public static final class ModifyVpnConnectionAttributeRequest.Builder extends Object
| 限定符和类型 | 方法和说明 |
|---|---|
ModifyVpnConnectionAttributeRequest.Builder |
autoConfigRoute(Boolean autoConfigRoute)
Specifies whether to automatically advertise routes.
|
ModifyVpnConnectionAttributeRequest.Builder |
bgpConfig(String bgpConfig)
This parameter is supported by single-tunnel IPsec-VPN connections.
|
ModifyVpnConnectionAttributeRequest |
build() |
ModifyVpnConnectionAttributeRequest.Builder |
clientToken(String clientToken)
The client token that is used to ensure the idempotence of the request.
|
ModifyVpnConnectionAttributeRequest.Builder |
effectImmediately(Boolean effectImmediately)
Specifies whether to immediately start IPsec negotiations after the configuration takes effect.
|
ModifyVpnConnectionAttributeRequest.Builder |
enableDpd(Boolean enableDpd)
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
ModifyVpnConnectionAttributeRequest.Builder |
enableNatTraversal(Boolean enableNatTraversal)
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
ModifyVpnConnectionAttributeRequest.Builder |
enableTunnelsBgp(Boolean enableTunnelsBgp)
You can specify this parameter if you modify the configuration of a dual-tunnel IPsec-VPN connection.
|
ModifyVpnConnectionAttributeRequest.Builder |
healthCheckConfig(String healthCheckConfig)
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
ModifyVpnConnectionAttributeRequest.Builder |
ikeConfig(String ikeConfig)
This parameter is supported by single-tunnel IPsec-VPN connections.
|
ModifyVpnConnectionAttributeRequest.Builder |
ipsecConfig(String ipsecConfig)
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
ModifyVpnConnectionAttributeRequest.Builder |
localSubnet(String localSubnet)
The CIDR block used to connect the virtual private cloud (VPC) to the data center.
|
ModifyVpnConnectionAttributeRequest.Builder |
name(String name)
The name of the IPsec-VPN connection.
|
ModifyVpnConnectionAttributeRequest.Builder |
ownerAccount(String ownerAccount)
OwnerAccount.
|
ModifyVpnConnectionAttributeRequest.Builder |
ownerId(Long ownerId)
OwnerId.
|
ModifyVpnConnectionAttributeRequest.Builder |
regionId(String regionId)
The ID of the region in which the IPsec-VPN connection is created.
|
ModifyVpnConnectionAttributeRequest.Builder |
remoteCaCertificate(String remoteCaCertificate)
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
ModifyVpnConnectionAttributeRequest.Builder |
remoteSubnet(String remoteSubnet)
The CIDR block on the data center side.
|
ModifyVpnConnectionAttributeRequest.Builder |
resourceOwnerAccount(String resourceOwnerAccount)
ResourceOwnerAccount.
|
ModifyVpnConnectionAttributeRequest.Builder |
resourceOwnerId(Long resourceOwnerId)
ResourceOwnerId.
|
ModifyVpnConnectionAttributeRequest.Builder |
tunnelOptionsSpecification(List<ModifyVpnConnectionAttributeRequest.TunnelOptionsSpecification> tunnelOptionsSpecification)
The tunnel configurations.
|
ModifyVpnConnectionAttributeRequest.Builder |
vpnConnectionId(String vpnConnectionId)
The ID of the IPsec-VPN connection.
