public class CreateVpnAttachmentRequest
extends com.aliyun.tea.TeaModel
| 限定符和类型 | 类和说明 |
|---|---|
static class |
CreateVpnAttachmentRequest.CreateVpnAttachmentRequestTags |
| 限定符和类型 | 字段和说明 |
|---|---|
Boolean |
autoConfigRoute
Specifies whether to automatically configure routes.
|
String |
bgpConfig
The Border Gateway Protocol (BGP) configurations:
BgpConfig.EnableBgp: specifies whether to enable BGP.
|
String |
clientToken
The client token that is used to ensure the idempotence of the request.
|
String |
customerGatewayId
The ID of the customer gateway.
|
Boolean |
effectImmediately
Specifies whether to immediately start IPsec negotiations after the configuration takes effect.
|
Boolean |
enableDpd
Specifies whether to enable the dead peer detection (DPD) feature.
|
Boolean |
enableNatTraversal
Specifies whether to enable NAT traversal.
|
String |
healthCheckConfig
The health check configuration:
HealthCheckConfig.enable: specifies whether to enable health checks.
|
String |
ikeConfig
The configurations of Phase 1 negotiations:
IkeConfig.Psk: The pre-shared key that is used for authentication between the VPN gateway and the data center.
|
String |
ipsecConfig
The configurations of Phase 2 negotiations:
IpsecConfig.IpsecEncAlg: the encryption algorithm that is used in Phase 2 negotiations.
|
String |
localSubnet
The CIDR block on the VPC side.
|
String |
name
The name of the IPsec-VPN connection.
|
String |
networkType
The network type of the IPsec-VPN connection.
|
String |
ownerAccount |
String |
regionId
The region ID of the IPsec-VPN connection.
|
String |
remoteCaCert
The peer CA certificate when a ShangMi (SM) VPN gateway is used to create the IPsec-VPN connection.
|
String |
remoteSubnet
The CIDR block on the data center side.
|
String |
resourceGroupId
The ID of the resource group to which the IPsec-VPN connection belongs.
|
String |
resourceOwnerAccount |
Long |
resourceOwnerId |
List<CreateVpnAttachmentRequest.CreateVpnAttachmentRequestTags> |
tags
The tag value.
|
| 构造器和说明 |
|---|
CreateVpnAttachmentRequest() |
@NameInMap(value="AutoConfigRoute") public Boolean autoConfigRoute
Specifies whether to automatically configure routes. Valid values:
true
@NameInMap(value="BgpConfig") public String bgpConfig
The Border Gateway Protocol (BGP) configurations:
BgpConfig.EnableBgp: specifies whether to enable BGP. Valid values: true and false. Default value: false.
BgpConfig.LocalAsn: the ASN on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104.
You can enter the ASN in two segments. Separate the first 16 bits of the ASN from the remaining 16 bits with a period (.). Enter the number in each segment in decimal format.
For example, if you enter 123.456, the ASN is: 123 × 65536 + 456 = 8061384.
BgpConfig.TunnelCidr: the CIDR block of the IPsec tunnel. The CIDR block falls within 169.254.0.0/16. The subnet mask of the CIDR block must be 30 bits in length.
LocalBgpIp: the BGP IP address on the Alibaba Cloud side. This IP address must fall within the CIDR block range of the IPsec tunnel.
example:
- Before you configure BGP, we recommend that you learn about how BGP works and the limits. For more information, see BGP dynamic routing .
- We recommend that you use a private ASN to establish a connection with Alibaba Cloud over BGP. Refer to the relevant documentation for the private ASN range.
{"EnableBgp":"true","LocalAsn":"45104","TunnelCidr":"169.254.11.0/30","LocalBgpIp":"169.254.11.1"}
@NameInMap(value="ClientToken") public String clientToken
The client token that is used to ensure the idempotence of the request.
