Docs Home
Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi
alicloud.vpn.GatewayVpnAttachment
Explore with Pulumi AI
Provides a VPN Gateway Vpn Attachment resource.
VpnAttachment has been upgraded to dual-tunnel mode. When you create a VpnAttachment in dual tunnel mode, you can configure the following request parameters in addition to the required parameters: vpn_attachment_name, network_type, effectImmediately, tags array, resource_group_id, tunnel_options_specification array, and enable_tunnels_bgp.
For information about VPN Gateway Vpn Attachment and how to use it, see What is Vpn Attachment.
NOTE: Available since v1.181.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "tf-example";
const _default = new alicloud.vpn.CustomerGateway("default", {
customerGatewayName: name,
ipAddress: "42.104.22.210",
asn: "45014",
description: name,
});
const defaultGatewayVpnAttachment = new alicloud.vpn.GatewayVpnAttachment("default", {
customerGatewayId: _default.id,
networkType: "public",
localSubnet: "0.0.0.0/0",
remoteSubnet: "0.0.0.0/0",
effectImmediately: false,
ikeConfig: {
ikeAuthAlg: "md5",
ikeEncAlg: "des",
ikeVersion: "ikev2",
ikeMode: "main",
ikeLifetime: 86400,
psk: "tf-testvpn2",
ikePfs: "group1",
remoteId: "testbob2",
localId: "testalice2",
},
ipsecConfig: {
ipsecPfs: "group5",
ipsecEncAlg: "des",
ipsecAuthAlg: "md5",
ipsecLifetime: 86400,
},
bgpConfig: {
enable: true,
localAsn: 45014,
tunnelCidr: "169.254.11.0/30",
localBgpIp: "169.254.11.1",
},
healthCheckConfig: {
enable: true,
sip: "192.168.1.1",
dip: "10.0.0.1",
interval: 10,
retry: 10,
policy: "revoke_route",
},
enableDpd: true,
enableNatTraversal: true,
vpnAttachmentName: name,
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "tf-example"
default = alicloud.vpn.CustomerGateway("default",
customer_gateway_name=name,
ip_address="42.104.22.210",
asn="45014",
description=name)
default_gateway_vpn_attachment = alicloud.vpn.GatewayVpnAttachment("default",
customer_gateway_id=default.id,
network_type="public",
local_subnet="0.0.0.0/0",
remote_subnet="0.0.0.0/0",
effect_immediately=False,
ike_config={
"ike_auth_alg": "md5",
"ike_enc_alg": "des",
"ike_version": "ikev2",
"ike_mode": "main",
"ike_lifetime": 86400,
"psk": "tf-testvpn2",
"ike_pfs": "group1",
"remote_id": "testbob2",
"local_id": "testalice2",
},
ipsec_config={
"ipsec_pfs": "group5",
"ipsec_enc_alg": "des",
"ipsec_auth_alg": "md5",
"ipsec_lifetime": 86400,
},
bgp_config={
"enable": True,
"local_asn": 45014,
"tunnel_cidr": "169.254.11.0/30",
"local_bgp_ip": "169.254.11.1",
},
health_check_config={
"enable": True,
"sip": "192.168.1.1",
"dip": "10.0.0.1",
"interval": 10,
"retry": 10,
"policy": "revoke_route",
},
enable_dpd=True,
enable_nat_traversal=True,
vpn_attachment_name=name)
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "tf-example"
if param := cfg.Get("name"); param != "" {
name = param
}
_default, err := vpn.NewCustomerGateway(ctx, "default", &vpn.CustomerGatewayArgs{
CustomerGatewayName: pulumi.String(name),
IpAddress: pulumi.String("42.104.22.210"),
Asn: pulumi.String("45014"),
Description: pulumi.String(name),
})
if err != nil {
return err
}
_, err = vpn.NewGatewayVpnAttachment(ctx, "default", &vpn.GatewayVpnAttachmentArgs{
CustomerGatewayId: _default.ID(),
NetworkType: pulumi.String("public"),
LocalSubnet: pulumi.String("0.0.0.0/0"),
RemoteSubnet: pulumi.String("0.0.0.0/0"),
EffectImmediately: pulumi.Bool(false),
IkeConfig: &vpn.GatewayVpnAttachmentIkeConfigArgs{
IkeAuthAlg: pulumi.String("md5"),
IkeEncAlg: pulumi.String("des"),
IkeVersion: pulumi.String("ikev2"),
IkeMode: pulumi.String("main"),
IkeLifetime: pulumi.Int(86400),
Psk: pulumi.String("tf-testvpn2"),
IkePfs: pulumi.String("group1"),
RemoteId: pulumi.String("testbob2"),
LocalId: pulumi.String("testalice2"),
},
IpsecConfig: &vpn.GatewayVpnAttachmentIpsecConfigArgs{
IpsecPfs: pulumi.String("group5"),
IpsecEncAlg: pulumi.String("des"),
IpsecAuthAlg: pulumi.String("md5"),
IpsecLifetime: pulumi.Int(86400),
},
BgpConfig: &vpn.GatewayVpnAttachmentBgpConfigArgs{
Enable: pulumi.Bool(true),
LocalAsn: pulumi.Int(45014),
TunnelCidr: pulumi.String("169.254.11.0/30"),
LocalBgpIp: pulumi.String("169.254.11.1"),
},
HealthCheckConfig: &vpn.GatewayVpnAttachmentHealthCheckConfigArgs{
Enable: pulumi.Bool(true),
Sip: pulumi.String("192.168.1.1"),
Dip: pulumi.String("10.0.0.1"),
Interval: pulumi.Int(10),
Retry: pulumi.Int(10),
Policy: pulumi.String("revoke_route"),
},
EnableDpd: pulumi.Bool(true),
EnableNatTraversal: pulumi.Bool(true),
VpnAttachmentName: pulumi.String(name),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "tf-example";
var @default = new AliCloud.Vpn.CustomerGateway("default", new()
{
CustomerGatewayName = name,
IpAddress = "42.104.22.210",
Asn = "45014",
Description = name,
});
var defaultGatewayVpnAttachment = new AliCloud.Vpn.GatewayVpnAttachment("default", new()
{
CustomerGatewayId = @default.Id,
NetworkType = "public",
LocalSubnet = "0.0.0.0/0",
RemoteSubnet = "0.0.0.0/0",
EffectImmediately = false,
IkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIkeConfigArgs
{
IkeAuthAlg = "md5",
IkeEncAlg = "des",
IkeVersion = "ikev2",
IkeMode = "main",
IkeLifetime = 86400,
Psk = "tf-testvpn2",
IkePfs = "group1",
RemoteId = "testbob2",
LocalId = "testalice2",
},
IpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIpsecConfigArgs
{
IpsecPfs = "group5",
IpsecEncAlg = "des",
IpsecAuthAlg = "md5",
IpsecLifetime = 86400,
},
BgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentBgpConfigArgs
{
Enable = true,
LocalAsn = 45014,
TunnelCidr = "169.254.11.0/30",
LocalBgpIp = "169.254.11.1",
},
HealthCheckConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentHealthCheckConfigArgs
{
Enable = true,
Sip = "192.168.1.1",
Dip = "10.0.0.1",
Interval = 10,
Retry = 10,
Policy = "revoke_route",
},
EnableDpd = true,
EnableNatTraversal = true,
VpnAttachmentName = name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.GatewayVpnAttachment;
import com.pulumi.alicloud.vpn.GatewayVpnAttachmentArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIkeConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentIpsecConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentBgpConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentHealthCheckConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tf-example");
var default_ = new CustomerGateway("default", CustomerGatewayArgs.builder()
.customerGatewayName(name)
.ipAddress("42.104.22.210")
.asn("45014")
.description(name)
.build());
var defaultGatewayVpnAttachment = new GatewayVpnAttachment("defaultGatewayVpnAttachment", GatewayVpnAttachmentArgs.builder()
.customerGatewayId(default_.id())
.networkType("public")
.localSubnet("0.0.0.0/0")
.remoteSubnet("0.0.0.0/0")
.effectImmediately(false)
.ikeConfig(GatewayVpnAttachmentIkeConfigArgs.builder()
.ikeAuthAlg("md5")
.ikeEncAlg("des")
.ikeVersion("ikev2")
.ikeMode("main")
.ikeLifetime(86400)
.psk("tf-testvpn2")
.ikePfs("group1")
.remoteId("testbob2")
.localId("testalice2")
.build())
.ipsecConfig(GatewayVpnAttachmentIpsecConfigArgs.builder()
.ipsecPfs("group5")
.ipsecEncAlg("des")
.ipsecAuthAlg("md5")
.ipsecLifetime(86400)
.build())
.bgpConfig(GatewayVpnAttachmentBgpConfigArgs.builder()
.enable(true)
.localAsn(45014)
.tunnelCidr("169.254.11.0/30")
.localBgpIp("169.254.11.1")
.build())
.healthCheckConfig(GatewayVpnAttachmentHealthCheckConfigArgs.builder()
.enable(true)
.sip("192.168.1.1")
.dip("10.0.0.1")
.interval(10)
.retry(10)
.policy("revoke_route")
.build())
.enableDpd(true)
.enableNatTraversal(true)
.vpnAttachmentName(name)
.build());
}
}
configuration:
name:
type: string
default: tf-example
resources:
default:
type: alicloud:vpn:CustomerGateway
properties:
customerGatewayName: ${name}
ipAddress: 42.104.22.210
asn: '45014'
description: ${name}
defaultGatewayVpnAttachment:
type: alicloud:vpn:GatewayVpnAttachment
name: default
properties:
customerGatewayId: ${default.id}
networkType: public
localSubnet: 0.0.0.0/0
remoteSubnet: 0.0.0.0/0
effectImmediately: false
ikeConfig:
ikeAuthAlg: md5
ikeEncAlg: des
ikeVersion: ikev2
ikeMode: main
ikeLifetime: 86400
psk: tf-testvpn2
ikePfs: group1
remoteId: testbob2
localId: testalice2
ipsecConfig:
ipsecPfs: group5
ipsecEncAlg: des
ipsecAuthAlg: md5
ipsecLifetime: 86400
bgpConfig:
enable: true
localAsn: 45014
tunnelCidr: 169.254.11.0/30
localBgpIp: 169.254.11.1
healthCheckConfig:
enable: true
sip: 192.168.1.1
dip: 10.0.0.1
interval: 10
retry: 10
policy: revoke_route
enableDpd: true
enableNatTraversal: true
vpnAttachmentName: ${name}
Dual Tunnel Mode Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const name = config.get("name") || "tf_example";
const _default = alicloud.resourcemanager.getResourceGroups({});
