metadata:
left_site: ?{ %string }
name: ?{ %string }
location: ?{ %string }
device_type: { Cisco, *swan, Fortigate, pfsense, fortigate, sophos, check-point, palaalto, watchguard, other}
contact: ?{ %string }
name: ?{ %string }
e-mail: ?{ %string }
phone: ?{ %string }
right_site: ?{ %string }
name: ?{ %string }
location: ?{ %string }
device_type: { Cisco, *swan, Fortigate, pfsense, fortigate, sophos, check-point, palaalto, watchguard, other}
contact: ?{ %string }
name: ?{ %string }
e-mail: ?{ %string }
phone: ?{ %string }
maintainer: ?{ %string }
tunnel_details:
local_end_external: { %ip }
local_end_internal: ?{ %ip }
remote_end_external: { %ip }
remote_end_internal: ?{ %ip }
tunnelled_traffic_routes: { static, bgp }
tunnelled_traffic_static_routes:
- ?{ %net }
- ?{ %net }
tunnelled_traffic_bgp_asn: ?{ %number } # from 0 to 4294967295
phase_1_ike:
credential_methode: { pubkey, rsasig, ecdsasig, psk, secret, xauthrsasig, xauthpsk, never}
auth_mode: {SHA1, MD5, SHA_384}
encryption_alg: {DES, 3DES, AES_128, AES_192, AES_256}
hash_alg:
DH_group: {1,2,5,14,15,16,17,18,22,23,24,25,26,19,20,21,27,28,29,30,31}
key_lifetime: {%seconds}
ike_version: {1,2, any}
agressive_mode: {main, aggressive}
nat_traversal: {enabled, disabled}
keep_alive: {yes, no}
keep_alive_interval: ?{ %seconds}
dpd_action: {none, clear, hold, restart}
dpd_timeout: {disabled, %seconds}
dpd_retry: {%number}
phase_2_ipsec:
psk: { %string, shared_on_other_channel } # in comment desc the share methode
auth_alg: {NULL, MD5, SHA1}
encryption_alg: {NULL, DES, 3DES, AES_128, AES_192, AES_256}
sec_lifetime:
PFS: {Enable, Disable} #if enabled, then set DH_group
DH_group: {1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21}. # The remote peer/dialup client must use the same group
ip_compression:
tunnel_per:
peer_adress: { %ip }