ModifyVpnConnectionAttribute
Description
call ModifyVpnConnectionAttribute interface to modify the configuration information of IPsec connection.
Request Method
POST
Request Path
/apsara/route/Vpc/ModifyVpnConnectionAttribute
Request Parameters Common Parameters
| Name | Location | Type | Required | Sample value | Description |
|---|---|---|---|---|---|
| LocalSubnet | BODY | string | No | 10.1.1.0/24,10.1.2.0/24 | The network segment on the VPC side that needs to be interconnected with the local IDC is used for second-stage negotiation. multiple network segments are separated by commas (,), for example: 192.168.1.0/24,192.168.2.0/24. |
| AutoConfigRoute | BODY | boolean | No | true | whether to automatically publish routes, value: true: automatically publish. false(default): not automatically published. |
| version | BODY | string | No | 2016-01-01 | version of api |
| Name | BODY | string | No | IPsec | the name of the IPsec connection. is 2 to 128 characters in length, must start with a letter or Chinese, and can contain numbers, half-width periods (.), underscores (_), and dashes (-). But you cannot use http:// or https:// start. |
| EffectImmediately | BODY | boolean | No | false | Whether to delete the IPsec tunnel that has been negotiated successfully and re-initiate negotiation. Value: true: negotiate immediately after the configuration is completed. false(default): negotiate when traffic enters. |
| RemoteSubnet | BODY | string | No | 10.10.1.0/24,10.10.2.0/24 | the network segment of the local IDC, used for the second phase of negotiation. multiple network segments are separated by commas (,), for example: 192.168.3.0/24,192.168.4.0/24. |
| regionId | BODY | string | Yes | No sample value for this parameter. | region id |
| IpsecConfig | BODY | string | No | {"IpsecEncAlg":"aes","IpsecAuthAlg":"sha1","IpsecPfs":"group2","IpsecLifetime":86400} | configuration information for second phase negotiation: IpsecConfig.IpsecEncAlg: The encryption algorithm negotiated in the second stage, the value is:aes, aes192, aes256, des or 3des, default value:aes. IpsecConfig. IpsecAuthAlg: The authentication algorithm negotiated in the second stage, the value is:md5 or sha1, default value:sha1. IpsecConfig. IpsecPfs: forward messages of all protocols. The Diffie-Hellman key exchange algorithm used in the first phase of negotiation, with the value:group1, group2, group5, group14 or group24, default value:group2. IpsecConfig. IpsecLifetime: The life cycle of SA negotiated in the second stage. The value range is 0~86400, the unit is seconds. The default value is 86400. |
| RegionId | BODY | string | Yes | cn-qingdao-env66-d01 | the region ID of the IPsec connection. you can obtain the region by calling DescribeRegions interface ID. |
| VpnConnectionId | BODY | string | Yes | vco-bp1bbi27hojx80nck**** | ID of IPsec connection. |
| HealthCheckConfig | BODY | string | No | {"enable":"true","dip":"192.168.xx. 2","sip":"192.168.xx. 2","interval":"3","retry":"3"} | health check configuration information: HealthCheckConfig.enable: whether to turn on health check, value:true or false(default). HealthCheckConfig.dip: the destination IP address of the health check. HealthCheckConfig.sip: the source IP address of the health check. HealthCheckConfig.interval: the retry interval of health check, in seconds. HealthCheckConfig.retry: the number of retries for health check. |
| ClientToken | BODY | string | No | 02fb3da4-130e-11e9-8e44-0016e04115b | is used to ensure the idempotence of the request. The parameter value is generated by the client. It must be unique between different requests, and the maximum value does not exceed 64 ASCII characters. |
| IkeConfig | BODY | string | No | {"IkeVersion":"ikev1","IkeMode":"main","IkeEncAlg":"aes","IkeAuthAlg":"sha1","IkePfs":"group2","IkeLifetime":86400} | configuration information for the first phase negotiation: IkeConfig.Psk: used for authentication between IPsec VPN gateway and user gateway. It is generated randomly by default, or you can specify the key manually. The length is limited to 100 characters. IkeConfig.IkeVersion: The version of the IKE protocol. Value:ikev1 or ikev2, default value:ikev1. IkeConfig.IkeMode:IKE V1 version of the negotiation mode. Value:main(main mode) or aggressive(savage mode), default value:main. IkeConfig.IkeEncAlg: The encryption algorithm negotiated in the first stage, the value:aes, aes192, aes256, des or 3des, default value:aes. IkeConfig.IkeAuthAlg: the authentication algorithm negotiated in the first stage, the value is:md5 or sha1, default value:sha. /span>/p> p data-tag = "p" class = "p"> span data-tag = "text" class = "text">IkeConfig.IkePfs: the Diffie-Hellman key exchange algorithm used in the first phase of negotiation, with the value:group1, group2, group5, group14 or group24, default value:group2. IkeConfig.IkeLifetime: The life cycle of SA negotiated in the first stage. The value range is 0~86400, the unit is seconds. The default value is 86400. IkeConfig.LocalIdIPsec: the identifier of the VPN gateway, the length is limited to 100 characters, and the default value is the public IP address of the VPN gateway. IkeConfig.RemoteId: the identification of the user gateway, the length is limited to 100 characters, and the default value is the public IP address of the user gateway. |
Return data
| Name | Type | Sample value | Description |
|---|---|---|---|
| RequestID | string | 1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC | Request id |
Example
Successful Response example
{
"RequestID":"1E3D5A1E0-67CA-43DA-24BC-EAF2D5A1E4DC"
}
Failed Response example
{
"errorSample":
{
"resultCode":-1,
"resultMsg":"system error",
"result":null
}
}