|
public ModifyVpnConnectionAttributeRequest.Builder autoConfigRoute(Boolean autoConfigRoute)
* **true** * **false**
public ModifyVpnConnectionAttributeRequest.Builder bgpConfig(String bgpConfig)
The Border Gateway Protocol (BGP) configurations: * **BgpConfig.EnableBgp:** specifies whether to enable BGP. Valid values: **true** and **false**. * **BgpConfig.LocalAsn:** the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: **1** to **4294967295**. You can enter the ASN in two segments. Separate the first 16 bits of the ASN from the remaining 16 bits with a period (.). Enter the number in each segment in decimal format. For example, if you enter 123.456, the ASN is: 123 × 65536 + 456 = 8061384. * **BgpConfig.TunnelCidr**: the CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16. The subnet mask of the CIDR block must be 30 bits in length. > The CIDR block of the IPsec tunnel of each IPsec-VPN connection must be unique on a VPN gateway. * **LocalBgpIp**: the BGP IP address on the Alibaba Cloud side. This IP address must fall within the CIDR block range of the IPsec tunnel. > - This parameter is required when the VPN gateway has dynamic BGP enabled. > - Before you configure BGP, we recommend that you learn about how BGP works and its limits. For more information, see [BGP dynamic routing ](~~170235~~). > - We recommend that you use a private ASN to establish a connection with Alibaba Cloud over BGP. For information about the range of private ASNs, see the relevant documentation.
public ModifyVpnConnectionAttributeRequest.Builder clientToken(String clientToken)
You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters. > If you do not specify this parameter, the system automatically uses the value of **RequestId** as the value of **ClientToken**. The **request ID** may be different for each request.
public ModifyVpnConnectionAttributeRequest.Builder effectImmediately(Boolean effectImmediately)
* **true**: immediately starts IPsec negotiations after the configuration takes effect. * **false**: IPsec negotiations start when inbound traffic is detected.
public ModifyVpnConnectionAttributeRequest.Builder enableDpd(Boolean enableDpd)
Specifies whether to enable the dead peer detection (DPD) feature. Valid values: * **true:**: enables the DPD feature. The initiator of the IPsec-VPN connection sends DPD packets to check the existence and availability of the peer. If no feedback is received from the peer within a specific period of time, the connection fails. Then, the ISAKMP SA, IPsec SA, and IPsec tunnel are deleted. * **false**: disables the DPD feature. The initiator of the IPsec-VPN connection does not send DPD packets.
public ModifyVpnConnectionAttributeRequest.Builder enableNatTraversal(Boolean enableNatTraversal)
Specifies whether to enable NAT traversal. Valid values: * **true** After NAT traversal is enabled, the initiator does not check the UDP ports during IKE negotiations and can automatically discover NAT gateway devices along the IPsec tunnel. * **false**
public ModifyVpnConnectionAttributeRequest.Builder enableTunnelsBgp(Boolean enableTunnelsBgp)
Specifies whether to enable BGP for the tunnel. Valid values: **true** and **false**.
public ModifyVpnConnectionAttributeRequest.Builder healthCheckConfig(String healthCheckConfig)
The health check configuration: * **HealthCheckConfig.enable**: specifies whether to enable health checks. Valid values: **true** and **false**. * **HealthCheckConfig.dip**: the destination IP address that is used for health checks. * **HealthCheckConfig.sip**: the source IP address that is used for health checks. * **HealthCheckConfig.interval**: the interval between two consecutive health checks. Unit: seconds. * **HealthCheckConfig.retry**: the maximum number of health check retries.
public ModifyVpnConnectionAttributeRequest.Builder ikeConfig(String ikeConfig)
The configurations of Phase 1 negotiations: * **IkeConfig.Psk**: the pre-shared key that is used for authentication between the VPN gateway and the data center. * It must be 1 to 100 characters in length, and can contain letters, digits, and the following characters: ``~!`@#$%^&*()_-+={}[]|;:\",.<>/?`` * If you do not specify a pre-shared key, the system generates a random 16-character string as the pre-shared key. You can call the [DescribeVpnConnection](~~2526951~~) operation to query the pre-shared key that is generated by the system. > The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises database. Otherwise, the on-premises database and the VPN gateway cannot establish a connection. * **IkeConfig.IkeVersion**: the version of the Internet Key Exchange (IKE) protocol. Valid values: **ikev1** and **ikev2**. Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and is more suitable for scenarios in which multiple CIDR blocks are used. * **IkeConfig.IkeMode**: the negotiation mode of IKE. Valid values: **main** and **aggressive**. * **main**: This mode offers higher security during negotiations. * **aggressive**: This mode is faster and has a higher success rate. * **IkeConfig.IkeEncAlg**: the encryption algorithm that is used in Phase 1 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. * **IkeConfig.IkeAuthAlg**: the authentication algorithm that is used in Phase 1 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**. * **IkeConfig.IkePfs**: the Diffie-Hellman (DH) key exchange algorithm that is used in Phase 1 negotiations. Valid values: **group1**, **group2**, **group5**, and **group14**. * **IkeConfig.IkeLifetime**: the security association (SA) lifetime that is determined by Phase 1 negotiations. Unit: seconds. Valid values: **0 to 86400**. * **IkeConfig.LocalId**: the identifier of the VPN gateway. The identifier cannot exceed 100 characters in length. The default value is the IP address of the VPN gateway. * **IkeConfig.RemoteId**: the identifier of the customer gateway. The identifier cannot exceed 100 characters in length. The default value is the IP address of the customer gateway.