const cgw1 = new alicloud.vpn.CustomerGateway("cgw1", {
ipAddress: "2.2.2.2",
asn: "1219001",
});
const cgw2 = new alicloud.vpn.CustomerGateway("cgw2", {
ipAddress: "43.43.3.22",
asn: "44331",
customerGatewayName: "example_amp",
});
const defaultGatewayVpnAttachment = new alicloud.vpn.GatewayVpnAttachment("default", {
localSubnet: "0.0.0.0/0",
enableTunnelsBgp: true,
vpnAttachmentName: "tfaccvpngateway25800",
tunnelOptionsSpecifications: [
{
tunnelIpsecConfig: {
ipsecLifetime: 86200,
ipsecPfs: "group5",
ipsecAuthAlg: "md5",
ipsecEncAlg: "aes",
},
customerGatewayId: cgw1.id,
enableDpd: true,
enableNatTraversal: true,
tunnelIndex: 1,
tunnelBgpConfig: {
localAsn: 1219001,
localBgpIp: "169.254.10.1",
tunnelCidr: "169.254.10.0/30",
},
tunnelIkeConfig: {
ikeMode: "main",
ikeVersion: "ikev1",
psk: "12345678",
remoteId: "2.2.2.2",
ikeAuthAlg: "md5",
ikeEncAlg: "aes",
ikeLifetime: 86100,
ikePfs: "group2",
localId: "1.1.1.1",
},
},
{
tunnelIpsecConfig: {
ipsecEncAlg: "aes",
ipsecLifetime: 86400,
ipsecPfs: "group5",
ipsecAuthAlg: "sha256",
},
customerGatewayId: cgw1.id,
enableDpd: true,
enableNatTraversal: true,
tunnelIndex: 2,
tunnelBgpConfig: {
localAsn: 1219001,
localBgpIp: "169.254.20.1",
tunnelCidr: "169.254.20.0/30",
},
tunnelIkeConfig: {
localId: "4.4.4.4",
remoteId: "5.5.5.5",
ikeLifetime: 86400,
ikeMode: "main",
ikePfs: "group5",
ikeVersion: "ikev2",
ikeAuthAlg: "md5",
ikeEncAlg: "aes",
psk: "32333442",
},
},
],
remoteSubnet: "0.0.0.0/0",
networkType: "public",
resourceGroupId: _default.then(_default => _default.ids?.[0]),
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "tf_example"
default = alicloud.resourcemanager.get_resource_groups()
cgw1 = alicloud.vpn.CustomerGateway("cgw1",
ip_address="2.2.2.2",
asn="1219001")
cgw2 = alicloud.vpn.CustomerGateway("cgw2",
ip_address="43.43.3.22",
asn="44331",
customer_gateway_name="example_amp")
default_gateway_vpn_attachment = alicloud.vpn.GatewayVpnAttachment("default",
local_subnet="0.0.0.0/0",
enable_tunnels_bgp=True,
vpn_attachment_name="tfaccvpngateway25800",
tunnel_options_specifications=[
{
"tunnel_ipsec_config": {
"ipsec_lifetime": 86200,
"ipsec_pfs": "group5",
"ipsec_auth_alg": "md5",
"ipsec_enc_alg": "aes",
},
"customer_gateway_id": cgw1.id,
"enable_dpd": True,
"enable_nat_traversal": True,
"tunnel_index": 1,
"tunnel_bgp_config": {
"local_asn": 1219001,
"local_bgp_ip": "169.254.10.1",
"tunnel_cidr": "169.254.10.0/30",
},
"tunnel_ike_config": {
"ike_mode": "main",
"ike_version": "ikev1",
"psk": "12345678",
"remote_id": "2.2.2.2",
"ike_auth_alg": "md5",
"ike_enc_alg": "aes",
"ike_lifetime": 86100,
"ike_pfs": "group2",
"local_id": "1.1.1.1",
},
},
{
"tunnel_ipsec_config": {
"ipsec_enc_alg": "aes",
"ipsec_lifetime": 86400,
"ipsec_pfs": "group5",
"ipsec_auth_alg": "sha256",
},
"customer_gateway_id": cgw1.id,
"enable_dpd": True,
"enable_nat_traversal": True,
"tunnel_index": 2,
"tunnel_bgp_config": {
"local_asn": 1219001,
"local_bgp_ip": "169.254.20.1",
"tunnel_cidr": "169.254.20.0/30",
},
"tunnel_ike_config": {
"local_id": "4.4.4.4",
"remote_id": "5.5.5.5",
"ike_lifetime": 86400,
"ike_mode": "main",
"ike_pfs": "group5",
"ike_version": "ikev2",
"ike_auth_alg": "md5",
"ike_enc_alg": "aes",
"psk": "32333442",
},
},
],
remote_subnet="0.0.0.0/0",
network_type="public",
resource_group_id=default.ids[0])
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/resourcemanager"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpn"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "tf_example"
if param := cfg.Get("name"); param != "" {
name = param
}
_default, err := resourcemanager.GetResourceGroups(ctx, &resourcemanager.GetResourceGroupsArgs{}, nil)
if err != nil {
return err
}
cgw1, err := vpn.NewCustomerGateway(ctx, "cgw1", &vpn.CustomerGatewayArgs{
IpAddress: pulumi.String("2.2.2.2"),
Asn: pulumi.String("1219001"),
})
if err != nil {
return err
}
_, err = vpn.NewCustomerGateway(ctx, "cgw2", &vpn.CustomerGatewayArgs{
IpAddress: pulumi.String("43.43.3.22"),
Asn: pulumi.String("44331"),
CustomerGatewayName: pulumi.String("example_amp"),
})
if err != nil {
return err
}
_, err = vpn.NewGatewayVpnAttachment(ctx, "default", &vpn.GatewayVpnAttachmentArgs{
LocalSubnet: pulumi.String("0.0.0.0/0"),
EnableTunnelsBgp: pulumi.Bool(true),
VpnAttachmentName: pulumi.String("tfaccvpngateway25800"),
TunnelOptionsSpecifications: vpn.GatewayVpnAttachmentTunnelOptionsSpecificationArray{
&vpn.GatewayVpnAttachmentTunnelOptionsSpecificationArgs{
TunnelIpsecConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs{
IpsecLifetime: pulumi.Int(86200),
IpsecPfs: pulumi.String("group5"),
IpsecAuthAlg: pulumi.String("md5"),
IpsecEncAlg: pulumi.String("aes"),
},
CustomerGatewayId: cgw1.ID(),
EnableDpd: pulumi.Bool(true),
EnableNatTraversal: pulumi.Bool(true),
TunnelIndex: pulumi.Int(1),
TunnelBgpConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs{
LocalAsn: pulumi.Int(1219001),
LocalBgpIp: pulumi.String("169.254.10.1"),
TunnelCidr: pulumi.String("169.254.10.0/30"),
},
TunnelIkeConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs{
IkeMode: pulumi.String("main"),
IkeVersion: pulumi.String("ikev1"),
Psk: pulumi.String("12345678"),
RemoteId: pulumi.String("2.2.2.2"),
IkeAuthAlg: pulumi.String("md5"),
IkeEncAlg: pulumi.String("aes"),
IkeLifetime: pulumi.Int(86100),
IkePfs: pulumi.String("group2"),
LocalId: pulumi.String("1.1.1.1"),
},
},
&vpn.GatewayVpnAttachmentTunnelOptionsSpecificationArgs{
TunnelIpsecConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs{
IpsecEncAlg: pulumi.String("aes"),
IpsecLifetime: pulumi.Int(86400),
IpsecPfs: pulumi.String("group5"),
IpsecAuthAlg: pulumi.String("sha256"),
},
CustomerGatewayId: cgw1.ID(),
EnableDpd: pulumi.Bool(true),
EnableNatTraversal: pulumi.Bool(true),
TunnelIndex: pulumi.Int(2),
TunnelBgpConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs{
LocalAsn: pulumi.Int(1219001),
LocalBgpIp: pulumi.String("169.254.20.1"),
TunnelCidr: pulumi.String("169.254.20.0/30"),
},
TunnelIkeConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs{
LocalId: pulumi.String("4.4.4.4"),
RemoteId: pulumi.String("5.5.5.5"),
IkeLifetime: pulumi.Int(86400),
IkeMode: pulumi.String("main"),
IkePfs: pulumi.String("group5"),
IkeVersion: pulumi.String("ikev2"),
IkeAuthAlg: pulumi.String("md5"),
IkeEncAlg: pulumi.String("aes"),
Psk: pulumi.String("32333442"),
},
},
},
RemoteSubnet: pulumi.String("0.0.0.0/0"),
NetworkType: pulumi.String("public"),
ResourceGroupId: pulumi.String(_default.Ids[0]),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "tf_example";
var @default = AliCloud.ResourceManager.GetResourceGroups.Invoke();
var cgw1 = new AliCloud.Vpn.CustomerGateway("cgw1", new()
{
IpAddress = "2.2.2.2",
Asn = "1219001",
});
var cgw2 = new AliCloud.Vpn.CustomerGateway("cgw2", new()
{
IpAddress = "43.43.3.22",
Asn = "44331",
CustomerGatewayName = "example_amp",
});
var defaultGatewayVpnAttachment = new AliCloud.Vpn.GatewayVpnAttachment("default", new()
{
LocalSubnet = "0.0.0.0/0",
EnableTunnelsBgp = true,
VpnAttachmentName = "tfaccvpngateway25800",
TunnelOptionsSpecifications = new[]
{
new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationArgs
{
TunnelIpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs
{
IpsecLifetime = 86200,
IpsecPfs = "group5",
IpsecAuthAlg = "md5",
IpsecEncAlg = "aes",
},
CustomerGatewayId = cgw1.Id,
EnableDpd = true,
EnableNatTraversal = true,
TunnelIndex = 1,
TunnelBgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs
{
LocalAsn = 1219001,
LocalBgpIp = "169.254.10.1",
TunnelCidr = "169.254.10.0/30",
},
TunnelIkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs
{
IkeMode = "main",
IkeVersion = "ikev1",
Psk = "12345678",
RemoteId = "2.2.2.2",
IkeAuthAlg = "md5",
IkeEncAlg = "aes",
IkeLifetime = 86100,
IkePfs = "group2",
LocalId = "1.1.1.1",
},
},
new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationArgs
{
TunnelIpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs
{
IpsecEncAlg = "aes",
IpsecLifetime = 86400,
IpsecPfs = "group5",
IpsecAuthAlg = "sha256",
},
CustomerGatewayId = cgw1.Id,
EnableDpd = true,
EnableNatTraversal = true,
TunnelIndex = 2,
TunnelBgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs
{
LocalAsn = 1219001,
LocalBgpIp = "169.254.20.1",
TunnelCidr = "169.254.20.0/30",
},
TunnelIkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs
{
LocalId = "4.4.4.4",
RemoteId = "5.5.5.5",
IkeLifetime = 86400,
IkeMode = "main",
IkePfs = "group5",
IkeVersion = "ikev2",
IkeAuthAlg = "md5",
IkeEncAlg = "aes",
Psk = "32333442",
},
},
},
RemoteSubnet = "0.0.0.0/0",
NetworkType = "public",
ResourceGroupId = @default.Apply(@default => @default.Apply(getResourceGroupsResult => getResourceGroupsResult.Ids[0])),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.resourcemanager.ResourcemanagerFunctions;
