selector objects associated with this ike-peer
- Verify
Cert string - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- Versions []string
- Specifies which version of IKE to be used
- name
String
This property is required. Changes to this property will trigger replacement. - Name of the ike_peer
- remote
Address This property is required. String - Specifies the IP address of the IKE remote node
- app
Service String - The application service that the object belongs to
- ca
Cert StringFile - the trusted root and intermediate certificate authorities
- crl
File String - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description String
- User defined description
- dpd
Delay Integer - Specifies the number of seconds between Dead Peer Detection messages
- generate
Policy String - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime Integer
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode String
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my
Cert StringFile - Specifies the name of the certificate file object
- my
Cert StringKey File - Specifies the name of the certificate key file object
- my
Cert StringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my
Id StringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my
Id StringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- nat
Traversal String - Enables use of the NAT-Traversal IPsec extension
- passive String
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers
Cert StringFile - Specifies the peer’s certificate for authentication
- peers
Cert StringType - Specifies that the only peers-cert-type supported is certfile
- peers
Id StringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers
Id StringValue - Specifies the peer’s identifier to be received
- phase1Auth
Method String - Specifies the authentication method used for phase 1 negotiation
- phase1Encrypt
Algorithm String - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1Hash
Algorithm String - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1Perfect
Forward StringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- String
- Specifies the preshared key for ISAKMP SAs
- String
- Display the encrypted preshared-key for the IKE remote node
- prf String
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy
Support String - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- replay
Window IntegerSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state String
- Enables or disables this IKE remote node
- traffic
Selectors List<String> - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify
Cert String - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions List<String>
- Specifies which version of IKE to be used
- name
string
This property is required. Changes to this property will trigger replacement. - Name of the ike_peer
- remote
Address This property is required. string - Specifies the IP address of the IKE remote node
- app
Service string - The application service that the object belongs to
- ca
Cert stringFile - the trusted root and intermediate certificate authorities
- crl
File string - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description string
- User defined description
- dpd
Delay number - Specifies the number of seconds between Dead Peer Detection messages
- generate
Policy string - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime number
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode string
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my
Cert stringFile - Specifies the name of the certificate file object
- my
Cert stringKey File - Specifies the name of the certificate key file object
- my
Cert stringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my
Id stringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my
Id stringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- nat
Traversal string - Enables use of the NAT-Traversal IPsec extension
- passive string
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers
Cert stringFile - Specifies the peer’s certificate for authentication
- peers
Cert stringType - Specifies that the only peers-cert-type supported is certfile
- peers
Id stringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers
Id stringValue - Specifies the peer’s identifier to be received
- phase1Auth
Method string - Specifies the authentication method used for phase 1 negotiation
- phase1Encrypt
Algorithm string - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1Hash
Algorithm string - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1Perfect
Forward stringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- string
- Specifies the preshared key for ISAKMP SAs
- string
- Display the encrypted preshared-key for the IKE remote node
- prf string
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy
Support string - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- replay
Window numberSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state string
- Enables or disables this IKE remote node
- traffic
Selectors string[] - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify
Cert string - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions string[]
- Specifies which version of IKE to be used
- name
str
This property is required. Changes to this property will trigger replacement. - Name of the ike_peer
- remote_
address This property is required. str - Specifies the IP address of the IKE remote node
- app_
service str - The application service that the object belongs to
- ca_
cert_ strfile - the trusted root and intermediate certificate authorities
- crl_
file str - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description str
- User defined description
- dpd_
delay int - Specifies the number of seconds between Dead Peer Detection messages
- generate_
policy str - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime int
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode str
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my_
cert_ strfile - Specifies the name of the certificate file object
- my_
cert_ strkey_ file - Specifies the name of the certificate key file object
- my_
cert_ strkey_ passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my_
id_ strtype - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my_
id_ strvalue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- nat_
traversal str - Enables use of the NAT-Traversal IPsec extension
- passive str
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers_
cert_ strfile - Specifies the peer’s certificate for authentication
- peers_
cert_ strtype - Specifies that the only peers-cert-type supported is certfile
- peers_
id_ strtype - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers_
id_ strvalue - Specifies the peer’s identifier to be received
- phase1_
auth_ strmethod - Specifies the authentication method used for phase 1 negotiation
