1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Core
  5. IpsecConnectionTunnelManagement
Oracle Cloud Infrastructure v2.31.0 published on Thursday, Apr 17, 2025 by Pulumi

oci.Core.IpsecConnectionTunnelManagement

Explore with Pulumi AI

This resource provides the Ip Sec Connection Tunnel Management resource in Oracle Cloud Infrastructure Core service.

Updates the specified tunnel. This operation lets you change tunnel attributes such as the routing type (BGP dynamic routing or static routing). Here are some important notes:

* If you change the tunnel's routing type or BGP session configuration, the tunnel will go
down while it's reprovisioned.

* If you want to switch the tunnel's `routing` from `STATIC` to `BGP`, make sure the tunnel's
BGP session configuration attributes have been set (bgpSessionConfig).

* If you want to switch the tunnel's `routing` from `BGP` to `STATIC`, make sure the
IPSecConnection already has at least one valid CIDR
static route.

** IMPORTANT ** Destroying the oci.Core.IpsecConnectionTunnelManagement leaves the resource in its existing state. It will not destroy the tunnel and it will not return the tunnel to its default values.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testIpSecConnectionTunnel = new oci.core.IpsecConnectionTunnelManagement("test_ip_sec_connection_tunnel", {
    ipsecId: testIpsec.id,
    tunnelId: testIpSecConnectionTunnels.ipSecConnectionTunnels[0].id,
    routing: ipSecConnectionTunnelManagementRouting,
    bgpSessionInfo: {
        customerBgpAsn: ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn,
        customerInterfaceIp: ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp,
        oracleInterfaceIp: ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp,
    },
    displayName: ipSecConnectionTunnelManagementDisplayName,
    encryptionDomainConfig: {
        cpeTrafficSelectors: ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector,
        oracleTrafficSelectors: ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector,
    },
    sharedSecret: ipSecConnectionTunnelManagementSharedSecret,
    ikeVersion: "V1",
});
Copy
import pulumi
import pulumi_oci as oci

test_ip_sec_connection_tunnel = oci.core.IpsecConnectionTunnelManagement("test_ip_sec_connection_tunnel",
    ipsec_id=test_ipsec["id"],
    tunnel_id=test_ip_sec_connection_tunnels["ipSecConnectionTunnels"][0]["id"],
    routing=ip_sec_connection_tunnel_management_routing,
    bgp_session_info={
        "customer_bgp_asn": ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn,
        "customer_interface_ip": ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip,
        "oracle_interface_ip": ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip,
    },
    display_name=ip_sec_connection_tunnel_management_display_name,
    encryption_domain_config={
        "cpe_traffic_selectors": ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector,
        "oracle_traffic_selectors": ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector,
    },
    shared_secret=ip_sec_connection_tunnel_management_shared_secret,
    ike_version="V1")
Copy
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := core.NewIpsecConnectionTunnelManagement(ctx, "test_ip_sec_connection_tunnel", &core.IpsecConnectionTunnelManagementArgs{
			IpsecId:  pulumi.Any(testIpsec.Id),
			TunnelId: pulumi.Any(testIpSecConnectionTunnels.IpSecConnectionTunnels[0].Id),
			Routing:  pulumi.Any(ipSecConnectionTunnelManagementRouting),
			BgpSessionInfo: &core.IpsecConnectionTunnelManagementBgpSessionInfoArgs{
				CustomerBgpAsn:      pulumi.Any(ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn),
				CustomerInterfaceIp: pulumi.Any(ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp),
				OracleInterfaceIp:   pulumi.Any(ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp),
			},
			DisplayName: pulumi.Any(ipSecConnectionTunnelManagementDisplayName),
			EncryptionDomainConfig: &core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs{
				CpeTrafficSelectors:    pulumi.Any(ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector),
				OracleTrafficSelectors: pulumi.Any(ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector),
			},
			SharedSecret: pulumi.Any(ipSecConnectionTunnelManagementSharedSecret),
			IkeVersion:   pulumi.String("V1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testIpSecConnectionTunnel = new Oci.Core.IpsecConnectionTunnelManagement("test_ip_sec_connection_tunnel", new()
    {
        IpsecId = testIpsec.Id,
        TunnelId = testIpSecConnectionTunnels.IpSecConnectionTunnels[0].Id,
        Routing = ipSecConnectionTunnelManagementRouting,
        BgpSessionInfo = new Oci.Core.Inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs
        {
            CustomerBgpAsn = ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn,
            CustomerInterfaceIp = ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp,
            OracleInterfaceIp = ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp,
        },
        DisplayName = ipSecConnectionTunnelManagementDisplayName,
        EncryptionDomainConfig = new Oci.Core.Inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
        {
            CpeTrafficSelectors = ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector,
            OracleTrafficSelectors = ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector,
        },
        SharedSecret = ipSecConnectionTunnelManagementSharedSecret,
        IkeVersion = "V1",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Core.IpsecConnectionTunnelManagement;
import com.pulumi.oci.Core.IpsecConnectionTunnelManagementArgs;
import com.pulumi.oci.Core.inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs;
import com.pulumi.oci.Core.inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testIpSecConnectionTunnel = new IpsecConnectionTunnelManagement("testIpSecConnectionTunnel", IpsecConnectionTunnelManagementArgs.builder()
            .ipsecId(testIpsec.id())
            .tunnelId(testIpSecConnectionTunnels.ipSecConnectionTunnels()[0].id())
            .routing(ipSecConnectionTunnelManagementRouting)
            .bgpSessionInfo(IpsecConnectionTunnelManagementBgpSessionInfoArgs.builder()
                .customerBgpAsn(ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn)
                .customerInterfaceIp(ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp)
                .oracleInterfaceIp(ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp)
                .build())
            .displayName(ipSecConnectionTunnelManagementDisplayName)
            .encryptionDomainConfig(IpsecConnectionTunnelManagementEncryptionDomainConfigArgs.builder()
                .cpeTrafficSelectors(ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector)
                .oracleTrafficSelectors(ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector)
                .build())
            .sharedSecret(ipSecConnectionTunnelManagementSharedSecret)
            .ikeVersion("V1")
            .build());

    }
}
Copy
resources:
  testIpSecConnectionTunnel:
    type: oci:Core:IpsecConnectionTunnelManagement
    name: test_ip_sec_connection_tunnel
    properties:
      ipsecId: ${testIpsec.id}
      tunnelId: ${testIpSecConnectionTunnels.ipSecConnectionTunnels[0].id}
      routing: ${ipSecConnectionTunnelManagementRouting}
      bgpSessionInfo:
        customerBgpAsn: ${ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn}
        customerInterfaceIp: ${ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp}
        oracleInterfaceIp: ${ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp}
      displayName: ${ipSecConnectionTunnelManagementDisplayName}
      encryptionDomainConfig:
        cpeTrafficSelectors: ${ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector}
        oracleTrafficSelectors: ${ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector}
      sharedSecret: ${ipSecConnectionTunnelManagementSharedSecret}
      ikeVersion: V1
Copy