import com.pulumi.alicloud.resourcemanager.inputs.GetResourceGroupsArgs;
import com.pulumi.alicloud.vpn.CustomerGateway;
import com.pulumi.alicloud.vpn.CustomerGatewayArgs;
import com.pulumi.alicloud.vpn.GatewayVpnAttachment;
import com.pulumi.alicloud.vpn.GatewayVpnAttachmentArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentTunnelOptionsSpecificationArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs;
import com.pulumi.alicloud.vpn.inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tf_example");
final var default = ResourcemanagerFunctions.getResourceGroups();
var cgw1 = new CustomerGateway("cgw1", CustomerGatewayArgs.builder()
.ipAddress("2.2.2.2")
.asn("1219001")
.build());
var cgw2 = new CustomerGateway("cgw2", CustomerGatewayArgs.builder()
.ipAddress("43.43.3.22")
.asn("44331")
.customerGatewayName("example_amp")
.build());
var defaultGatewayVpnAttachment = new GatewayVpnAttachment("defaultGatewayVpnAttachment", GatewayVpnAttachmentArgs.builder()
.localSubnet("0.0.0.0/0")
.enableTunnelsBgp("true")
.vpnAttachmentName("tfaccvpngateway25800")
.tunnelOptionsSpecifications(
GatewayVpnAttachmentTunnelOptionsSpecificationArgs.builder()
.tunnelIpsecConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
.ipsecLifetime("86200")
.ipsecPfs("group5")
.ipsecAuthAlg("md5")
.ipsecEncAlg("aes")
.build())
.customerGatewayId(cgw1.id())
.enableDpd("true")
.enableNatTraversal("true")
.tunnelIndex("1")
.tunnelBgpConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
.localAsn("1219001")
.localBgpIp("169.254.10.1")
.tunnelCidr("169.254.10.0/30")
.build())
.tunnelIkeConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
.ikeMode("main")
.ikeVersion("ikev1")
.psk("12345678")
.remoteId("2.2.2.2")
.ikeAuthAlg("md5")
.ikeEncAlg("aes")
.ikeLifetime("86100")
.ikePfs("group2")
.localId("1.1.1.1")
.build())
.build(),
GatewayVpnAttachmentTunnelOptionsSpecificationArgs.builder()
.tunnelIpsecConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
.ipsecEncAlg("aes")
.ipsecLifetime("86400")
.ipsecPfs("group5")
.ipsecAuthAlg("sha256")
.build())
.customerGatewayId(cgw1.id())
.enableDpd("true")
.enableNatTraversal("true")
.tunnelIndex("2")
.tunnelBgpConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
.localAsn("1219001")
.localBgpIp("169.254.20.1")
.tunnelCidr("169.254.20.0/30")
.build())
.tunnelIkeConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
.localId("4.4.4.4")
.remoteId("5.5.5.5")
.ikeLifetime("86400")
.ikeMode("main")
.ikePfs("group5")
.ikeVersion("ikev2")
.ikeAuthAlg("md5")
.ikeEncAlg("aes")
.psk("32333442")
.build())
.build())
.remoteSubnet("0.0.0.0/0")
.networkType("public")
.resourceGroupId(default_.ids()[0])
.build());
}
}
configuration:
name:
type: string
default: tf_example
resources:
cgw1:
type: alicloud:vpn:CustomerGateway
properties:
ipAddress: 2.2.2.2
asn: '1219001'
cgw2:
type: alicloud:vpn:CustomerGateway
properties:
ipAddress: 43.43.3.22
asn: '44331'
customerGatewayName: example_amp
defaultGatewayVpnAttachment:
type: alicloud:vpn:GatewayVpnAttachment
name: default
properties:
localSubnet: 0.0.0.0/0
enableTunnelsBgp: 'true'
vpnAttachmentName: tfaccvpngateway25800
tunnelOptionsSpecifications:
- tunnelIpsecConfig:
ipsecLifetime: '86200'
ipsecPfs: group5
ipsecAuthAlg: md5
ipsecEncAlg: aes
customerGatewayId: ${cgw1.id}
enableDpd: 'true'
enableNatTraversal: 'true'
tunnelIndex: '1'
tunnelBgpConfig:
localAsn: '1219001'
localBgpIp: 169.254.10.1
tunnelCidr: 169.254.10.0/30
tunnelIkeConfig:
ikeMode: main
ikeVersion: ikev1
psk: '12345678'
remoteId: 2.2.2.2
ikeAuthAlg: md5
ikeEncAlg: aes
ikeLifetime: '86100'
ikePfs: group2
localId: 1.1.1.1
- tunnelIpsecConfig:
ipsecEncAlg: aes
ipsecLifetime: '86400'
ipsecPfs: group5
ipsecAuthAlg: sha256
customerGatewayId: ${cgw1.id}
enableDpd: 'true'
enableNatTraversal: 'true'
tunnelIndex: '2'
tunnelBgpConfig:
localAsn: '1219001'
localBgpIp: 169.254.20.1
tunnelCidr: 169.254.20.0/30
tunnelIkeConfig:
localId: 4.4.4.4
remoteId: 5.5.5.5
ikeLifetime: '86400'
ikeMode: main
ikePfs: group5
ikeVersion: ikev2
ikeAuthAlg: md5
ikeEncAlg: aes
psk: '32333442'
remoteSubnet: 0.0.0.0/0
networkType: public
resourceGroupId: ${default.ids[0]}
variables:
default:
fn::invoke:
function: alicloud:resourcemanager:getResourceGroups
arguments: {}
Create GatewayVpnAttachment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GatewayVpnAttachment(name: string, args: GatewayVpnAttachmentArgs, opts?: CustomResourceOptions);@overload
def GatewayVpnAttachment(resource_name: str,
args: GatewayVpnAttachmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GatewayVpnAttachment(resource_name: str,
opts: Optional[ResourceOptions] = None,
local_subnet: Optional[str] = None,
remote_subnet: Optional[str] = None,
ipsec_config: Optional[GatewayVpnAttachmentIpsecConfigArgs] = None,
effect_immediately: Optional[bool] = None,
enable_nat_traversal: Optional[bool] = None,
enable_tunnels_bgp: Optional[bool] = None,
health_check_config: Optional[GatewayVpnAttachmentHealthCheckConfigArgs] = None,
ike_config: Optional[GatewayVpnAttachmentIkeConfigArgs] = None,
bgp_config: Optional[GatewayVpnAttachmentBgpConfigArgs] = None,
enable_dpd: Optional[bool] = None,
network_type: Optional[str] = None,
customer_gateway_id: Optional[str] = None,
resource_group_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tunnel_options_specifications: Optional[Sequence[GatewayVpnAttachmentTunnelOptionsSpecificationArgs]] = None,
vpn_attachment_name: Optional[str] = None)func NewGatewayVpnAttachment(ctx *Context, name string, args GatewayVpnAttachmentArgs, opts ...ResourceOption) (*GatewayVpnAttachment, error)public GatewayVpnAttachment(string name, GatewayVpnAttachmentArgs args, CustomResourceOptions? opts = null)
public GatewayVpnAttachment(String name, GatewayVpnAttachmentArgs args)
public GatewayVpnAttachment(String name, GatewayVpnAttachmentArgs args, CustomResourceOptions options)
type: alicloud:vpn:GatewayVpnAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GatewayVpnAttachmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gatewayVpnAttachmentResource = new AliCloud.Vpn.GatewayVpnAttachment("gatewayVpnAttachmentResource", new()
{
LocalSubnet = "string",
RemoteSubnet = "string",
IpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIpsecConfigArgs
{
IpsecAuthAlg = "string",
IpsecEncAlg = "string",
IpsecLifetime = 0,
IpsecPfs = "string",
},
EffectImmediately = false,
EnableNatTraversal = false,
EnableTunnelsBgp = false,
HealthCheckConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentHealthCheckConfigArgs
{
Dip = "string",
Enable = false,
Interval = 0,
Policy = "string",
Retry = 0,
Sip = "string",
Status = "string",
},
IkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentIkeConfigArgs
{
IkeAuthAlg = "string",
IkeEncAlg = "string",
IkeLifetime = 0,
IkeMode = "string",
IkePfs = "string",
IkeVersion = "string",
LocalId = "string",
Psk = "string",
RemoteId = "string",
},
BgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentBgpConfigArgs
{
Enable = false,
LocalAsn = 0,
LocalBgpIp = "string",
Status = "string",
TunnelCidr = "string",
},
EnableDpd = false,
NetworkType = "string",
CustomerGatewayId = "string",
ResourceGroupId = "string",
Tags =
{
{ "string", "string" },
},
TunnelOptionsSpecifications = new[]
{
new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationArgs
{
CustomerGatewayId = "string",
TunnelIndex = 0,
Status = "string",
InternetIp = "string",
Role = "string",
State = "string",
EnableNatTraversal = false,
TunnelBgpConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs
{
BgpStatus = "string",
LocalAsn = 0,
LocalBgpIp = "string",
PeerAsn = "string",
PeerBgpIp = "string",
TunnelCidr = "string",
},
TunnelId = "string",
TunnelIkeConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs
{
IkeAuthAlg = "string",
IkeEncAlg = "string",
IkeLifetime = 0,
IkeMode = "string",
IkePfs = "string",
IkeVersion = "string",
LocalId = "string",
Psk = "string",
RemoteId = "string",
},
EnableDpd = false,
TunnelIpsecConfig = new AliCloud.Vpn.Inputs.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs
{
IpsecAuthAlg = "string",
IpsecEncAlg = "string",
IpsecLifetime = 0,
IpsecPfs = "string",
},
ZoneNo = "string",
},
},
VpnAttachmentName = "string",
});
example, err := vpn.NewGatewayVpnAttachment(ctx, "gatewayVpnAttachmentResource", &vpn.GatewayVpnAttachmentArgs{
LocalSubnet: pulumi.String("string"),
RemoteSubnet: pulumi.String("string"),
IpsecConfig: &vpn.GatewayVpnAttachmentIpsecConfigArgs{
IpsecAuthAlg: pulumi.String("string"),
IpsecEncAlg: pulumi.String("string"),
IpsecLifetime: pulumi.Int(0),
IpsecPfs: pulumi.String("string"),
},