- phase1_
encrypt_ stralgorithm - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1_
hash_ stralgorithm - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1_
perfect_ strforward_ secrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- str
- Specifies the preshared key for ISAKMP SAs
- str
- Display the encrypted preshared-key for the IKE remote node
- prf str
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy_
support str - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- replay_
window_ intsize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state str
- Enables or disables this IKE remote node
- traffic_
selectors Sequence[str] - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify_
cert str - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions Sequence[str]
- Specifies which version of IKE to be used
- name
String
This property is required. Changes to this property will trigger replacement. - Name of the ike_peer
- remote
Address This property is required. String - Specifies the IP address of the IKE remote node
- app
Service String - The application service that the object belongs to
- ca
Cert StringFile - the trusted root and intermediate certificate authorities
- crl
File String - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description String
- User defined description
- dpd
Delay Number - Specifies the number of seconds between Dead Peer Detection messages
- generate
Policy String - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime Number
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode String
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my
Cert StringFile - Specifies the name of the certificate file object
- my
Cert StringKey File - Specifies the name of the certificate key file object
- my
Cert StringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my
Id StringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my
Id StringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- nat
Traversal String - Enables use of the NAT-Traversal IPsec extension
- passive String
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers
Cert StringFile - Specifies the peer’s certificate for authentication
- peers
Cert StringType - Specifies that the only peers-cert-type supported is certfile
- peers
Id StringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers
Id StringValue - Specifies the peer’s identifier to be received
- phase1Auth
Method String - Specifies the authentication method used for phase 1 negotiation
- phase1Encrypt
Algorithm String - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1Hash
Algorithm String - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1Perfect
Forward StringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- String
- Specifies the preshared key for ISAKMP SAs
- String
- Display the encrypted preshared-key for the IKE remote node
- prf String
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy
Support String - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- replay
Window NumberSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state String
- Enables or disables this IKE remote node
- traffic
Selectors List<String> - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify
Cert String - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions List<String>
- Specifies which version of IKE to be used
Outputs
All input properties are implicitly available as output properties. Additionally, the NetIkePeer resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NetIkePeer Resource
Get an existing NetIkePeer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetIkePeerState, opts?: CustomResourceOptions): NetIkePeer@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
app_service: Optional[str] = None,
ca_cert_file: Optional[str] = None,
crl_file: Optional[str] = None,
description: Optional[str] = None,
dpd_delay: Optional[int] = None,
generate_policy: Optional[str] = None,
lifetime: Optional[int] = None,
mode: Optional[str] = None,
my_cert_file: Optional[str] = None,
my_cert_key_file: Optional[str] = None,
my_cert_key_passphrase: Optional[str] = None,
my_id_type: Optional[str] = None,
my_id_value: Optional[str] = None,
name: Optional[str] = None,
nat_traversal: Optional[str] = None,
passive: Optional[str] = None,
peers_cert_file: Optional[str] = None,
peers_cert_type: Optional[str] = None,
peers_id_type: Optional[str] = None,
peers_id_value: Optional[str] = None,
phase1_auth_method: Optional[str] = None,
phase1_encrypt_algorithm: Optional[str] = None,
phase1_hash_algorithm: Optional[str] = None,
phase1_perfect_forward_secrecy: Optional[str] = None,
preshared_key: Optional[str] = None,
preshared_key_encrypted: Optional[str] = None,
prf: Optional[str] = None,
proxy_support: Optional[str] = None,
remote_address: Optional[str] = None,
replay_window_size: Optional[int] = None,
state: Optional[str] = None,
traffic_selectors: Optional[Sequence[str]] = None,
verify_cert: Optional[str] = None,
versions: Optional[Sequence[str]] = None) -> NetIkePeerfunc GetNetIkePeer(ctx *Context, name string, id IDInput, state *NetIkePeerState, opts ...ResourceOption) (*NetIkePeer, error)public static NetIkePeer Get(string name, Input<string> id, NetIkePeerState? state, CustomResourceOptions? opts = null)public static NetIkePeer get(String name, Output<String> id, NetIkePeerState state, CustomResourceOptions options)resources: _: type: f5bigip:NetIkePeer get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- App
Service string - The application service that the object belongs to
- Ca
Cert stringFile - the trusted root and intermediate certificate authorities
- Crl
File string - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- Description string
- User defined description
- Dpd
Delay int - Specifies the number of seconds between Dead Peer Detection messages
- Generate
Policy string - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- Lifetime int
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- Mode string
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- My
Cert stringFile - Specifies the name of the certificate file object
- My
Cert stringKey File - Specifies the name of the certificate key file object
- My
Cert stringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- My
Id stringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- My
Id stringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- Name
- Name of the ike_peer
- Nat
Traversal string - Enables use of the NAT-Traversal IPsec extension
- Passive string
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- Peers
Cert stringFile - Specifies the peer’s certificate for authentication
- Peers
Cert stringType - Specifies that the only peers-cert-type supported is certfile
- Peers
Id stringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- Peers
Id stringValue - Specifies the peer’s identifier to be received