You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.
example:If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
123e4567-e89b-12d3-a456-4266****
@NameInMap(value="CustomerGatewayId") public String customerGatewayId
The ID of the customer gateway.
This parameter is required.
example:cgw-p0w2jemrcj5u61un8****
@NameInMap(value="EffectImmediately") public Boolean effectImmediately
Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
false
@NameInMap(value="EnableDpd") public Boolean enableDpd
Specifies whether to enable the dead peer detection (DPD) feature. Valid values:
true
@NameInMap(value="EnableNatTraversal") public Boolean enableNatTraversal
Specifies whether to enable NAT traversal. Valid values:
true
@NameInMap(value="HealthCheckConfig") public String healthCheckConfig
The health check configuration:
HealthCheckConfig.enable: specifies whether to enable health checks. Valid values: true and false. Default value: false.
HealthCheckConfig.dip: the destination IP address configured for health checks. Enter the IP address on the data center side that the VPC can communicate with through the IPsec-VPN connection.
HealthCheckConfig.sip: the source IP address configured for health checks. Enter the IP address on the VPC side that the data center can communicate with through the IPsec-VPN connection.
HealthCheckConfig.interval: the time interval of health check retries. Unit: seconds. Default value: 3.
HealthCheckConfig.retry: the maximum number of health check retries. Default value: 3.
HealthCheckConfig.Policy: specifies whether to withdraw published routes when health checks fail. Valid values:
{"enable":"true","dip":"192.168.1.1","sip":"10.1.1.1","interval":"3","retry":"3","Policy": "revoke_route"}
@NameInMap(value="IkeConfig") public String ikeConfig
The configurations of Phase 1 negotiations:
IkeConfig.Psk: The pre-shared key that is used for authentication between the VPN gateway and the data center.
~!`@#$%^&*()_-+={}[]|;:\\",.<>/?The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the data center. Otherwise, a connection cannot be established between the data center and the VPN gateway.
IkeConfig.IkeVersion: the IKE version. Valid values: ikev1 and ikev2. Default value: ikev1.
IkeConfig.IkeMode: the negotiation mode. Valid values: main and aggressive. Default value: main.
IkeConfig.IkeEncAlg: the encryption algorithm that is used in Phase 1 negotiations. Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
IkeConfig.IkeAuthAlg: the authentication algorithm that is used in Phase 1 negotiations. Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
IkeConfig.IkePfs: the Diffie-Hellman key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
IkeConfig.IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
IkeConfig.LocalId: the identifier on the Alibaba Cloud side. The identifier cannot exceed 100 characters in length. This parameter is empty by default.
IkeConfig.RemoteId: the identifier on the data center side. The identifier cannot exceed 100 characters in length. The default value is the IP address of the customer gateway.
{"Psk":"1234****","IkeVersion":"ikev1","IkeMode":"main","IkeEncAlg":"aes","IkeAuthAlg":"sha1","IkePfs":"group2","IkeLifetime":86400,"LocalId":"47.XX.XX.1","RemoteId":"47.XX.XX.2"}
@NameInMap(value="IpsecConfig") public String ipsecConfig
The configurations of Phase 2 negotiations:
{"IpsecEncAlg":"aes","IpsecAuthAlg":"sha1","IpsecPfs":"group2","IpsecLifetime":86400}
@NameInMap(value="LocalSubnet") public String localSubnet
The CIDR block on the VPC side. The CIDR block is used in Phase 2 negotiations.
Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.
The following routing modes are supported:
This parameter is required.
example:10.1.1.0/24,10.1.2.0/24
@NameInMap(value="Name") public String name
The name of the IPsec-VPN connection.
The name must be 1 to 100 characters in length and cannot start with http:// or https://.
nametest
@NameInMap(value="NetworkType") public String networkType
The network type of the IPsec-VPN connection. Valid values:
public
@NameInMap(value="OwnerAccount") public String ownerAccount
@NameInMap(value="RegionId") public String regionId
The region ID of the IPsec-VPN connection.