EffectImmediately: pulumi.Bool(false),
EnableNatTraversal: pulumi.Bool(false),
EnableTunnelsBgp: pulumi.Bool(false),
HealthCheckConfig: &vpn.GatewayVpnAttachmentHealthCheckConfigArgs{
Dip: pulumi.String("string"),
Enable: pulumi.Bool(false),
Interval: pulumi.Int(0),
Policy: pulumi.String("string"),
Retry: pulumi.Int(0),
Sip: pulumi.String("string"),
Status: pulumi.String("string"),
},
IkeConfig: &vpn.GatewayVpnAttachmentIkeConfigArgs{
IkeAuthAlg: pulumi.String("string"),
IkeEncAlg: pulumi.String("string"),
IkeLifetime: pulumi.Int(0),
IkeMode: pulumi.String("string"),
IkePfs: pulumi.String("string"),
IkeVersion: pulumi.String("string"),
LocalId: pulumi.String("string"),
Psk: pulumi.String("string"),
RemoteId: pulumi.String("string"),
},
BgpConfig: &vpn.GatewayVpnAttachmentBgpConfigArgs{
Enable: pulumi.Bool(false),
LocalAsn: pulumi.Int(0),
LocalBgpIp: pulumi.String("string"),
Status: pulumi.String("string"),
TunnelCidr: pulumi.String("string"),
},
EnableDpd: pulumi.Bool(false),
NetworkType: pulumi.String("string"),
CustomerGatewayId: pulumi.String("string"),
ResourceGroupId: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TunnelOptionsSpecifications: vpn.GatewayVpnAttachmentTunnelOptionsSpecificationArray{
&vpn.GatewayVpnAttachmentTunnelOptionsSpecificationArgs{
CustomerGatewayId: pulumi.String("string"),
TunnelIndex: pulumi.Int(0),
Status: pulumi.String("string"),
InternetIp: pulumi.String("string"),
Role: pulumi.String("string"),
State: pulumi.String("string"),
EnableNatTraversal: pulumi.Bool(false),
TunnelBgpConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs{
BgpStatus: pulumi.String("string"),
LocalAsn: pulumi.Int(0),
LocalBgpIp: pulumi.String("string"),
PeerAsn: pulumi.String("string"),
PeerBgpIp: pulumi.String("string"),
TunnelCidr: pulumi.String("string"),
},
TunnelId: pulumi.String("string"),
TunnelIkeConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs{
IkeAuthAlg: pulumi.String("string"),
IkeEncAlg: pulumi.String("string"),
IkeLifetime: pulumi.Int(0),
IkeMode: pulumi.String("string"),
IkePfs: pulumi.String("string"),
IkeVersion: pulumi.String("string"),
LocalId: pulumi.String("string"),
Psk: pulumi.String("string"),
RemoteId: pulumi.String("string"),
},
EnableDpd: pulumi.Bool(false),
TunnelIpsecConfig: &vpn.GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs{
IpsecAuthAlg: pulumi.String("string"),
IpsecEncAlg: pulumi.String("string"),
IpsecLifetime: pulumi.Int(0),
IpsecPfs: pulumi.String("string"),
},
ZoneNo: pulumi.String("string"),
},
},
VpnAttachmentName: pulumi.String("string"),
})
var gatewayVpnAttachmentResource = new GatewayVpnAttachment("gatewayVpnAttachmentResource", GatewayVpnAttachmentArgs.builder()
.localSubnet("string")
.remoteSubnet("string")
.ipsecConfig(GatewayVpnAttachmentIpsecConfigArgs.builder()
.ipsecAuthAlg("string")
.ipsecEncAlg("string")
.ipsecLifetime(0)
.ipsecPfs("string")
.build())
.effectImmediately(false)
.enableNatTraversal(false)
.enableTunnelsBgp(false)
.healthCheckConfig(GatewayVpnAttachmentHealthCheckConfigArgs.builder()
.dip("string")
.enable(false)
.interval(0)
.policy("string")
.retry(0)
.sip("string")
.status("string")
.build())
.ikeConfig(GatewayVpnAttachmentIkeConfigArgs.builder()
.ikeAuthAlg("string")
.ikeEncAlg("string")
.ikeLifetime(0)
.ikeMode("string")
.ikePfs("string")
.ikeVersion("string")
.localId("string")
.psk("string")
.remoteId("string")
.build())
.bgpConfig(GatewayVpnAttachmentBgpConfigArgs.builder()
.enable(false)
.localAsn(0)
.localBgpIp("string")
.status("string")
.tunnelCidr("string")
.build())
.enableDpd(false)
.networkType("string")
.customerGatewayId("string")
.resourceGroupId("string")
.tags(Map.of("string", "string"))
.tunnelOptionsSpecifications(GatewayVpnAttachmentTunnelOptionsSpecificationArgs.builder()
.customerGatewayId("string")
.tunnelIndex(0)
.status("string")
.internetIp("string")
.role("string")
.state("string")
.enableNatTraversal(false)
.tunnelBgpConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs.builder()
.bgpStatus("string")
.localAsn(0)
.localBgpIp("string")
.peerAsn("string")
.peerBgpIp("string")
.tunnelCidr("string")
.build())
.tunnelId("string")
.tunnelIkeConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs.builder()
.ikeAuthAlg("string")
.ikeEncAlg("string")
.ikeLifetime(0)
.ikeMode("string")
.ikePfs("string")
.ikeVersion("string")
.localId("string")
.psk("string")
.remoteId("string")
.build())
.enableDpd(false)
.tunnelIpsecConfig(GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs.builder()
.ipsecAuthAlg("string")
.ipsecEncAlg("string")
.ipsecLifetime(0)
.ipsecPfs("string")
.build())
.zoneNo("string")
.build())
.vpnAttachmentName("string")
.build());
gateway_vpn_attachment_resource = alicloud.vpn.GatewayVpnAttachment("gatewayVpnAttachmentResource",
local_subnet="string",
remote_subnet="string",
ipsec_config={
"ipsec_auth_alg": "string",
"ipsec_enc_alg": "string",
"ipsec_lifetime": 0,
"ipsec_pfs": "string",
},
effect_immediately=False,
enable_nat_traversal=False,
enable_tunnels_bgp=False,
health_check_config={
"dip": "string",
"enable": False,
"interval": 0,
"policy": "string",
"retry": 0,
"sip": "string",
"status": "string",
},
ike_config={
"ike_auth_alg": "string",
"ike_enc_alg": "string",
"ike_lifetime": 0,
"ike_mode": "string",
"ike_pfs": "string",
"ike_version": "string",
"local_id": "string",
"psk": "string",
"remote_id": "string",
},
bgp_config={
"enable": False,
"local_asn": 0,
"local_bgp_ip": "string",
"status": "string",
"tunnel_cidr": "string",
},
enable_dpd=False,
network_type="string",
customer_gateway_id="string",
resource_group_id="string",
tags={
"string": "string",
},
tunnel_options_specifications=[{
"customer_gateway_id": "string",
"tunnel_index": 0,
"status": "string",
"internet_ip": "string",
"role": "string",
"state": "string",
"enable_nat_traversal": False,
"tunnel_bgp_config": {
"bgp_status": "string",
"local_asn": 0,
"local_bgp_ip": "string",
"peer_asn": "string",
"peer_bgp_ip": "string",
"tunnel_cidr": "string",
},
"tunnel_id": "string",
"tunnel_ike_config": {
"ike_auth_alg": "string",
"ike_enc_alg": "string",
"ike_lifetime": 0,
"ike_mode": "string",
"ike_pfs": "string",
"ike_version": "string",
"local_id": "string",
"psk": "string",
"remote_id": "string",
},
"enable_dpd": False,
"tunnel_ipsec_config": {
"ipsec_auth_alg": "string",
"ipsec_enc_alg": "string",
"ipsec_lifetime": 0,
"ipsec_pfs": "string",
},
"zone_no": "string",
}],
vpn_attachment_name="string")
const gatewayVpnAttachmentResource = new alicloud.vpn.GatewayVpnAttachment("gatewayVpnAttachmentResource", {
localSubnet: "string",
remoteSubnet: "string",
ipsecConfig: {
ipsecAuthAlg: "string",
ipsecEncAlg: "string",
ipsecLifetime: 0,
ipsecPfs: "string",
},
effectImmediately: false,
enableNatTraversal: false,
enableTunnelsBgp: false,
healthCheckConfig: {
dip: "string",
enable: false,
interval: 0,
policy: "string",
retry: 0,
sip: "string",
status: "string",
},
ikeConfig: {
ikeAuthAlg: "string",
ikeEncAlg: "string",
ikeLifetime: 0,
ikeMode: "string",
ikePfs: "string",
ikeVersion: "string",
localId: "string",
psk: "string",
remoteId: "string",
},
bgpConfig: {
enable: false,
localAsn: 0,
localBgpIp: "string",
status: "string",
tunnelCidr: "string",
},
enableDpd: false,
networkType: "string",
customerGatewayId: "string",
resourceGroupId: "string",
tags: {
string: "string",
},
tunnelOptionsSpecifications: [{
customerGatewayId: "string",
tunnelIndex: 0,
status: "string",
internetIp: "string",
role: "string",
state: "string",
enableNatTraversal: false,
tunnelBgpConfig: {
bgpStatus: "string",
localAsn: 0,
localBgpIp: "string",
peerAsn: "string",
peerBgpIp: "string",
tunnelCidr: "string",
},
tunnelId: "string",
tunnelIkeConfig: {
ikeAuthAlg: "string",
ikeEncAlg: "string",
ikeLifetime: 0,
ikeMode: "string",
ikePfs: "string",
ikeVersion: "string",
localId: "string",
psk: "string",
remoteId: "string",
},
enableDpd: false,
tunnelIpsecConfig: {
ipsecAuthAlg: "string",
ipsecEncAlg: "string",
ipsecLifetime: 0,
ipsecPfs: "string",
},
zoneNo: "string",
}],
vpnAttachmentName: "string",
});
type: alicloud:vpn:GatewayVpnAttachment
properties:
bgpConfig:
enable: false
localAsn: 0
localBgpIp: string
status: string
tunnelCidr: string
customerGatewayId: string
effectImmediately: false
enableDpd: false
enableNatTraversal: false
enableTunnelsBgp: false
healthCheckConfig:
dip: string
enable: false
interval: 0
policy: string
retry: 0
sip: string
status: string
ikeConfig:
ikeAuthAlg: string
ikeEncAlg: string
ikeLifetime: 0
ikeMode: string
ikePfs: string
ikeVersion: string
localId: string
psk: string
remoteId: string
ipsecConfig:
ipsecAuthAlg: string
ipsecEncAlg: string
ipsecLifetime: 0
ipsecPfs: string
localSubnet: string
networkType: string
remoteSubnet: string