public ModifyVpnConnectionAttributeRequest.Builder ipsecConfig(String ipsecConfig)
The configuration of Phase 2 negotiations: * **IpsecConfig.IpsecEncAlg**: the encryption algorithm that is used in Phase 2 negotiations. Valid values: **aes**, **aes192**, **aes256**, **des**, and **3des**. * **IpsecConfig. IpsecAuthAlg**: the authentication algorithm that is used in Phase 2 negotiations. Valid values: **md5**, **sha1**, **sha256**, **sha384**, and **sha512**. * **IpsecConfig. IpsecPfs**: the DH key exchange algorithm that is used in Phase 1 negotiations. If you specify this parameter, packets of all protocols are forwarded. Valid values: **disabled**, **group1**, **group2**, **group5**, and **group14**. * **IpsecConfig. IpsecLifetime:** the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: **0 to 86400**.
public ModifyVpnConnectionAttributeRequest.Builder localSubnet(String localSubnet)
Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24. The following routing modes are supported: * If you set **LocalSubnet** and **RemoteSubnet** to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode. * If you set **LocalSubnet** and **RemoteSubnet** to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
public ModifyVpnConnectionAttributeRequest.Builder name(String name)
The name must be 1 to 100 characters in length and cannot start with `http://` or `https://`.
public ModifyVpnConnectionAttributeRequest.Builder ownerAccount(String ownerAccount)
public ModifyVpnConnectionAttributeRequest.Builder ownerId(Long ownerId)
public ModifyVpnConnectionAttributeRequest.Builder regionId(String regionId)
You can call the [DescribeRegions](~~36063~~) operation to query the most recent region list.
public ModifyVpnConnectionAttributeRequest.Builder remoteCaCertificate(String remoteCaCertificate)
If the VPN gateway uses a ShangMi (SM) certificate, you can modify the CA certificate used by the IPsec peer. If the VPN gateway does not use an SM certificate, you cannot specify this parameter.
public ModifyVpnConnectionAttributeRequest.Builder remoteSubnet(String remoteSubnet)
Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24. The following routing modes are supported: * If you set **LocalSubnet** and **RemoteSubnet** to 0.0.0.0/0, the routing mode of the IPsec-VPN connection is set to Destination Routing Mode. * If you set **LocalSubnet** and **RemoteSubnet** to specific CIDR blocks, the routing mode of the IPsec-VPN connection is set to Protected Data Flows.
public ModifyVpnConnectionAttributeRequest.Builder resourceOwnerAccount(String resourceOwnerAccount)
public ModifyVpnConnectionAttributeRequest.Builder resourceOwnerId(Long resourceOwnerId)
public ModifyVpnConnectionAttributeRequest.Builder tunnelOptionsSpecification(List<ModifyVpnConnectionAttributeRequest.TunnelOptionsSpecification> tunnelOptionsSpecification)
You can specify the parameters in **TunnelOptionsSpecification** if you modify the configuration of a dual-tunnel IPsec-VPN connection. You can modify both the active and standby tunnels of the IPsec-VPN connection.
public ModifyVpnConnectionAttributeRequest.Builder vpnConnectionId(String vpnConnectionId)
public ModifyVpnConnectionAttributeRequest build()
Copyright © 2024. All rights reserved.