Create IpsecConnectionTunnelManagement Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IpsecConnectionTunnelManagement(name: string, args: IpsecConnectionTunnelManagementArgs, opts?: CustomResourceOptions);
@overload
def IpsecConnectionTunnelManagement(resource_name: str,
                                    args: IpsecConnectionTunnelManagementArgs,
                                    opts: Optional[ResourceOptions] = None)

@overload
def IpsecConnectionTunnelManagement(resource_name: str,
                                    opts: Optional[ResourceOptions] = None,
                                    ipsec_id: Optional[str] = None,
                                    tunnel_id: Optional[str] = None,
                                    nat_translation_enabled: Optional[str] = None,
                                    encryption_domain_config: Optional[_core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs] = None,
                                    ike_version: Optional[str] = None,
                                    dpd_configs: Optional[Sequence[_core.IpsecConnectionTunnelManagementDpdConfigArgs]] = None,
                                    bgp_session_info: Optional[_core.IpsecConnectionTunnelManagementBgpSessionInfoArgs] = None,
                                    oracle_can_initiate: Optional[str] = None,
                                    phase_one_details: Optional[_core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs] = None,
                                    phase_two_details: Optional[_core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs] = None,
                                    routing: Optional[str] = None,
                                    shared_secret: Optional[str] = None,
                                    display_name: Optional[str] = None)
func NewIpsecConnectionTunnelManagement(ctx *Context, name string, args IpsecConnectionTunnelManagementArgs, opts ...ResourceOption) (*IpsecConnectionTunnelManagement, error)
public IpsecConnectionTunnelManagement(string name, IpsecConnectionTunnelManagementArgs args, CustomResourceOptions? opts = null)
public IpsecConnectionTunnelManagement(String name, IpsecConnectionTunnelManagementArgs args)
public IpsecConnectionTunnelManagement(String name, IpsecConnectionTunnelManagementArgs args, CustomResourceOptions options)
type: oci:Core:IpsecConnectionTunnelManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. IpsecConnectionTunnelManagementArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. IpsecConnectionTunnelManagementArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. IpsecConnectionTunnelManagementArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. IpsecConnectionTunnelManagementArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. IpsecConnectionTunnelManagementArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var ipsecConnectionTunnelManagementResource = new Oci.Core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", new()
{
    IpsecId = "string",
    TunnelId = "string",
    NatTranslationEnabled = "string",
    EncryptionDomainConfig = new Oci.Core.Inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
    {
        CpeTrafficSelectors = new[]
        {
            "string",
        },
        OracleTrafficSelectors = new[]
        {
            "string",
        },
    },
    IkeVersion = "string",
    DpdConfigs = new[]
    {
        new Oci.Core.Inputs.IpsecConnectionTunnelManagementDpdConfigArgs
        {
            DpdMode = "string",
            DpdTimeoutInSec = 0,
        },
    },
    BgpSessionInfo = new Oci.Core.Inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs
    {
        BgpIpv6State = "string",
        BgpState = "string",
        CustomerBgpAsn = "string",
        CustomerInterfaceIp = "string",
        CustomerInterfaceIpv6 = "string",
        OracleBgpAsn = "string",
        OracleInterfaceIp = "string",
        OracleInterfaceIpv6 = "string",
    },
    OracleCanInitiate = "string",
    PhaseOneDetails = new Oci.Core.Inputs.IpsecConnectionTunnelManagementPhaseOneDetailsArgs
    {
        CustomAuthenticationAlgorithm = "string",
        CustomDhGroup = "string",
        CustomEncryptionAlgorithm = "string",
        IsCustomPhaseOneConfig = false,
        IsIkeEstablished = false,
        Lifetime = 0,
        NegotiatedAuthenticationAlgorithm = "string",
        NegotiatedDhGroup = "string",
        NegotiatedEncryptionAlgorithm = "string",
        RemainingLifetimeInt = 0,
        RemainingLifetimeLastRetrieved = "string",
    },
    PhaseTwoDetails = new Oci.Core.Inputs.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs
    {
        CustomAuthenticationAlgorithm = "string",
        CustomEncryptionAlgorithm = "string",
        DhGroup = "string",
        IsCustomPhaseTwoConfig = false,
        IsEspEstablished = false,
        IsPfsEnabled = false,
        Lifetime = 0,
        NegotiatedAuthenticationAlgorithm = "string",
        NegotiatedDhGroup = "string",
        NegotiatedEncryptionAlgorithm = "string",
        RemainingLifetimeInt = 0,
        RemainingLifetimeLastRetrieved = "string",
    },
    Routing = "string",
    SharedSecret = "string",
    DisplayName = "string",
});
Copy
example, err := Core.NewIpsecConnectionTunnelManagement(ctx, "ipsecConnectionTunnelManagementResource", &Core.IpsecConnectionTunnelManagementArgs{
	IpsecId:               pulumi.String("string"),
	TunnelId:              pulumi.String("string"),
	NatTranslationEnabled: pulumi.String("string"),
	EncryptionDomainConfig: &core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs{
		CpeTrafficSelectors: pulumi.StringArray{
			pulumi.String("string"),
		},
		OracleTrafficSelectors: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	IkeVersion: pulumi.String("string"),
	DpdConfigs: core.IpsecConnectionTunnelManagementDpdConfigArray{
		&core.IpsecConnectionTunnelManagementDpdConfigArgs{
			DpdMode:         pulumi.String("string"),
			DpdTimeoutInSec: pulumi.Int(0),
		},
	},
	BgpSessionInfo: &core.IpsecConnectionTunnelManagementBgpSessionInfoArgs{
		BgpIpv6State:          pulumi.String("string"),
		BgpState:              pulumi.String("string"),
		CustomerBgpAsn:        pulumi.String("string"),
		CustomerInterfaceIp:   pulumi.String("string"),
		CustomerInterfaceIpv6: pulumi.String("string"),
		OracleBgpAsn:          pulumi.String("string"),
		OracleInterfaceIp:     pulumi.String("string"),
		OracleInterfaceIpv6:   pulumi.String("string"),
	},
	OracleCanInitiate: pulumi.String("string"),
	PhaseOneDetails: &core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs{
		CustomAuthenticationAlgorithm:     pulumi.String("string"),
		CustomDhGroup:                     pulumi.String("string"),
		CustomEncryptionAlgorithm:         pulumi.String("string"),
		IsCustomPhaseOneConfig:            pulumi.Bool(false),
		IsIkeEstablished:                  pulumi.Bool(false),
		Lifetime:                          pulumi.Int(0),
		NegotiatedAuthenticationAlgorithm: pulumi.String("string"),
		NegotiatedDhGroup:                 pulumi.String("string"),
		NegotiatedEncryptionAlgorithm:     pulumi.String("string"),
		RemainingLifetimeInt:              pulumi.Int(0),
		RemainingLifetimeLastRetrieved:    pulumi.String("string"),
	},
	PhaseTwoDetails: &core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs{
		CustomAuthenticationAlgorithm:     pulumi.String("string"),
		CustomEncryptionAlgorithm:         pulumi.String("string"),
		DhGroup:                           pulumi.String("string"),
		IsCustomPhaseTwoConfig:            pulumi.Bool(false),
		IsEspEstablished:                  pulumi.Bool(false),
		IsPfsEnabled:                      pulumi.Bool(false),
		Lifetime:                          pulumi.Int(0),
		NegotiatedAuthenticationAlgorithm: pulumi.String("string"),
		NegotiatedDhGroup:                 pulumi.String("string"),
		NegotiatedEncryptionAlgorithm:     pulumi.String("string"),