resourceGroupId: string
tags:
string: string
tunnelOptionsSpecifications:
- customerGatewayId: string
enableDpd: false
enableNatTraversal: false
internetIp: string
role: string
state: string
status: string
tunnelBgpConfig:
bgpStatus: string
localAsn: 0
localBgpIp: string
peerAsn: string
peerBgpIp: string
tunnelCidr: string
tunnelId: string
tunnelIkeConfig:
ikeAuthAlg: string
ikeEncAlg: string
ikeLifetime: 0
ikeMode: string
ikePfs: string
ikeVersion: string
localId: string
psk: string
remoteId: string
tunnelIndex: 0
tunnelIpsecConfig:
ipsecAuthAlg: string
ipsecEncAlg: string
ipsecLifetime: 0
ipsecPfs: string
zoneNo: string
vpnAttachmentName: string
GatewayVpnAttachment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GatewayVpnAttachment resource accepts the following input properties:
- Local
Subnet string - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Remote
Subnet string - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Bgp
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Bgp Config - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- Customer
Gateway stringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- Effect
Immediately bool - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- Enable
Dpd bool - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- Enable
Nat boolTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- Enable
Tunnels boolBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- Health
Check Pulumi.Config Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Health Check Config - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - Ike
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ike Config - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Ipsec
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ipsec Config - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Network
Type string - network type
- Resource
Group stringId - The ID of the resource group
- Dictionary<string, string>
- Tags
- Tunnel
Options List<Pulumi.Specifications Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Tunnel Options Specification> - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- Vpn
Attachment stringName - vpn attachment name
- Local
Subnet string - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Remote
Subnet string - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Bgp
Config GatewayVpn Attachment Bgp Config Args - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- Customer
Gateway stringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- Effect
Immediately bool - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- Enable
Dpd bool - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- Enable
Nat boolTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- Enable
Tunnels boolBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- Health
Check GatewayConfig Vpn Attachment Health Check Config Args - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - Ike
Config GatewayVpn Attachment Ike Config Args - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Ipsec
Config GatewayVpn Attachment Ipsec Config Args - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Network
Type string - network type
- Resource
Group stringId - The ID of the resource group
- map[string]string
- Tags
- Tunnel
Options []GatewaySpecifications Vpn Attachment Tunnel Options Specification Args - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- Vpn
Attachment stringName - vpn attachment name
- local
Subnet String - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- remote
Subnet String - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- bgp
Config GatewayVpn Attachment Bgp Config - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- customer
Gateway StringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect
Immediately Boolean - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable
Dpd Boolean - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable
Nat BooleanTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable
Tunnels BooleanBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health
Check GatewayConfig Vpn Attachment Health Check Config - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike
Config GatewayVpn Attachment Ike Config - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec
Config GatewayVpn Attachment Ipsec Config - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- network
Type String - network type
- resource
Group StringId - The ID of the resource group
- Map<String,String>
- Tags
- tunnel
Options List<GatewaySpecifications Vpn Attachment Tunnel Options Specification> - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn
Attachment StringName - vpn attachment name
- local
Subnet string - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- remote
Subnet string - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- bgp
Config GatewayVpn Attachment Bgp Config - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- customer
Gateway stringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect
Immediately boolean - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable
Dpd boolean - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable
Nat booleanTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable
Tunnels booleanBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health
Check GatewayConfig Vpn Attachment Health Check Config - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike
Config GatewayVpn Attachment Ike Config - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec
Config GatewayVpn Attachment Ipsec Config - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- network
Type string - network type
- resource
Group stringId - The ID of the resource group
- {[key: string]: string}
- Tags
- tunnel
Options GatewaySpecifications Vpn Attachment Tunnel Options Specification[] - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn
Attachment stringName - vpn attachment name
- local_
subnet str - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- remote_
subnet str - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- bgp_
config GatewayVpn Attachment Bgp Config Args - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- customer_
gateway_ strid - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect_
immediately bool - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable_
dpd bool - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable_
nat_ booltraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable_
tunnels_ boolbgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health_
check_ Gatewayconfig Vpn Attachment Health Check Config Args - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike_
config GatewayVpn Attachment Ike Config Args - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec_
config GatewayVpn Attachment Ipsec Config Args - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- network_
type str - network type
- resource_
group_ strid - The ID of the resource group
- Mapping[str, str]
- Tags
- tunnel_
options_ Sequence[Gatewayspecifications Vpn Attachment Tunnel Options Specification Args] - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn_
attachment_ strname - vpn attachment name
- local
Subnet String - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- remote
Subnet String - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- bgp
Config Property Map - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- customer
Gateway StringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect
Immediately Boolean - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable
Dpd Boolean - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable
Nat BooleanTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable
Tunnels BooleanBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health
Check Property MapConfig - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike
Config Property Map - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec
Config Property Map - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- network
Type String - network type
- resource
Group StringId - The ID of the resource group
- Map<String>
- Tags
- tunnel
Options List<Property Map>Specifications - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn
Attachment StringName - vpn attachment name
Outputs
All input properties are implicitly available as output properties. Additionally, the GatewayVpnAttachment resource produces the following output properties:
- Create
Time string - The creation time of the resource
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- The negotiation status of Tunnel.