- Phase1Auth
Method string - Specifies the authentication method used for phase 1 negotiation
- Phase1Encrypt
Algorithm string - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- Phase1Hash
Algorithm string - Defines the hash algorithm used for the isakmp phase 1 negotiation
- Phase1Perfect
Forward stringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- string
- Specifies the preshared key for ISAKMP SAs
- string
- Display the encrypted preshared-key for the IKE remote node
- Prf string
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- Proxy
Support string - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- Remote
Address string - Specifies the IP address of the IKE remote node
- Replay
Window intSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- State string
- Enables or disables this IKE remote node
- Traffic
Selectors List<string> - Specifies the names of the traffic-selector objects associated with this ike-peer
- Verify
Cert string - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- Versions List<string>
- Specifies which version of IKE to be used
- App
Service string - The application service that the object belongs to
- Ca
Cert stringFile - the trusted root and intermediate certificate authorities
- Crl
File string - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- Description string
- User defined description
- Dpd
Delay int - Specifies the number of seconds between Dead Peer Detection messages
- Generate
Policy string - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- Lifetime int
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- Mode string
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- My
Cert stringFile - Specifies the name of the certificate file object
- My
Cert stringKey File - Specifies the name of the certificate key file object
- My
Cert stringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- My
Id stringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- My
Id stringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- Name
- Name of the ike_peer
- Nat
Traversal string - Enables use of the NAT-Traversal IPsec extension
- Passive string
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- Peers
Cert stringFile - Specifies the peer’s certificate for authentication
- Peers
Cert stringType - Specifies that the only peers-cert-type supported is certfile
- Peers
Id stringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- Peers
Id stringValue - Specifies the peer’s identifier to be received
- Phase1Auth
Method string - Specifies the authentication method used for phase 1 negotiation
- Phase1Encrypt
Algorithm string - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- Phase1Hash
Algorithm string - Defines the hash algorithm used for the isakmp phase 1 negotiation
- Phase1Perfect
Forward stringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- string
- Specifies the preshared key for ISAKMP SAs
- string
- Display the encrypted preshared-key for the IKE remote node
- Prf string
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- Proxy
Support string - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- Remote
Address string - Specifies the IP address of the IKE remote node
- Replay
Window intSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- State string
- Enables or disables this IKE remote node
- Traffic
Selectors []string - Specifies the names of the traffic-selector objects associated with this ike-peer
- Verify
Cert string - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- Versions []string
- Specifies which version of IKE to be used
- app
Service String - The application service that the object belongs to
- ca
Cert StringFile - the trusted root and intermediate certificate authorities
- crl
File String - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description String
- User defined description
- dpd
Delay Integer - Specifies the number of seconds between Dead Peer Detection messages
- generate
Policy String - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime Integer
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode String
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my
Cert StringFile - Specifies the name of the certificate file object
- my
Cert StringKey File - Specifies the name of the certificate key file object
- my
Cert StringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my
Id StringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my
Id StringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- name
- Name of the ike_peer
- nat
Traversal String - Enables use of the NAT-Traversal IPsec extension
- passive String
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers
Cert StringFile - Specifies the peer’s certificate for authentication
- peers
Cert StringType - Specifies that the only peers-cert-type supported is certfile
- peers
Id StringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers
Id StringValue - Specifies the peer’s identifier to be received
- phase1Auth
Method String - Specifies the authentication method used for phase 1 negotiation
- phase1Encrypt
Algorithm String - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1Hash
Algorithm String - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1Perfect
Forward StringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- String
- Specifies the preshared key for ISAKMP SAs
- String
- Display the encrypted preshared-key for the IKE remote node
- prf String
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy
Support String - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- remote
Address String - Specifies the IP address of the IKE remote node
- replay
Window IntegerSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state String
- Enables or disables this IKE remote node
- traffic
Selectors List<String> - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify
Cert String - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions List<String>
- Specifies which version of IKE to be used
- app
Service string - The application service that the object belongs to
- ca
Cert stringFile - the trusted root and intermediate certificate authorities
- crl
File string - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description string
- User defined description
- dpd
Delay number - Specifies the number of seconds between Dead Peer Detection messages
- generate
Policy string - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime number
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode string
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my
Cert stringFile - Specifies the name of the certificate file object
- my
Cert stringKey File - Specifies the name of the certificate key file object
- my
Cert stringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my
Id stringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my