		RemainingLifetimeInt:              pulumi.Int(0),
		RemainingLifetimeLastRetrieved:    pulumi.String("string"),
	},
	Routing:      pulumi.String("string"),
	SharedSecret: pulumi.String("string"),
	DisplayName:  pulumi.String("string"),
})
Copy
var ipsecConnectionTunnelManagementResource = new IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", IpsecConnectionTunnelManagementArgs.builder()
    .ipsecId("string")
    .tunnelId("string")
    .natTranslationEnabled("string")
    .encryptionDomainConfig(IpsecConnectionTunnelManagementEncryptionDomainConfigArgs.builder()
        .cpeTrafficSelectors("string")
        .oracleTrafficSelectors("string")
        .build())
    .ikeVersion("string")
    .dpdConfigs(IpsecConnectionTunnelManagementDpdConfigArgs.builder()
        .dpdMode("string")
        .dpdTimeoutInSec(0)
        .build())
    .bgpSessionInfo(IpsecConnectionTunnelManagementBgpSessionInfoArgs.builder()
        .bgpIpv6State("string")
        .bgpState("string")
        .customerBgpAsn("string")
        .customerInterfaceIp("string")
        .customerInterfaceIpv6("string")
        .oracleBgpAsn("string")
        .oracleInterfaceIp("string")
        .oracleInterfaceIpv6("string")
        .build())
    .oracleCanInitiate("string")
    .phaseOneDetails(IpsecConnectionTunnelManagementPhaseOneDetailsArgs.builder()
        .customAuthenticationAlgorithm("string")
        .customDhGroup("string")
        .customEncryptionAlgorithm("string")
        .isCustomPhaseOneConfig(false)
        .isIkeEstablished(false)
        .lifetime(0)
        .negotiatedAuthenticationAlgorithm("string")
        .negotiatedDhGroup("string")
        .negotiatedEncryptionAlgorithm("string")
        .remainingLifetimeInt(0)
        .remainingLifetimeLastRetrieved("string")
        .build())
    .phaseTwoDetails(IpsecConnectionTunnelManagementPhaseTwoDetailsArgs.builder()
        .customAuthenticationAlgorithm("string")
        .customEncryptionAlgorithm("string")
        .dhGroup("string")
        .isCustomPhaseTwoConfig(false)
        .isEspEstablished(false)
        .isPfsEnabled(false)
        .lifetime(0)
        .negotiatedAuthenticationAlgorithm("string")
        .negotiatedDhGroup("string")
        .negotiatedEncryptionAlgorithm("string")
        .remainingLifetimeInt(0)
        .remainingLifetimeLastRetrieved("string")
        .build())
    .routing("string")
    .sharedSecret("string")
    .displayName("string")
    .build());
Copy
ipsec_connection_tunnel_management_resource = oci.core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource",
    ipsec_id="string",
    tunnel_id="string",
    nat_translation_enabled="string",
    encryption_domain_config={
        "cpe_traffic_selectors": ["string"],
        "oracle_traffic_selectors": ["string"],
    },
    ike_version="string",
    dpd_configs=[{
        "dpd_mode": "string",
        "dpd_timeout_in_sec": 0,
    }],
    bgp_session_info={
        "bgp_ipv6_state": "string",
        "bgp_state": "string",
        "customer_bgp_asn": "string",
        "customer_interface_ip": "string",
        "customer_interface_ipv6": "string",
        "oracle_bgp_asn": "string",
        "oracle_interface_ip": "string",
        "oracle_interface_ipv6": "string",
    },
    oracle_can_initiate="string",
    phase_one_details={
        "custom_authentication_algorithm": "string",
        "custom_dh_group": "string",
        "custom_encryption_algorithm": "string",
        "is_custom_phase_one_config": False,
        "is_ike_established": False,
        "lifetime": 0,
        "negotiated_authentication_algorithm": "string",
        "negotiated_dh_group": "string",
        "negotiated_encryption_algorithm": "string",
        "remaining_lifetime_int": 0,
        "remaining_lifetime_last_retrieved": "string",
    },
    phase_two_details={
        "custom_authentication_algorithm": "string",
        "custom_encryption_algorithm": "string",
        "dh_group": "string",
        "is_custom_phase_two_config": False,
        "is_esp_established": False,
        "is_pfs_enabled": False,
        "lifetime": 0,
        "negotiated_authentication_algorithm": "string",
        "negotiated_dh_group": "string",
        "negotiated_encryption_algorithm": "string",
        "remaining_lifetime_int": 0,
        "remaining_lifetime_last_retrieved": "string",
    },
    routing="string",
    shared_secret="string",
    display_name="string")
Copy
const ipsecConnectionTunnelManagementResource = new oci.core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", {
    ipsecId: "string",
    tunnelId: "string",
    natTranslationEnabled: "string",
    encryptionDomainConfig: {
        cpeTrafficSelectors: ["string"],
        oracleTrafficSelectors: ["string"],
    },
    ikeVersion: "string",
    dpdConfigs: [{
        dpdMode: "string",
        dpdTimeoutInSec: 0,
    }],
    bgpSessionInfo: {
        bgpIpv6State: "string",
        bgpState: "string",
        customerBgpAsn: "string",
        customerInterfaceIp: "string",
        customerInterfaceIpv6: "string",
        oracleBgpAsn: "string",
        oracleInterfaceIp: "string",
        oracleInterfaceIpv6: "string",
    },
    oracleCanInitiate: "string",
    phaseOneDetails: {
        customAuthenticationAlgorithm: "string",
        customDhGroup: "string",
        customEncryptionAlgorithm: "string",
        isCustomPhaseOneConfig: false,
        isIkeEstablished: false,
        lifetime: 0,
        negotiatedAuthenticationAlgorithm: "string",
        negotiatedDhGroup: "string",
        negotiatedEncryptionAlgorithm: "string",
        remainingLifetimeInt: 0,
        remainingLifetimeLastRetrieved: "string",
    },
    phaseTwoDetails: {
        customAuthenticationAlgorithm: "string",
        customEncryptionAlgorithm: "string",
        dhGroup: "string",
        isCustomPhaseTwoConfig: false,
        isEspEstablished: false,
        isPfsEnabled: false,
        lifetime: 0,
        negotiatedAuthenticationAlgorithm: "string",
        negotiatedDhGroup: "string",
        negotiatedEncryptionAlgorithm: "string",
        remainingLifetimeInt: 0,
        remainingLifetimeLastRetrieved: "string",
    },
    routing: "string",
    sharedSecret: "string",
    displayName: "string",
});
Copy
type: oci:Core:IpsecConnectionTunnelManagement
properties:
    bgpSessionInfo:
        bgpIpv6State: string
        bgpState: string
        customerBgpAsn: string
        customerInterfaceIp: string
        customerInterfaceIpv6: string
        oracleBgpAsn: string
        oracleInterfaceIp: string
        oracleInterfaceIpv6: string
    displayName: string
    dpdConfigs:
        - dpdMode: string
          dpdTimeoutInSec: 0
    encryptionDomainConfig:
        cpeTrafficSelectors:
            - string
        oracleTrafficSelectors:
            - string
    ikeVersion: string
    ipsecId: string
    natTranslationEnabled: string
    oracleCanInitiate: string
    phaseOneDetails:
        customAuthenticationAlgorithm: string
        customDhGroup: string
        customEncryptionAlgorithm: string
        isCustomPhaseOneConfig: false
        isIkeEstablished: false
        lifetime: 0
        negotiatedAuthenticationAlgorithm: string
        negotiatedDhGroup: string
        negotiatedEncryptionAlgorithm: string
        remainingLifetimeInt: 0
        remainingLifetimeLastRetrieved: string
    phaseTwoDetails:
        customAuthenticationAlgorithm: string
        customEncryptionAlgorithm: string
        dhGroup: string
        isCustomPhaseTwoConfig: false
        isEspEstablished: false
        isPfsEnabled: false
        lifetime: 0
        negotiatedAuthenticationAlgorithm: string
        negotiatedDhGroup: string
        negotiatedEncryptionAlgorithm: string
        remainingLifetimeInt: 0
        remainingLifetimeLastRetrieved: string
    routing: string
    sharedSecret: string
    tunnelId: string
Copy