- Create
Time string - The creation time of the resource
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- The negotiation status of Tunnel.
- create
Time String - The creation time of the resource
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- The negotiation status of Tunnel.
- create
Time string - The creation time of the resource
- id string
- The provider-assigned unique ID for this managed resource.
- status string
- The negotiation status of Tunnel.
- create_
time str - The creation time of the resource
- id str
- The provider-assigned unique ID for this managed resource.
- status str
- The negotiation status of Tunnel.
- create
Time String - The creation time of the resource
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- The negotiation status of Tunnel.
Look up Existing GatewayVpnAttachment Resource
Get an existing GatewayVpnAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GatewayVpnAttachmentState, opts?: CustomResourceOptions): GatewayVpnAttachment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
bgp_config: Optional[GatewayVpnAttachmentBgpConfigArgs] = None,
create_time: Optional[str] = None,
customer_gateway_id: Optional[str] = None,
effect_immediately: Optional[bool] = None,
enable_dpd: Optional[bool] = None,
enable_nat_traversal: Optional[bool] = None,
enable_tunnels_bgp: Optional[bool] = None,
health_check_config: Optional[GatewayVpnAttachmentHealthCheckConfigArgs] = None,
ike_config: Optional[GatewayVpnAttachmentIkeConfigArgs] = None,
ipsec_config: Optional[GatewayVpnAttachmentIpsecConfigArgs] = None,
local_subnet: Optional[str] = None,
network_type: Optional[str] = None,
remote_subnet: Optional[str] = None,
resource_group_id: Optional[str] = None,
status: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tunnel_options_specifications: Optional[Sequence[GatewayVpnAttachmentTunnelOptionsSpecificationArgs]] = None,
vpn_attachment_name: Optional[str] = None) -> GatewayVpnAttachmentfunc GetGatewayVpnAttachment(ctx *Context, name string, id IDInput, state *GatewayVpnAttachmentState, opts ...ResourceOption) (*GatewayVpnAttachment, error)public static GatewayVpnAttachment Get(string name, Input<string> id, GatewayVpnAttachmentState? state, CustomResourceOptions? opts = null)public static GatewayVpnAttachment get(String name, Output<String> id, GatewayVpnAttachmentState state, CustomResourceOptions options)resources: _: type: alicloud:vpn:GatewayVpnAttachment get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Bgp
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Bgp Config - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- Create
Time string - The creation time of the resource
- Customer
Gateway stringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- Effect
Immediately bool - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- Enable
Dpd bool - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- Enable
Nat boolTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- Enable
Tunnels boolBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- Health
Check Pulumi.Config Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Health Check Config - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - Ike
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ike Config - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Ipsec
Config Pulumi.Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Ipsec Config - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Local
Subnet string - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Network
Type string - network type
- Remote
Subnet string - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Resource
Group stringId - The ID of the resource group
- Status string
- The negotiation status of Tunnel.
- Dictionary<string, string>
- Tags
- Tunnel
Options List<Pulumi.Specifications Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Tunnel Options Specification> - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- Vpn
Attachment stringName - vpn attachment name
- Bgp
Config GatewayVpn Attachment Bgp Config Args - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- Create
Time string - The creation time of the resource
- Customer
Gateway stringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- Effect
Immediately bool - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- Enable
Dpd bool - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- Enable
Nat boolTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- Enable
Tunnels boolBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- Health
Check GatewayConfig Vpn Attachment Health Check Config Args - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - Ike
Config GatewayVpn Attachment Ike Config Args - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Ipsec
Config GatewayVpn Attachment Ipsec Config Args - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- Local
Subnet string - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Network
Type string - network type
- Remote
Subnet string - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- Resource
Group stringId - The ID of the resource group
- Status string
- The negotiation status of Tunnel.
- map[string]string
- Tags
- Tunnel
Options []GatewaySpecifications Vpn Attachment Tunnel Options Specification Args - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- Vpn
Attachment stringName - vpn attachment name
- bgp
Config GatewayVpn Attachment Bgp Config - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- create
Time String - The creation time of the resource
- customer
Gateway StringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect
Immediately Boolean - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable
Dpd Boolean - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable
Nat BooleanTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable
Tunnels BooleanBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health
Check GatewayConfig Vpn Attachment Health Check Config - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike
Config GatewayVpn Attachment Ike Config - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec
Config GatewayVpn Attachment Ipsec Config - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- local
Subnet String - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- network
Type String - network type
- remote
Subnet String - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- resource
Group StringId - The ID of the resource group
- status String
- The negotiation status of Tunnel.
- Map<String,String>
- Tags
- tunnel
Options List<GatewaySpecifications Vpn Attachment Tunnel Options Specification> - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn
Attachment StringName - vpn attachment name
- bgp
Config GatewayVpn Attachment Bgp Config - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- create
Time string - The creation time of the resource
- customer
Gateway stringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect
Immediately boolean - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable
Dpd boolean - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable
Nat booleanTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable
Tunnels booleanBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health
Check GatewayConfig Vpn Attachment Health Check Config - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike
Config GatewayVpn Attachment Ike Config - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec
Config GatewayVpn Attachment Ipsec Config - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- local
Subnet string - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- network
Type string - network type
- remote
Subnet string - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- resource
Group stringId - The ID of the resource group
- status string
- The negotiation status of Tunnel.
- {[key: string]: string}
- Tags
- tunnel
Options GatewaySpecifications Vpn Attachment Tunnel Options Specification[] - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn
Attachment stringName - vpn attachment name
- bgp_
config GatewayVpn Attachment Bgp Config Args - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- create_
time str - The creation time of the resource
- customer_
gateway_ strid - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect_
immediately bool - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable_
dpd bool - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable_
nat_ booltraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable_
tunnels_ boolbgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health_
check_ Gatewayconfig Vpn Attachment Health Check Config Args - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike_
config GatewayVpn Attachment Ike Config Args - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec_
config GatewayVpn Attachment Ipsec Config Args - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- local_
subnet str - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- network_
type str - network type
- remote_
subnet str - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- resource_
group_ strid - The ID of the resource group
- status str
- The negotiation status of Tunnel.
- Mapping[str, str]
- Tags
- tunnel_
options_ Sequence[Gatewayspecifications Vpn Attachment Tunnel Options Specification Args] - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn_
attachment_ strname - vpn attachment name
- bgp
Config Property Map - Bgp configuration information.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
bgp_configbelow.
- This parameter is supported when you create an vpn attachment in single-tunnel mode. See
- create
Time String - The creation time of the resource
- customer
Gateway StringId - Customer gateway ID.
- This parameter is required when creating a single-tunnel mode vpn attachment.
- effect
Immediately Boolean - Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
- enable
Dpd Boolean - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Whether to enable the DPD (peer survival detection) function.
- true (default): enables DPD. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within the specified period of time, the connection fails. In this case, ISAKMP SA and IPsec SA are deleted along with the security tunnel.
- false: disables DPD. The initiator of the IPsec-VPN connection does not send DPD packets.
- enable
Nat BooleanTraversal - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
- true (default): enables NAT traversal. After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the vpn attachment tunnel.
- false: disables NAT traversal.
- enable
Tunnels BooleanBgp You can configure this parameter when you create a vpn attachment in dual-tunnel mode.Whether to enable the BGP function for the tunnel. Value:
trueorfalse(default).NOTE: before adding BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function.
- health
Check Property MapConfig - This parameter is supported if you create an vpn attachment in single-tunnel mode.
Health check configuration information. See
health_check_configbelow. - ike
Config Property Map - The configurations of Phase 1 negotiations.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ike_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- ipsec
Config Property Map - Configuration negotiated in the second stage.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
ipsec_configbelow.
- This parameter is supported if you create an vpn attachment in single-tunnel mode. See
- local
Subnet String - The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- network
Type String - network type
- remote
Subnet String - The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.The following routing modes are supported:
- If you set LocalSubnet and RemoteSubnet to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode.
- If you set LocalSubnet and RemoteSubnet to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
- resource
Group StringId - The ID of the resource group
- status String
- The negotiation status of Tunnel.
- Map<String>
- Tags
- tunnel
Options List<Property Map>Specifications - Configure the tunnel.
- You can configure parameters in the
tunnel_options_specificationarray when you create a vpn attachment in dual-tunnel mode. - When creating a vpn attachment in dual-tunnel mode, you must add both tunnels for the vpn attachment to ensure that the vpn attachment has link redundancy. Only two tunnels can be added to a vpn attachment. See
tunnel_options_specificationbelow.
- You can configure parameters in the
- vpn
Attachment StringName - vpn attachment name
Supporting Types
GatewayVpnAttachmentBgpConfig, GatewayVpnAttachmentBgpConfigArgs
- Enable bool
- Whether to enable the BGP function. Valid values: true or false (default).
- Local
Asn int - The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
- Local
Bgp stringIp - The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
- Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
- We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Cidr string - IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
- Enable bool
- Whether to enable the BGP function. Valid values: true or false (default).
- Local
Asn int - The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
- Local
Bgp stringIp - The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
- Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
- We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Cidr string - IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
- enable Boolean
- Whether to enable the BGP function. Valid values: true or false (default).