You can call the DescribeRegions operation to query the most recent region list.
This parameter is required.
example:cn-hangzhou
@NameInMap(value="RemoteCaCert") public String remoteCaCert
The peer CA certificate when a ShangMi (SM) VPN gateway is used to create the IPsec-VPN connection.
example:-----BEGIN CERTIFICATE----- MIIB7zCCAZW**** -----END CERTIFICATE-----
@NameInMap(value="RemoteSubnet") public String remoteSubnet
The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.
Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.
The following routing modes are supported:
This parameter is required.
example:10.1.3.0/24,10.1.4.0/24
@NameInMap(value="ResourceGroupId") public String resourceGroupId
The ID of the resource group to which the IPsec-VPN connection belongs.
rg-acfmzs372yg****
@NameInMap(value="ResourceOwnerAccount") public String resourceOwnerAccount
@NameInMap(value="ResourceOwnerId") public Long resourceOwnerId
@NameInMap(value="Tags") public List<CreateVpnAttachmentRequest.CreateVpnAttachmentRequestTags> tags
The tag value.
The tag value can be an empty string and cannot exceed 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.
Each tag key corresponds to one tag value. You can specify up to 20 tag values in each call.
public static CreateVpnAttachmentRequest build(Map<String,?> map) throws Exception
Exceptionpublic CreateVpnAttachmentRequest setAutoConfigRoute(Boolean autoConfigRoute)
public Boolean getAutoConfigRoute()
public CreateVpnAttachmentRequest setBgpConfig(String bgpConfig)
public String getBgpConfig()
public CreateVpnAttachmentRequest setClientToken(String clientToken)
public String getClientToken()
public CreateVpnAttachmentRequest setCustomerGatewayId(String customerGatewayId)
public String getCustomerGatewayId()
public CreateVpnAttachmentRequest setEffectImmediately(Boolean effectImmediately)
public Boolean getEffectImmediately()
public CreateVpnAttachmentRequest setEnableDpd(Boolean enableDpd)
public Boolean getEnableDpd()
public CreateVpnAttachmentRequest setEnableNatTraversal(Boolean enableNatTraversal)
public Boolean getEnableNatTraversal()
public CreateVpnAttachmentRequest setHealthCheckConfig(String healthCheckConfig)
public String getHealthCheckConfig()
public CreateVpnAttachmentRequest setIkeConfig(String ikeConfig)
public String getIkeConfig()
public CreateVpnAttachmentRequest setIpsecConfig(String ipsecConfig)
public String getIpsecConfig()
public CreateVpnAttachmentRequest setLocalSubnet(String localSubnet)
public String getLocalSubnet()
public CreateVpnAttachmentRequest setName(String name)
public String getName()
public CreateVpnAttachmentRequest setNetworkType(String networkType)
public String getNetworkType()
public CreateVpnAttachmentRequest setOwnerAccount(String ownerAccount)
public String getOwnerAccount()
public CreateVpnAttachmentRequest setRegionId(String regionId)
public String getRegionId()
public CreateVpnAttachmentRequest setRemoteCaCert(String remoteCaCert)
public String getRemoteCaCert()
public CreateVpnAttachmentRequest setRemoteSubnet(String remoteSubnet)
public String getRemoteSubnet()
public CreateVpnAttachmentRequest setResourceGroupId(String resourceGroupId)
public String getResourceGroupId()
public CreateVpnAttachmentRequest setResourceOwnerAccount(String resourceOwnerAccount)
public String getResourceOwnerAccount()
public CreateVpnAttachmentRequest setResourceOwnerId(Long resourceOwnerId)
public Long getResourceOwnerId()
public CreateVpnAttachmentRequest setTags(List<CreateVpnAttachmentRequest.CreateVpnAttachmentRequestTags> tags)
public List<CreateVpnAttachmentRequest.CreateVpnAttachmentRequestTags> getTags()
Copyright © 2024. All rights reserved.