Virtual Network Gateways - Set Vpnclient Ipsec Parameters
The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters?api-version=2023-09-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
resource
|
path | True |
string |
The name of the resource group. |
subscription
|
path | True |
string |
The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
virtual
|
path | True |
string |
The name of the virtual network gateway. |
api-version
|
query | True |
string |
Client API version. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
dhGroup | True |
The DH Group used in IKE Phase 1 for initial SA. |
|
ikeEncryption | True |
The IKE encryption algorithm (IKE phase 2). |
|
ikeIntegrity | True |
The IKE integrity algorithm (IKE phase 2). |
|
ipsecEncryption | True |
The IPSec encryption algorithm (IKE phase 1). |
|
ipsecIntegrity | True |
The IPSec integrity algorithm (IKE phase 1). |
|
pfsGroup | True |
The Pfs Group used in IKE Phase 2 for new child SA. |
|
saDataSizeKilobytes | True |
integer |
The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.. |
saLifeTimeSeconds | True |
integer |
The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Request successful. The operation sets the specified vpnclient ipsec parameters for P2S client of the virtual network gateway. |
|
202 Accepted |
Accepted and the operation will complete asynchronously. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Set VirtualNetworkGateway VpnClientIpsecParameters
Sample Request
POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/setvpnclientipsecparameters?api-version=2023-09-01
{
"saLifeTimeSeconds": 86473,
"saDataSizeKilobytes": 429497,
"ipsecEncryption": "AES256",
"ipsecIntegrity": "SHA256",
"ikeEncryption": "AES256",
"ikeIntegrity": "SHA384",
"dhGroup": "DHGroup2",
"pfsGroup": "PFS2"
}
Sample Response
Azure-AsyncOperation: https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/locations/eastus/operations/00000000-0000-0000-0000-000000000000?api-version=2023-09-01
{
"saLifeTimeSeconds": 86473,
"saDataSizeKilobytes": 429497,
"ipsecEncryption": "AES256",
"ipsecIntegrity": "SHA256",
"ikeEncryption": "AES256",
"ikeIntegrity": "SHA384",
"dhGroup": "DHGroup2",
"pfsGroup": "PFS2"
}
Definitions
Name | Description |
---|---|
Cloud |
An error response from the service. |
Cloud |
An error response from the service. |
Dh |
The DH Groups used in IKE Phase 1 for initial SA. |
Ike |
The IKE encryption algorithm (IKE phase 2). |
Ike |
The IKE integrity algorithm (IKE phase 2). |
Ipsec |
The IPSec encryption algorithm (IKE phase 1). |
Ipsec |
The IPSec integrity algorithm (IKE phase 1). |
Pfs |
The Pfs Groups used in IKE Phase 2 for new child SA. |
Vpn |
An IPSec parameters for a virtual network gateway P2S connection. |
CloudError
An error response from the service.
Name | Type | Description |
---|---|---|
error |
Cloud error body. |
CloudErrorBody
An error response from the service.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
details |
A list of additional details about the error. |
|
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
target |
string |
The target of the particular error. For example, the name of the property in error. |
DhGroup
The DH Groups used in IKE Phase 1 for initial SA.
Name | Type | Description |
---|---|---|
DHGroup1 |
string |
|
DHGroup14 |
string |
|
DHGroup2 |
string |
|
DHGroup2048 |
string |
|
DHGroup24 |
string |
|
ECP256 |
string |
|
ECP384 |
string |
|
None |
string |
IkeEncryption
The IKE encryption algorithm (IKE phase 2).
Name | Type | Description |
---|---|---|
AES128 |
string |
|
AES192 |
string |
|
AES256 |
string |
|
DES |
string |
|
DES3 |
string |
|
GCMAES128 |
string |
|
GCMAES256 |
string |
IkeIntegrity
The IKE integrity algorithm (IKE phase 2).
Name | Type | Description |
---|---|---|
GCMAES128 |
string |
|
GCMAES256 |
string |
|
MD5 |
string |
|
SHA1 |
string |
|
SHA256 |
string |
|
SHA384 |
string |
IpsecEncryption
The IPSec encryption algorithm (IKE phase 1).
Name | Type | Description |
---|---|---|
AES128 |
string |
|
AES192 |
string |
|
AES256 |
string |
|
DES |
string |
|
DES3 |
string |
|
GCMAES128 |
string |
|
GCMAES192 |
string |
|
GCMAES256 |
string |
|
None |
string |
IpsecIntegrity
The IPSec integrity algorithm (IKE phase 1).
Name | Type | Description |
---|---|---|
GCMAES128 |
string |
|
GCMAES192 |
string |
|
GCMAES256 |
string |
|
MD5 |
string |
|
SHA1 |
string |
|
SHA256 |
string |
PfsGroup
The Pfs Groups used in IKE Phase 2 for new child SA.
Name | Type | Description |
---|---|---|
ECP256 |
string |
|
ECP384 |
string |
|
None |
string |
|
PFS1 |
string |
|
PFS14 |
string |
|
PFS2 |
string |
|
PFS2048 |
string |
|
PFS24 |
string |
|
PFSMM |
string |
VpnClientIPsecParameters
An IPSec parameters for a virtual network gateway P2S connection.
Name | Type | Description |
---|---|---|
dhGroup |
The DH Group used in IKE Phase 1 for initial SA. |
|
ikeEncryption |
The IKE encryption algorithm (IKE phase 2). |
|
ikeIntegrity |
The IKE integrity algorithm (IKE phase 2). |
|
ipsecEncryption |
The IPSec encryption algorithm (IKE phase 1). |
|
ipsecIntegrity |
The IPSec integrity algorithm (IKE phase 1). |
|
pfsGroup |
The Pfs Group used in IKE Phase 2 for new child SA. |
|
saDataSizeKilobytes |
integer |
The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.. |
saLifeTimeSeconds |
integer |
The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client. |