IpsecConnectionTunnelManagement Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IpsecConnectionTunnelManagement resource accepts the following input properties:

IpsecId This property is required. string
The OCID of the IPSec connection.
TunnelId This property is required. string
The OCID of the IPSec connection's tunnel.
BgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfo

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

DisplayName string
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
DpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
IkeVersion string
Internet Key Exchange protocol version.
NatTranslationEnabled string

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

OracleCanInitiate string
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
PhaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetails

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

PhaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetails

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

Routing string
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
SharedSecret string
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
IpsecId This property is required. string
The OCID of the IPSec connection.
TunnelId This property is required. string
The OCID of the IPSec connection's tunnel.
BgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfoArgs

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

DisplayName string
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
DpdConfigs []IpsecConnectionTunnelManagementDpdConfigArgs
EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
IkeVersion string
Internet Key Exchange protocol version.
NatTranslationEnabled string

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

OracleCanInitiate string
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
PhaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetailsArgs

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

PhaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetailsArgs

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

Routing string
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
SharedSecret string
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
ipsecId This property is required. String
The OCID of the IPSec connection.
tunnelId This property is required. String
The OCID of the IPSec connection's tunnel.
bgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfo

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

displayName String
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ikeVersion String
Internet Key Exchange protocol version.
natTranslationEnabled String

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracleCanInitiate String
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetails

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetails

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing String
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
sharedSecret String
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
ipsecId This property is required. string
The OCID of the IPSec connection.
tunnelId This property is required. string
The OCID of the IPSec connection's tunnel.
bgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfo

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

displayName string
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs IpsecConnectionTunnelManagementDpdConfig[]
encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ikeVersion string
Internet Key Exchange protocol version.
natTranslationEnabled string

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracleCanInitiate string
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetails

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetails

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing string
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
sharedSecret string
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
ipsec_id This property is required. str
The OCID of the IPSec connection.
tunnel_id This property is required. str
The OCID of the IPSec connection's tunnel.
bgp_session_info core.IpsecConnectionTunnelManagementBgpSessionInfoArgs

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

display_name str
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpd_configs Sequence[core.IpsecConnectionTunnelManagementDpdConfigArgs]
encryption_domain_config core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ike_version str
Internet Key Exchange protocol version.
nat_translation_enabled str

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracle_can_initiate str
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phase_one_details core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phase_two_details core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing str
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
shared_secret str
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
ipsecId This property is required. String
The OCID of the IPSec connection.
tunnelId This property is required. String
The OCID of the IPSec connection's tunnel.
bgpSessionInfo Property Map

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

displayName String
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs List<Property Map>
encryptionDomainConfig Property Map
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ikeVersion String
Internet Key Exchange protocol version.
natTranslationEnabled String

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracleCanInitiate String
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phaseOneDetails Property Map

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phaseTwoDetails Property Map

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing String
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
sharedSecret String
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o

Outputs

All input properties are implicitly available as output properties. Additionally, the IpsecConnectionTunnelManagement resource produces the following output properties:

AssociatedVirtualCircuits List<string>
The list of virtual circuit OCIDs over which your network can reach this tunnel.
CompartmentId string
The OCID of the compartment containing the tunnel.
CpeIp string
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
DpdMode string
Dead peer detection (DPD) mode set on the Oracle side of the connection.
DpdTimeoutInSec int
DPD timeout in seconds.
Id string
The provider-assigned unique ID for this managed resource.
State string
The IPSec connection's tunnel's lifecycle state.
Status string
The tunnel's current state.
TimeCreated string
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeStatusUpdated string
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
VpnIp string
The IP address of Oracle's VPN headend. Example: 129.146.17.50
AssociatedVirtualCircuits []string
The list of virtual circuit OCIDs over which your network can reach this tunnel.
CompartmentId string
The OCID of the compartment containing the tunnel.
CpeIp string
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
DpdMode string
Dead peer detection (DPD) mode set on the Oracle side of the connection.
DpdTimeoutInSec int
DPD timeout in seconds.
Id string
The provider-assigned unique ID for this managed resource.
State string
The IPSec connection's tunnel's lifecycle state.
Status string
The tunnel's current state.
TimeCreated string
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeStatusUpdated string
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
VpnIp string
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associatedVirtualCircuits List<String>
The list of virtual circuit OCIDs over which your network can reach this tunnel.
compartmentId String
The OCID of the compartment containing the tunnel.
cpeIp String
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
dpdMode String
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpdTimeoutInSec Integer
DPD timeout in seconds.
id String
The provider-assigned unique ID for this managed resource.
state String
The IPSec connection's tunnel's lifecycle state.
status String
The tunnel's current state.
timeCreated String
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated String
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
vpnIp String
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associatedVirtualCircuits string[]
The list of virtual circuit OCIDs over which your network can reach this tunnel.
compartmentId string
The OCID of the compartment containing the tunnel.
cpeIp string
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
dpdMode string
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpdTimeoutInSec number
DPD timeout in seconds.
id string
The provider-assigned unique ID for this managed resource.
state string
The IPSec connection's tunnel's lifecycle state.
status string
The tunnel's current state.
timeCreated string
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated string
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
vpnIp string
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associated_virtual_circuits Sequence[str]
The list of virtual circuit OCIDs over which your network can reach this tunnel.
compartment_id str
The OCID of the compartment containing the tunnel.
cpe_ip str
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
dpd_mode str
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpd_timeout_in_sec int
DPD timeout in seconds.
id str
The provider-assigned unique ID for this managed resource.
state str
The IPSec connection's tunnel's lifecycle state.
status str
The tunnel's current state.
time_created str
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
time_status_updated str
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
vpn_ip str
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associatedVirtualCircuits List<String>
The list of virtual circuit OCIDs over which your network can reach this tunnel.
compartmentId String
The OCID of the compartment containing the tunnel.
cpeIp String
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
dpdMode String
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpdTimeoutInSec Number
DPD timeout in seconds.
id String
The provider-assigned unique ID for this managed resource.
state String
The IPSec connection's tunnel's lifecycle state.
status String
The tunnel's current state.
timeCreated String
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated String
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
vpnIp String
The IP address of Oracle's VPN headend. Example: 129.146.17.50

Look up Existing IpsecConnectionTunnelManagement Resource

Get an existing IpsecConnectionTunnelManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IpsecConnectionTunnelManagementState, opts?: CustomResourceOptions): IpsecConnectionTunnelManagement
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        associated_virtual_circuits: Optional[Sequence[str]] = None,
        bgp_session_info: Optional[_core.IpsecConnectionTunnelManagementBgpSessionInfoArgs] = None,
        compartment_id: Optional[str] = None,
        cpe_ip: Optional[str] = None,
        display_name: Optional[str] = None,
        dpd_configs: Optional[Sequence[_core.IpsecConnectionTunnelManagementDpdConfigArgs]] = None,
        dpd_mode: Optional[str] = None,
        dpd_timeout_in_sec: Optional[int] = None,
        encryption_domain_config: Optional[_core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs] = None,
        ike_version: Optional[str] = None,
        ipsec_id: Optional[str] = None,
        nat_translation_enabled: Optional[str] = None,
        oracle_can_initiate: Optional[str] = None,
        phase_one_details: Optional[_core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs] = None,
        phase_two_details: Optional[_core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs] = None,
        routing: Optional[str] = None,
        shared_secret: Optional[str] = None,
        state: Optional[str] = None,
        status: Optional[str] = None,
        time_created: Optional[str] = None,
        time_status_updated: Optional[str] = None,
        tunnel_id: Optional[str] = None,
        vpn_ip: Optional[str] = None) -> IpsecConnectionTunnelManagement
func GetIpsecConnectionTunnelManagement(ctx *Context, name string, id IDInput, state *IpsecConnectionTunnelManagementState, opts ...ResourceOption) (*IpsecConnectionTunnelManagement, error)
public static IpsecConnectionTunnelManagement Get(string name, Input<string> id, IpsecConnectionTunnelManagementState? state, CustomResourceOptions? opts = null)
public static IpsecConnectionTunnelManagement get(String name, Output<String> id, IpsecConnectionTunnelManagementState state, CustomResourceOptions options)
resources:  _:    type: oci:Core:IpsecConnectionTunnelManagement    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AssociatedVirtualCircuits List<string>
The list of virtual circuit OCIDs over which your network can reach this tunnel.
BgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfo

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

CompartmentId string
The OCID of the compartment containing the tunnel.
CpeIp string
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
DisplayName string
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
DpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
DpdMode string
Dead peer detection (DPD) mode set on the Oracle side of the connection.
DpdTimeoutInSec int
DPD timeout in seconds.
EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
IkeVersion string
Internet Key Exchange protocol version.
IpsecId string
The OCID of the IPSec connection.
NatTranslationEnabled string

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

OracleCanInitiate string
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
PhaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetails

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

PhaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetails

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

Routing string
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
SharedSecret string
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
State string
The IPSec connection's tunnel's lifecycle state.
Status string
The tunnel's current state.
TimeCreated string
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeStatusUpdated string
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TunnelId string
The OCID of the IPSec connection's tunnel.
VpnIp string
The IP address of Oracle's VPN headend. Example: 129.146.17.50
AssociatedVirtualCircuits []string
The list of virtual circuit OCIDs over which your network can reach this tunnel.
BgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfoArgs

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

CompartmentId string
The OCID of the compartment containing the tunnel.
CpeIp string
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
DisplayName string
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
DpdConfigs []IpsecConnectionTunnelManagementDpdConfigArgs
DpdMode string
Dead peer detection (DPD) mode set on the Oracle side of the connection.
DpdTimeoutInSec int
DPD timeout in seconds.
EncryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
IkeVersion string
Internet Key Exchange protocol version.
IpsecId string
The OCID of the IPSec connection.
NatTranslationEnabled string

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

OracleCanInitiate string
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
PhaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetailsArgs

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

PhaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetailsArgs

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

Routing string
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
SharedSecret string
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
State string
The IPSec connection's tunnel's lifecycle state.
Status string
The tunnel's current state.
TimeCreated string
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TimeStatusUpdated string
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
TunnelId string
The OCID of the IPSec connection's tunnel.
VpnIp string
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associatedVirtualCircuits List<String>
The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfo

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

compartmentId String
The OCID of the compartment containing the tunnel.
cpeIp String
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
displayName String
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs List<IpsecConnectionTunnelManagementDpdConfig>
dpdMode String
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpdTimeoutInSec Integer
DPD timeout in seconds.
encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ikeVersion String
Internet Key Exchange protocol version.
ipsecId String
The OCID of the IPSec connection.
natTranslationEnabled String

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracleCanInitiate String
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetails

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetails

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing String
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
sharedSecret String
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
state String
The IPSec connection's tunnel's lifecycle state.
status String
The tunnel's current state.
timeCreated String
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated String
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnelId String
The OCID of the IPSec connection's tunnel.
vpnIp String
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associatedVirtualCircuits string[]
The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgpSessionInfo IpsecConnectionTunnelManagementBgpSessionInfo

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

compartmentId string
The OCID of the compartment containing the tunnel.
cpeIp string
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
displayName string
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs IpsecConnectionTunnelManagementDpdConfig[]
dpdMode string
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpdTimeoutInSec number
DPD timeout in seconds.
encryptionDomainConfig IpsecConnectionTunnelManagementEncryptionDomainConfig
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ikeVersion string
Internet Key Exchange protocol version.
ipsecId string
The OCID of the IPSec connection.
natTranslationEnabled string

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracleCanInitiate string
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phaseOneDetails IpsecConnectionTunnelManagementPhaseOneDetails

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phaseTwoDetails IpsecConnectionTunnelManagementPhaseTwoDetails

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing string
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
sharedSecret string
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
state string
The IPSec connection's tunnel's lifecycle state.
status string
The tunnel's current state.
timeCreated string
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated string
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnelId string
The OCID of the IPSec connection's tunnel.
vpnIp string
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associated_virtual_circuits Sequence[str]
The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgp_session_info core.IpsecConnectionTunnelManagementBgpSessionInfoArgs

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

compartment_id str
The OCID of the compartment containing the tunnel.
cpe_ip str
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
display_name str
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpd_configs Sequence[core.IpsecConnectionTunnelManagementDpdConfigArgs]
dpd_mode str
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpd_timeout_in_sec int
DPD timeout in seconds.
encryption_domain_config core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ike_version str
Internet Key Exchange protocol version.
ipsec_id str
The OCID of the IPSec connection.
nat_translation_enabled str

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracle_can_initiate str
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phase_one_details core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phase_two_details core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing str
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
shared_secret str
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
state str
The IPSec connection's tunnel's lifecycle state.
status str
The tunnel's current state.
time_created str
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
time_status_updated str
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnel_id str
The OCID of the IPSec connection's tunnel.
vpn_ip str
The IP address of Oracle's VPN headend. Example: 129.146.17.50
associatedVirtualCircuits List<String>
The list of virtual circuit OCIDs over which your network can reach this tunnel.
bgpSessionInfo Property Map

Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.

If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.

compartmentId String
The OCID of the compartment containing the tunnel.
cpeIp String
The IP address of the CPE device's VPN headend. Example: 203.0.113.22
displayName String
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
dpdConfigs List<Property Map>
dpdMode String
Dead peer detection (DPD) mode set on the Oracle side of the connection.
dpdTimeoutInSec Number
DPD timeout in seconds.
encryptionDomainConfig Property Map
Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
ikeVersion String
Internet Key Exchange protocol version.
ipsecId String
The OCID of the IPSec connection.
natTranslationEnabled String

By default (the AUTO setting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.

The ENABLED option sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.

The DISABLED option directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.

oracleCanInitiate String
Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER).
phaseOneDetails Property Map

Configuration details for IKE phase one (ISAKMP) configuration parameters.

See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.

phaseTwoDetails Property Map

Configuration details for IPSec phase two configuration parameters.

See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.

routing String
The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
sharedSecret String
The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example: EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
state String
The IPSec connection's tunnel's lifecycle state.
status String
The tunnel's current state.
timeCreated String
The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
timeStatusUpdated String
When the status of the tunnel last changed, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
tunnelId String
The OCID of the IPSec connection's tunnel.
vpnIp String
The IP address of Oracle's VPN headend. Example: 129.146.17.50

Supporting Types

IpsecConnectionTunnelManagementBgpSessionInfo
, IpsecConnectionTunnelManagementBgpSessionInfoArgs

BgpIpv6State string
The state of the BGP IPv6 session.
BgpIpv6state string

Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

BgpState string
The state of the BGP session.
CustomerBgpAsn string

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

Example: 12345 (2-byte) or 1587232876 (4-byte)

CustomerInterfaceIp string

The IP address for the CPE end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.5/31

CustomerInterfaceIpv6 string

The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

OracleBgpAsn string
The Oracle BGP ASN.
OracleInterfaceIp string

The IP address for the Oracle end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.4/31

OracleInterfaceIpv6 string

The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

BgpIpv6State string
The state of the BGP IPv6 session.
BgpIpv6state string

Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

BgpState string
The state of the BGP session.
CustomerBgpAsn string

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

Example: 12345 (2-byte) or 1587232876 (4-byte)

CustomerInterfaceIp string

The IP address for the CPE end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.5/31

CustomerInterfaceIpv6 string

The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

OracleBgpAsn string
The Oracle BGP ASN.
OracleInterfaceIp string

The IP address for the Oracle end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.4/31

OracleInterfaceIpv6 string

The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

bgpIpv6State String
The state of the BGP IPv6 session.
bgpIpv6state String

Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

bgpState String
The state of the BGP session.
customerBgpAsn String

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

Example: 12345 (2-byte) or 1587232876 (4-byte)

customerInterfaceIp String

The IP address for the CPE end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.5/31

customerInterfaceIpv6 String

The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

oracleBgpAsn String
The Oracle BGP ASN.
oracleInterfaceIp String

The IP address for the Oracle end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.4/31

oracleInterfaceIpv6 String

The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

bgpIpv6State string
The state of the BGP IPv6 session.
bgpIpv6state string

Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

bgpState string
The state of the BGP session.
customerBgpAsn string

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

Example: 12345 (2-byte) or 1587232876 (4-byte)

customerInterfaceIp string

The IP address for the CPE end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.5/31

customerInterfaceIpv6 string

The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

oracleBgpAsn string
The Oracle BGP ASN.
oracleInterfaceIp string

The IP address for the Oracle end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.4/31

oracleInterfaceIpv6 string

The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

bgp_ipv6_state str
The state of the BGP IPv6 session.
bgp_ipv6state str

Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

bgp_state str
The state of the BGP session.
customer_bgp_asn str

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

Example: 12345 (2-byte) or 1587232876 (4-byte)

customer_interface_ip str

The IP address for the CPE end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.5/31

customer_interface_ipv6 str

The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

oracle_bgp_asn str
The Oracle BGP ASN.
oracle_interface_ip str

The IP address for the Oracle end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.4/31

oracle_interface_ipv6 str

The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

bgpIpv6State String
The state of the BGP IPv6 session.
bgpIpv6state String

Deprecated: The 'bgp_session_info.0.bgp_ipv6state' field has been deprecated. Please use 'bgp_session_info.0.bgp_ipv6_state' instead.

bgpState String
The state of the BGP session.
customerBgpAsn String

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.