- local
Asn Integer - The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
- local
Bgp StringIp - The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
- Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
- We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
- status String
- The negotiation status of Tunnel.
- tunnel
Cidr String - IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
- enable boolean
- Whether to enable the BGP function. Valid values: true or false (default).
- local
Asn number - The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
- local
Bgp stringIp - The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
- Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
- We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
- status string
- The negotiation status of Tunnel.
- tunnel
Cidr string - IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
- enable bool
- Whether to enable the BGP function. Valid values: true or false (default).
- local_
asn int - The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
- local_
bgp_ strip - The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
- Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
- We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
- status str
- The negotiation status of Tunnel.
- tunnel_
cidr str - IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
- enable Boolean
- Whether to enable the BGP function. Valid values: true or false (default).
- local
Asn Number - The autonomous system number on the Alibaba Cloud side. The value range of autonomous system number is 1~4294967295. Default value: 45104
- local
Bgp StringIp - The BGP address on the Alibaba Cloud side. This address is an IP address in the IPsec tunnel network segment.
- Before adding the BGP configuration, we recommend that you understand the working mechanism and usage restrictions of the BGP dynamic routing function. For more information, see BGP Dynamic Routing Bulletin.
- We recommend that you use the private number of the autonomous system number to establish a BGP connection with Alibaba Cloud. Please refer to the documentation for the private number range of the autonomous system number.
- status String
- The negotiation status of Tunnel.
- tunnel
Cidr String - IPsec tunnel network segment. This network segment must be a network segment with a mask length of 30 within 169.254.0.0/16
GatewayVpnAttachmentHealthCheckConfig, GatewayVpnAttachmentHealthCheckConfigArgs
- Dip string
- Target IP.
- Enable bool
- Whether health check is enabled:-
false: not enabled. -true: enabled. - Interval int
- The health check retry interval, in seconds.
- Policy string
- Whether to revoke the published route when the health check fails
- Retry int
- Number of retries for health check.
- Sip string
- SOURCE IP.
- Status string
- The negotiation status of Tunnel.
- Dip string
- Target IP.
- Enable bool
- Whether health check is enabled:-
false: not enabled. -true: enabled. - Interval int
- The health check retry interval, in seconds.
- Policy string
- Whether to revoke the published route when the health check fails
- Retry int
- Number of retries for health check.
- Sip string
- SOURCE IP.
- Status string
- The negotiation status of Tunnel.
- dip String
- Target IP.
- enable Boolean
- Whether health check is enabled:-
false: not enabled. -true: enabled. - interval Integer
- The health check retry interval, in seconds.
- policy String
- Whether to revoke the published route when the health check fails
- retry Integer
- Number of retries for health check.
- sip String
- SOURCE IP.
- status String
- The negotiation status of Tunnel.
- dip string
- Target IP.
- enable boolean
- Whether health check is enabled:-
false: not enabled. -true: enabled. - interval number
- The health check retry interval, in seconds.
- policy string
- Whether to revoke the published route when the health check fails
- retry number
- Number of retries for health check.
- sip string
- SOURCE IP.
- status string
- The negotiation status of Tunnel.
- dip str
- Target IP.
- enable bool
- Whether health check is enabled:-
false: not enabled. -true: enabled. - interval int
- The health check retry interval, in seconds.
- policy str
- Whether to revoke the published route when the health check fails
- retry int
- Number of retries for health check.
- sip str
- SOURCE IP.
- status str
- The negotiation status of Tunnel.
- dip String
- Target IP.
- enable Boolean
- Whether health check is enabled:-
false: not enabled. -true: enabled. - interval Number
- The health check retry interval, in seconds.
- policy String
- Whether to revoke the published route when the health check fails
- retry Number
- Number of retries for health check.
- sip String
- SOURCE IP.
- status String
- The negotiation status of Tunnel.
GatewayVpnAttachmentIkeConfig, GatewayVpnAttachmentIkeConfigArgs
- Ike
Auth stringAlg - The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
- Ike
Enc stringAlg - The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- Ike
Lifetime int - The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- Ike
Mode string - IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
- Ike
Pfs string - The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
- Ike
Version string - The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
- Local
Id string - The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
- Psk string
- A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
- If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
- The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
- Remote
Id string - The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
- Ike
Auth stringAlg - The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
- Ike
Enc stringAlg - The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- Ike
Lifetime int - The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- Ike
Mode string - IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
- Ike
Pfs string - The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
- Ike
Version string - The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
- Local
Id string - The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
- Psk string
- A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
- If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
- The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
- Remote
Id string - The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
- ike
Auth StringAlg - The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
- ike
Enc StringAlg - The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike
Lifetime Integer - The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike
Mode String - IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
- ike
Pfs String - The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
- ike
Version String - The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
- local
Id String - The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
- psk String
- A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
- If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
- The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
- remote
Id String - The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
- ike
Auth stringAlg - The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
- ike
Enc stringAlg - The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike
Lifetime number - The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike
Mode string - IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
- ike
Pfs string - The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
- ike
Version string - The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
- local
Id string - The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
- psk string
- A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
- If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
- The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
- remote
Id string - The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
- ike_
auth_ stralg - The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
- ike_
enc_ stralg - The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike_
lifetime int - The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike_
mode str - IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
- ike_
pfs str - The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
- ike_
version str - The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
- local_
id str - The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
- psk str
- A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
- If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
- The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
- remote_
id str - The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
- ike
Auth StringAlg - The authentication algorithm negotiated in the first stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: md5.
- ike
Enc StringAlg - The encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
- ike
Lifetime Number - The SA lifetime as a result of Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
- ike
Mode String - IKE mode, the negotiation mode. Valid values: main and aggressive. Default value: main.
- ike
Pfs String - The Diffie-Hellman key exchange algorithm used in the first stage negotiation. Valid values: group1, group2, group5, or group14. Default value: group2.
- ike
Version String - The version of the IKE protocol. Value: ikev1 or ikev2. Default value: ikev1.
- local
Id String - The identifier on the Alibaba Cloud side of the IPsec connection. The length is limited to 100 characters. The default value is leftId-not-exist
- psk String
- A pre-shared key for authentication between the VPN gateway and the local data center. The key length is 1~100 characters.
- If you do not specify a pre-shared key, the system randomly generates a 16-bit string as the pre-shared key.
- The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises data center. Otherwise, connections between the on-premises data center and the VPN gateway cannot be established.
- remote
Id String - The identifier of the IPsec connection to the local data center. The length is limited to 100 characters. The default value is the IP address of the user gateway.
GatewayVpnAttachmentIpsecConfig, GatewayVpnAttachmentIpsecConfigArgs
- Ipsec
Auth stringAlg - The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
- Ipsec
Enc stringAlg - The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
- Ipsec
Lifetime int - The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
- Ipsec
Pfs string - Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
- Ipsec
Auth stringAlg - The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
- Ipsec
Enc stringAlg - The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
- Ipsec
Lifetime int - The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
- Ipsec
Pfs string - Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
- ipsec
Auth StringAlg - The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
- ipsec
Enc StringAlg - The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
- ipsec
Lifetime Integer - The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
- ipsec
Pfs String - Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
- ipsec
Auth stringAlg - The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
- ipsec
Enc stringAlg - The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
- ipsec
Lifetime number - The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
- ipsec
Pfs string - Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
- ipsec_
auth_ stralg - The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
- ipsec_
enc_ stralg - The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
- ipsec_
lifetime int - The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
- ipsec_
pfs str - Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
- ipsec
Auth StringAlg - The authentication algorithm negotiated in the second stage. Valid values: md5, sha1, sha256, sha384, sha512. Default value: MD5.
- ipsec
Enc StringAlg - The encryption algorithm negotiated in the second stage. Valid values: aes, aes192, aes256, des, or 3des. Default value: aes.
- ipsec
Lifetime Number - The life cycle of SA negotiated in the second stage. Unit: seconds. Value range: 0~86400. Default value: 86400.
- ipsec
Pfs String - Diffie-Hellman Key Exchange Algorithm Used in Second Stage Negotiation
GatewayVpnAttachmentTunnelOptionsSpecification, GatewayVpnAttachmentTunnelOptionsSpecificationArgs
- Customer
Gateway stringId The ID of the user gateway associated with the tunnel.
NOTE: This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
- Tunnel
Index int - The order in which the tunnel was created.
- Enable
Dpd bool - Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
- Enable
Nat boolTraversal - Whether the NAT crossing function is enabled for the tunnel. Value:
- Internet
Ip string - The local internet IP in Tunnel.
- Role string
- The role of Tunnel.
- State string
- The state of Tunnel.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Bgp Pulumi.Config Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Tunnel Options Specification Tunnel Bgp Config Add the BGP configuration for the tunnel.
NOTE: After you enable the BGP function for IPsec connections (that is, specify
EnableTunnelsBgpastrue), you must configure this parameter. Seetunnel_bgp_configbelow.- Tunnel
Id string - The tunnel ID of IPsec-VPN connection.
- Tunnel
Ike Pulumi.Config Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Tunnel Options Specification Tunnel Ike Config - Configuration information for the first phase negotiation. See
tunnel_ike_configbelow. - Tunnel
Ipsec Pulumi.Config Ali Cloud. Vpn. Inputs. Gateway Vpn Attachment Tunnel Options Specification Tunnel Ipsec Config - Configuration information for the second-stage negotiation. See
tunnel_ipsec_configbelow. - Zone
No string - The zoneNo of tunnel.
- Customer
Gateway stringId The ID of the user gateway associated with the tunnel.