Id stringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- name
- Name of the ike_peer
- nat
Traversal string - Enables use of the NAT-Traversal IPsec extension
- passive string
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers
Cert stringFile - Specifies the peer’s certificate for authentication
- peers
Cert stringType - Specifies that the only peers-cert-type supported is certfile
- peers
Id stringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers
Id stringValue - Specifies the peer’s identifier to be received
- phase1Auth
Method string - Specifies the authentication method used for phase 1 negotiation
- phase1Encrypt
Algorithm string - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1Hash
Algorithm string - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1Perfect
Forward stringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- string
- Specifies the preshared key for ISAKMP SAs
- string
- Display the encrypted preshared-key for the IKE remote node
- prf string
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy
Support string - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- remote
Address string - Specifies the IP address of the IKE remote node
- replay
Window numberSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state string
- Enables or disables this IKE remote node
- traffic
Selectors string[] - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify
Cert string - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions string[]
- Specifies which version of IKE to be used
- app_
service str - The application service that the object belongs to
- ca_
cert_ strfile - the trusted root and intermediate certificate authorities
- crl_
file str - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description str
- User defined description
- dpd_
delay int - Specifies the number of seconds between Dead Peer Detection messages
- generate_
policy str - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime int
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode str
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my_
cert_ strfile - Specifies the name of the certificate file object
- my_
cert_ strkey_ file - Specifies the name of the certificate key file object
- my_
cert_ strkey_ passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my_
id_ strtype - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my_
id_ strvalue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- name
- Name of the ike_peer
- nat_
traversal str - Enables use of the NAT-Traversal IPsec extension
- passive str
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers_
cert_ strfile - Specifies the peer’s certificate for authentication
- peers_
cert_ strtype - Specifies that the only peers-cert-type supported is certfile
- peers_
id_ strtype - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers_
id_ strvalue - Specifies the peer’s identifier to be received
- phase1_
auth_ strmethod - Specifies the authentication method used for phase 1 negotiation
- phase1_
encrypt_ stralgorithm - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1_
hash_ stralgorithm - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1_
perfect_ strforward_ secrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- str
- Specifies the preshared key for ISAKMP SAs
- str
- Display the encrypted preshared-key for the IKE remote node
- prf str
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy_
support str - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- remote_
address str - Specifies the IP address of the IKE remote node
- replay_
window_ intsize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state str
- Enables or disables this IKE remote node
- traffic_
selectors Sequence[str] - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify_
cert str - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions Sequence[str]
- Specifies which version of IKE to be used
- app
Service String - The application service that the object belongs to
- ca
Cert StringFile - the trusted root and intermediate certificate authorities
- crl
File String - Specifies the file name of the Certificate Revocation List. Only supported in IKEv1
- description String
- User defined description
- dpd
Delay Number - Specifies the number of seconds between Dead Peer Detection messages
- generate
Policy String - Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node
- lifetime Number
- Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations
- mode String
- Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder
- my
Cert StringFile - Specifies the name of the certificate file object
- my
Cert StringKey File - Specifies the name of the certificate key file object
- my
Cert StringKey Passphrase - Specifies the passphrase of the key used for my-cert-key-file
- my
Id StringType - Specifies the identifier type sent to the remote host to use in the phase 1 negotiation
- my
Id StringValue - Specifies the identifier value sent to the remote host in the phase 1 negotiation
- name
- Name of the ike_peer
- nat
Traversal String - Enables use of the NAT-Traversal IPsec extension
- passive String
- Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer
- peers
Cert StringFile - Specifies the peer’s certificate for authentication
- peers
Cert StringType - Specifies that the only peers-cert-type supported is certfile
- peers
Id StringType - Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type
- peers
Id StringValue - Specifies the peer’s identifier to be received
- phase1Auth
Method String - Specifies the authentication method used for phase 1 negotiation
- phase1Encrypt
Algorithm String - Specifies the encryption algorithm used for the isakmp phase 1 negotiation
- phase1Hash
Algorithm String - Defines the hash algorithm used for the isakmp phase 1 negotiation
- phase1Perfect
Forward StringSecrecy - Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy
- String
- Specifies the preshared key for ISAKMP SAs
- String
- Display the encrypted preshared-key for the IKE remote node
- prf String
- Specifies the pseudo-random function used to derive keying material for all cryptographic operations
- proxy
Support String - If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs
- remote
Address String - Specifies the IP address of the IKE remote node
- replay
Window NumberSize - Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node
- state String
- Enables or disables this IKE remote node
- traffic
Selectors List<String> - Specifies the names of the traffic-selector objects associated with this ike-peer
- verify
Cert String - Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file
- versions List<String>
- Specifies which version of IKE to be used
Package Details
- Repository
- f5 BIG-IP pulumi/pulumi-f5bigip
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
bigipTerraform Provider.