If the tunnel's routing attribute is set to STATIC, the customerBgpAsn must be null.

Example: 12345 (2-byte) or 1587232876 (4-byte)

customerInterfaceIp String

The IP address for the CPE end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.5/31

customerInterfaceIpv6 String

The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

oracleBgpAsn String
The Oracle BGP ASN.
oracleInterfaceIp String

The IP address for the Oracle end of the inside tunnel interface.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.

If routing is instead set to STATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.

The value must be a /30 or /31.

Example: 10.0.0.4/31

oracleInterfaceIpv6 String

The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.

If the tunnel's routing attribute is set to BGP (see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.

If routing is instead set to STATIC, you can set this IP address to troubleshoot or monitor the tunnel.

Only subnet masks from /64 up to /127 are allowed.

Example: 2001:db8::1/64

IpsecConnectionTunnelManagementDpdConfig
, IpsecConnectionTunnelManagementDpdConfigArgs

DpdMode string
This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
DpdTimeoutInSec int
DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
DpdMode string
This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
DpdTimeoutInSec int
DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
dpdMode String
This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
dpdTimeoutInSec Integer
DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
dpdMode string
This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
dpdTimeoutInSec number
DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
dpd_mode str
This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
dpd_timeout_in_sec int
DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
dpdMode String
This option defines whether DPD can be initiated from the Oracle side of the connection. INITIATE_AND_RESPOND or RESPOND_ONLY
dpdTimeoutInSec Number
DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.

IpsecConnectionTunnelManagementEncryptionDomainConfig
, IpsecConnectionTunnelManagementEncryptionDomainConfigArgs

CpeTrafficSelectors List<string>
Lists IPv4 or IPv6-enabled subnets in your on-premises network.
OracleTrafficSelectors List<string>
Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
CpeTrafficSelectors []string
Lists IPv4 or IPv6-enabled subnets in your on-premises network.
OracleTrafficSelectors []string
Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
cpeTrafficSelectors List<String>
Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracleTrafficSelectors List<String>
Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
cpeTrafficSelectors string[]
Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracleTrafficSelectors string[]
Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
cpe_traffic_selectors Sequence[str]
Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracle_traffic_selectors Sequence[str]
Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
cpeTrafficSelectors List<String>
Lists IPv4 or IPv6-enabled subnets in your on-premises network.
oracleTrafficSelectors List<String>
Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.

IpsecConnectionTunnelManagementPhaseOneDetails
, IpsecConnectionTunnelManagementPhaseOneDetailsArgs

CustomAuthenticationAlgorithm string
The custom authentication algorithm proposed during phase one tunnel negotiation.
CustomDhGroup string
The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
CustomEncryptionAlgorithm string
The custom encryption algorithm proposed during phase one tunnel negotiation.
IsCustomPhaseOneConfig bool
Indicates whether custom configuration is enabled for phase one options.
IsIkeEstablished bool
Indicates whether IKE phase one is established.
Lifetime int
Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
NegotiatedAuthenticationAlgorithm string
The negotiated phase two authentication algorithm.
NegotiatedDhGroup string
The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string
The negotiated encryption algorithm.
RemainingLifetime string

Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

RemainingLifetimeInt int
The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
CustomAuthenticationAlgorithm string
The custom authentication algorithm proposed during phase one tunnel negotiation.
CustomDhGroup string
The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
CustomEncryptionAlgorithm string
The custom encryption algorithm proposed during phase one tunnel negotiation.
IsCustomPhaseOneConfig bool
Indicates whether custom configuration is enabled for phase one options.
IsIkeEstablished bool
Indicates whether IKE phase one is established.
Lifetime int
Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
NegotiatedAuthenticationAlgorithm string
The negotiated phase two authentication algorithm.
NegotiatedDhGroup string
The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string
The negotiated encryption algorithm.
RemainingLifetime string

Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

RemainingLifetimeInt int
The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
customAuthenticationAlgorithm String
The custom authentication algorithm proposed during phase one tunnel negotiation.
customDhGroup String
The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
customEncryptionAlgorithm String
The custom encryption algorithm proposed during phase one tunnel negotiation.
isCustomPhaseOneConfig Boolean
Indicates whether custom configuration is enabled for phase one options.
isIkeEstablished Boolean
Indicates whether IKE phase one is established.
lifetime Integer
Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
negotiatedAuthenticationAlgorithm String
The negotiated phase two authentication algorithm.
negotiatedDhGroup String
The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String
The negotiated encryption algorithm.
remainingLifetime String

Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

remainingLifetimeInt Integer
The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
customAuthenticationAlgorithm string
The custom authentication algorithm proposed during phase one tunnel negotiation.
customDhGroup string
The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
customEncryptionAlgorithm string
The custom encryption algorithm proposed during phase one tunnel negotiation.
isCustomPhaseOneConfig boolean
Indicates whether custom configuration is enabled for phase one options.
isIkeEstablished boolean
Indicates whether IKE phase one is established.
lifetime number
Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
negotiatedAuthenticationAlgorithm string
The negotiated phase two authentication algorithm.
negotiatedDhGroup string
The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm string
The negotiated encryption algorithm.
remainingLifetime string

Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

remainingLifetimeInt number
The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved string
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
custom_authentication_algorithm str
The custom authentication algorithm proposed during phase one tunnel negotiation.
custom_dh_group str
The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
custom_encryption_algorithm str
The custom encryption algorithm proposed during phase one tunnel negotiation.
is_custom_phase_one_config bool
Indicates whether custom configuration is enabled for phase one options.
is_ike_established bool
Indicates whether IKE phase one is established.
lifetime int
Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
negotiated_authentication_algorithm str
The negotiated phase two authentication algorithm.
negotiated_dh_group str
The negotiated Diffie-Hellman group.
negotiated_encryption_algorithm str
The negotiated encryption algorithm.
remaining_lifetime str

Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

remaining_lifetime_int int
The remaining lifetime before the key is refreshed.
remaining_lifetime_last_retrieved str
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
customAuthenticationAlgorithm String
The custom authentication algorithm proposed during phase one tunnel negotiation.
customDhGroup String
The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
customEncryptionAlgorithm String
The custom encryption algorithm proposed during phase one tunnel negotiation.
isCustomPhaseOneConfig Boolean
Indicates whether custom configuration is enabled for phase one options.
isIkeEstablished Boolean
Indicates whether IKE phase one is established.
lifetime Number
Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
negotiatedAuthenticationAlgorithm String
The negotiated phase two authentication algorithm.
negotiatedDhGroup String
The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String
The negotiated encryption algorithm.
remainingLifetime String

Deprecated: The 'phase_one_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_one_details.0.remaining_lifetime_int' instead.

remainingLifetimeInt Number
The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

IpsecConnectionTunnelManagementPhaseTwoDetails
, IpsecConnectionTunnelManagementPhaseTwoDetailsArgs

CustomAuthenticationAlgorithm string
The authentication algorithm proposed during phase two tunnel negotiation.
CustomEncryptionAlgorithm string
The encryption algorithm proposed during phase two tunnel negotiation.
DhGroup string
The Diffie-Hellman group used for PFS, if PFS is enabled.
IsCustomPhaseTwoConfig bool
Indicates whether custom configuration is enabled for phase two options.
IsEspEstablished bool
Indicates that ESP phase two is established.
IsPfsEnabled bool
Indicates whether perfect forward secrecy (PFS) is enabled.
Lifetime int
Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
NegotiatedAuthenticationAlgorithm string
The negotiated phase two authentication algorithm.
NegotiatedDhGroup string
The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string
The negotiated encryption algorithm.
RemainingLifetime string

Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

RemainingLifetimeInt int
The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
CustomAuthenticationAlgorithm string
The authentication algorithm proposed during phase two tunnel negotiation.
CustomEncryptionAlgorithm string
The encryption algorithm proposed during phase two tunnel negotiation.
DhGroup string
The Diffie-Hellman group used for PFS, if PFS is enabled.
IsCustomPhaseTwoConfig bool
Indicates whether custom configuration is enabled for phase two options.
IsEspEstablished bool
Indicates that ESP phase two is established.
IsPfsEnabled bool
Indicates whether perfect forward secrecy (PFS) is enabled.
Lifetime int
Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
NegotiatedAuthenticationAlgorithm string
The negotiated phase two authentication algorithm.
NegotiatedDhGroup string
The negotiated Diffie-Hellman group.
NegotiatedEncryptionAlgorithm string
The negotiated encryption algorithm.
RemainingLifetime string

Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

RemainingLifetimeInt int
The remaining lifetime before the key is refreshed.
RemainingLifetimeLastRetrieved string
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
customAuthenticationAlgorithm String
The authentication algorithm proposed during phase two tunnel negotiation.
customEncryptionAlgorithm String
The encryption algorithm proposed during phase two tunnel negotiation.
dhGroup String
The Diffie-Hellman group used for PFS, if PFS is enabled.
isCustomPhaseTwoConfig Boolean
Indicates whether custom configuration is enabled for phase two options.
isEspEstablished Boolean
Indicates that ESP phase two is established.
isPfsEnabled Boolean
Indicates whether perfect forward secrecy (PFS) is enabled.
lifetime Integer
Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
negotiatedAuthenticationAlgorithm String
The negotiated phase two authentication algorithm.
negotiatedDhGroup String
The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String
The negotiated encryption algorithm.
remainingLifetime String

Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

remainingLifetimeInt Integer
The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
customAuthenticationAlgorithm string
The authentication algorithm proposed during phase two tunnel negotiation.
customEncryptionAlgorithm string
The encryption algorithm proposed during phase two tunnel negotiation.
dhGroup string
The Diffie-Hellman group used for PFS, if PFS is enabled.
isCustomPhaseTwoConfig boolean
Indicates whether custom configuration is enabled for phase two options.
isEspEstablished boolean
Indicates that ESP phase two is established.
isPfsEnabled boolean
Indicates whether perfect forward secrecy (PFS) is enabled.
lifetime number
Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
negotiatedAuthenticationAlgorithm string
The negotiated phase two authentication algorithm.
negotiatedDhGroup string
The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm string
The negotiated encryption algorithm.
remainingLifetime string

Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

remainingLifetimeInt number
The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved string
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
custom_authentication_algorithm str
The authentication algorithm proposed during phase two tunnel negotiation.
custom_encryption_algorithm str
The encryption algorithm proposed during phase two tunnel negotiation.
dh_group str
The Diffie-Hellman group used for PFS, if PFS is enabled.
is_custom_phase_two_config bool
Indicates whether custom configuration is enabled for phase two options.
is_esp_established bool
Indicates that ESP phase two is established.
is_pfs_enabled bool
Indicates whether perfect forward secrecy (PFS) is enabled.
lifetime int
Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
negotiated_authentication_algorithm str
The negotiated phase two authentication algorithm.
negotiated_dh_group str
The negotiated Diffie-Hellman group.
negotiated_encryption_algorithm str
The negotiated encryption algorithm.
remaining_lifetime str

Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

remaining_lifetime_int int
The remaining lifetime before the key is refreshed.
remaining_lifetime_last_retrieved str
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
customAuthenticationAlgorithm String
The authentication algorithm proposed during phase two tunnel negotiation.
customEncryptionAlgorithm String
The encryption algorithm proposed during phase two tunnel negotiation.
dhGroup String
The Diffie-Hellman group used for PFS, if PFS is enabled.
isCustomPhaseTwoConfig Boolean
Indicates whether custom configuration is enabled for phase two options.
isEspEstablished Boolean
Indicates that ESP phase two is established.
isPfsEnabled Boolean
Indicates whether perfect forward secrecy (PFS) is enabled.
lifetime Number
Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
negotiatedAuthenticationAlgorithm String
The negotiated phase two authentication algorithm.
negotiatedDhGroup String
The negotiated Diffie-Hellman group.
negotiatedEncryptionAlgorithm String
The negotiated encryption algorithm.
remainingLifetime String

Deprecated: The 'phase_two_details.0.remaining_lifetime' field has been deprecated. Please use 'phase_two_details.0.remaining_lifetime_int' instead.

remainingLifetimeInt Number
The remaining lifetime before the key is refreshed.
remainingLifetimeLastRetrieved String
The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

Package Details

Repository
oci pulumi/pulumi-oci
License
Apache-2.0
Notes
This Pulumi package is based on the oci Terraform Provider.