NOTE: This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
- Tunnel
Index int - The order in which the tunnel was created.
- Enable
Dpd bool - Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
- Enable
Nat boolTraversal - Whether the NAT crossing function is enabled for the tunnel. Value:
- Internet
Ip string - The local internet IP in Tunnel.
- Role string
- The role of Tunnel.
- State string
- The state of Tunnel.
- Status string
- The negotiation status of Tunnel.
- Tunnel
Bgp GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Bgp Config Add the BGP configuration for the tunnel.
NOTE: After you enable the BGP function for IPsec connections (that is, specify
EnableTunnelsBgpastrue), you must configure this parameter. Seetunnel_bgp_configbelow.- Tunnel
Id string - The tunnel ID of IPsec-VPN connection.
- Tunnel
Ike GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Ike Config - Configuration information for the first phase negotiation. See
tunnel_ike_configbelow. - Tunnel
Ipsec GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Ipsec Config - Configuration information for the second-stage negotiation. See
tunnel_ipsec_configbelow. - Zone
No string - The zoneNo of tunnel.
- customer
Gateway StringId The ID of the user gateway associated with the tunnel.
NOTE: This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
- tunnel
Index Integer - The order in which the tunnel was created.
- enable
Dpd Boolean - Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
- enable
Nat BooleanTraversal - Whether the NAT crossing function is enabled for the tunnel. Value:
- internet
Ip String - The local internet IP in Tunnel.
- role String
- The role of Tunnel.
- state String
- The state of Tunnel.
- status String
- The negotiation status of Tunnel.
- tunnel
Bgp GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Bgp Config Add the BGP configuration for the tunnel.
NOTE: After you enable the BGP function for IPsec connections (that is, specify
EnableTunnelsBgpastrue), you must configure this parameter. Seetunnel_bgp_configbelow.- tunnel
Id String - The tunnel ID of IPsec-VPN connection.
- tunnel
Ike GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Ike Config - Configuration information for the first phase negotiation. See
tunnel_ike_configbelow. - tunnel
Ipsec GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Ipsec Config - Configuration information for the second-stage negotiation. See
tunnel_ipsec_configbelow. - zone
No String - The zoneNo of tunnel.
- customer
Gateway stringId The ID of the user gateway associated with the tunnel.
NOTE: This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
- tunnel
Index number - The order in which the tunnel was created.
- enable
Dpd boolean - Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
- enable
Nat booleanTraversal - Whether the NAT crossing function is enabled for the tunnel. Value:
- internet
Ip string - The local internet IP in Tunnel.
- role string
- The role of Tunnel.
- state string
- The state of Tunnel.
- status string
- The negotiation status of Tunnel.
- tunnel
Bgp GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Bgp Config Add the BGP configuration for the tunnel.
NOTE: After you enable the BGP function for IPsec connections (that is, specify
EnableTunnelsBgpastrue), you must configure this parameter. Seetunnel_bgp_configbelow.- tunnel
Id string - The tunnel ID of IPsec-VPN connection.
- tunnel
Ike GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Ike Config - Configuration information for the first phase negotiation. See
tunnel_ike_configbelow. - tunnel
Ipsec GatewayConfig Vpn Attachment Tunnel Options Specification Tunnel Ipsec Config - Configuration information for the second-stage negotiation. See
tunnel_ipsec_configbelow. - zone
No string - The zoneNo of tunnel.
- customer_
gateway_ strid The ID of the user gateway associated with the tunnel.
NOTE: This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
- tunnel_
index int - The order in which the tunnel was created.
- enable_
dpd bool - Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
- enable_
nat_ booltraversal - Whether the NAT crossing function is enabled for the tunnel. Value:
- internet_
ip str - The local internet IP in Tunnel.
- role str
- The role of Tunnel.
- state str
- The state of Tunnel.
- status str
- The negotiation status of Tunnel.
- tunnel_
bgp_ Gatewayconfig Vpn Attachment Tunnel Options Specification Tunnel Bgp Config Add the BGP configuration for the tunnel.
NOTE: After you enable the BGP function for IPsec connections (that is, specify
EnableTunnelsBgpastrue), you must configure this parameter. Seetunnel_bgp_configbelow.- tunnel_
id str - The tunnel ID of IPsec-VPN connection.
- tunnel_
ike_ Gatewayconfig Vpn Attachment Tunnel Options Specification Tunnel Ike Config - Configuration information for the first phase negotiation. See
tunnel_ike_configbelow. - tunnel_
ipsec_ Gatewayconfig Vpn Attachment Tunnel Options Specification Tunnel Ipsec Config - Configuration information for the second-stage negotiation. See
tunnel_ipsec_configbelow. - zone_
no str - The zoneNo of tunnel.
- customer
Gateway StringId The ID of the user gateway associated with the tunnel.
NOTE: This parameter is required when creating a dual-tunnel mode IPsec-VPN connection.
- tunnel
Index Number - The order in which the tunnel was created.
- enable
Dpd Boolean - Whether the DPD (peer alive detection) function is enabled for the tunnel. Value:
- enable
Nat BooleanTraversal - Whether the NAT crossing function is enabled for the tunnel. Value:
- internet
Ip String - The local internet IP in Tunnel.
- role String
- The role of Tunnel.
- state String
- The state of Tunnel.
- status String
- The negotiation status of Tunnel.
- tunnel
Bgp Property MapConfig Add the BGP configuration for the tunnel.
NOTE: After you enable the BGP function for IPsec connections (that is, specify
EnableTunnelsBgpastrue), you must configure this parameter. Seetunnel_bgp_configbelow.- tunnel
Id String - The tunnel ID of IPsec-VPN connection.
- tunnel
Ike Property MapConfig - Configuration information for the first phase negotiation. See
tunnel_ike_configbelow. - tunnel
Ipsec Property MapConfig - Configuration information for the second-stage negotiation. See
tunnel_ipsec_configbelow. - zone
No String - The zoneNo of tunnel.
GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfig, GatewayVpnAttachmentTunnelOptionsSpecificationTunnelBgpConfigArgs
- Bgp
Status string - BGP status.
- Local
Asn int - Local
Bgp stringIp - Peer
Asn string - Peer asn.
- Peer
Bgp stringIp - Peer bgp ip.
- Tunnel
Cidr string
- Bgp
Status string - BGP status.
- Local
Asn int - Local
Bgp stringIp - Peer
Asn string - Peer asn.
- Peer
Bgp stringIp - Peer bgp ip.
- Tunnel
Cidr string
- bgp
Status String - BGP status.
- local
Asn Integer - local
Bgp StringIp - peer
Asn String - Peer asn.
- peer
Bgp StringIp - Peer bgp ip.
- tunnel
Cidr String
- bgp
Status string - BGP status.
- local
Asn number - local
Bgp stringIp - peer
Asn string - Peer asn.
- peer
Bgp stringIp - Peer bgp ip.
- tunnel
Cidr string
- bgp_
status str - BGP status.
- local_
asn int - local_
bgp_ strip - peer_
asn str - Peer asn.
- peer_
bgp_ strip - Peer bgp ip.
- tunnel_
cidr str
- bgp
Status String - BGP status.
- local
Asn Number - local
Bgp StringIp - peer
Asn String - Peer asn.
- peer
Bgp StringIp - Peer bgp ip.
- tunnel
Cidr String
GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfig, GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIkeConfigArgs
- Ike
Auth stringAlg - Ike
Enc stringAlg - Ike
Lifetime int - Ike
Mode string - Ike
Pfs string - Ike
Version string - Local
Id string - Psk string
- Remote
Id string
- Ike
Auth stringAlg - Ike
Enc stringAlg - Ike
Lifetime int - Ike
Mode string - Ike
Pfs string - Ike
Version string - Local
Id string - Psk string
- Remote
Id string
- ike
Auth StringAlg - ike
Enc StringAlg - ike
Lifetime Integer - ike
Mode String - ike
Pfs String - ike
Version String - local
Id String - psk String
- remote
Id String
- ike
Auth stringAlg - ike
Enc stringAlg - ike
Lifetime number - ike
Mode string - ike
Pfs string - ike
Version string - local
Id string - psk string
- remote
Id string
- ike_
auth_ stralg - ike_
enc_ stralg - ike_
lifetime int - ike_
mode str - ike_
pfs str - ike_
version str - local_
id str - psk str
- remote_
id str
- ike
Auth StringAlg - ike
Enc StringAlg - ike
Lifetime Number - ike
Mode String - ike
Pfs String - ike
Version String - local
Id String - psk String
- remote
Id String
GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfig, GatewayVpnAttachmentTunnelOptionsSpecificationTunnelIpsecConfigArgs
- Ipsec
Auth stringAlg - Ipsec
Enc stringAlg - Ipsec
Lifetime int - Ipsec
Pfs string
- Ipsec
Auth stringAlg - Ipsec
Enc stringAlg - Ipsec
Lifetime int - Ipsec
Pfs string
- ipsec
Auth StringAlg - ipsec
Enc StringAlg - ipsec
Lifetime Integer - ipsec
Pfs String
- ipsec
Auth stringAlg - ipsec
Enc stringAlg - ipsec
Lifetime number - ipsec
Pfs string
- ipsec_
auth_ stralg - ipsec_
enc_ stralg - ipsec_
lifetime int - ipsec_
pfs str
- ipsec
Auth StringAlg - ipsec
Enc StringAlg - ipsec
Lifetime Number - ipsec
Pfs String
Import
VPN Gateway Vpn Attachment can be imported using the id, e.g.
$ pulumi import alicloud:vpn/gatewayVpnAttachment:GatewayVpnAttachment example <id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.