public class ModifyVpnConnectionAttributeRequest
extends com.aliyun.tea.TeaModel
| 限定符和类型 | 字段和说明 |
|---|---|
Boolean |
autoConfigRoute
Specifies whether to automatically advertise routes.
|
String |
bgpConfig
This parameter is supported by single-tunnel IPsec-VPN connections.
|
String |
clientToken
The client token that is used to ensure the idempotence of the request.
|
Boolean |
effectImmediately
Specifies whether to immediately start IPsec negotiations after the configuration takes effect.
|
Boolean |
enableDpd
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
Boolean |
enableNatTraversal
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
Boolean |
enableTunnelsBgp
You can specify this parameter if you modify the configuration of a dual-tunnel IPsec-VPN connection.
|
String |
healthCheckConfig
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
String |
ikeConfig
This parameter is supported by single-tunnel IPsec-VPN connections.
|
String |
ipsecConfig
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
String |
localSubnet
The CIDR block used to connect the virtual private cloud (VPC) to the data center.
|
String |
name
The name of the IPsec-VPN connection.
|
String |
ownerAccount |
Long |
ownerId |
String |
regionId
The ID of the region in which the IPsec-VPN connection is created.
|
String |
remoteCaCertificate
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
|
String |
remoteSubnet
The CIDR block on the data center side.
|
String |
resourceOwnerAccount |
Long |
resourceOwnerId |
List<ModifyVpnConnectionAttributeRequest.ModifyVpnConnectionAttributeRequestTunnelOptionsSpecification> |
tunnelOptionsSpecification
The tunnel configurations.
|
String |
vpnConnectionId
The ID of the IPsec-VPN connection.
|
| 构造器和说明 |
|---|
ModifyVpnConnectionAttributeRequest() |
@NameInMap(value="AutoConfigRoute") public Boolean autoConfigRoute
Specifies whether to automatically advertise routes. Valid values:
true
@NameInMap(value="BgpConfig") public String bgpConfig
This parameter is supported by single-tunnel IPsec-VPN connections.
The Border Gateway Protocol (BGP) configurations:
BgpConfig.EnableBgp: specifies whether to enable BGP. Valid values: true and false.
BgpConfig.LocalAsn: the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295.
You can enter the ASN in two segments. Separate the first 16 bits of the ASN from the remaining 16 bits with a period (.). Enter the number in each segment in decimal format.
For example, if you enter 123.456, the ASN is: 123 × 65536 + 456 = 8061384.
BgpConfig.TunnelCidr: the CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16. The subnet mask of the CIDR block must be 30 bits in length.
The CIDR block of the IPsec tunnel of each IPsec-VPN connection must be unique on a VPN gateway.
LocalBgpIp: the BGP IP address on the Alibaba Cloud side. This IP address must fall within the CIDR block range of the IPsec tunnel.
example:
- This parameter is required when the VPN gateway has dynamic BGP enabled.
- Before you configure BGP, we recommend that you learn about how BGP works and its limits. For more information, see BGP dynamic routing .
- We recommend that you use a private ASN to establish a connection with Alibaba Cloud over BGP. For information about the range of private ASNs, see the relevant documentation.
{"EnableBgp":"true","LocalAsn":"65530","TunnelCidr":"169.254.11.0/30","LocalBgpIp":"169.254.11.1"}
@NameInMap(value="ClientToken") public String clientToken
The client token that is used to ensure the idempotence of the request.
You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.
example:If you do not specify this parameter, the system automatically uses the value of RequestId as the value of ClientToken. The request ID may be different for each request.
02fb3da4-130e-11e9-8e44-0016e04115b
@NameInMap(value="EffectImmediately") public Boolean effectImmediately
Specifies whether to immediately start IPsec negotiations after the configuration takes effect. Valid values:
false
@NameInMap(value="EnableDpd") public Boolean enableDpd
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
Specifies whether to enable the dead peer detection (DPD) feature. Valid values:
true
@NameInMap(value="EnableNatTraversal") public Boolean enableNatTraversal
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
Specifies whether to enable NAT traversal. Valid values:
true
@NameInMap(value="EnableTunnelsBgp") public Boolean enableTunnelsBgp
You can specify this parameter if you modify the configuration of a dual-tunnel IPsec-VPN connection.
Specifies whether to enable BGP for the tunnel. Valid values: true and false.
example:true
if can be null:true
@NameInMap(value="HealthCheckConfig") public String healthCheckConfig
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
The health check configuration:
{"enable":"true","dip":"192.168.1.1","sip":"10.1.1.1","interval":"3","retry":"3"}
@NameInMap(value="IkeConfig") public String ikeConfig
This parameter is supported by single-tunnel IPsec-VPN connections.
The configurations of Phase 1 negotiations:
IkeConfig.Psk: the pre-shared key that is used for authentication between the VPN gateway and the data center.
~!`@#$%^&*()_-+={}[]|;:\\",.<>/?The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises database. Otherwise, the on-premises database and the VPN gateway cannot establish a connection.
IkeConfig.IkeVersion: the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2.
Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and is more suitable for scenarios in which multiple CIDR blocks are used.
IkeConfig.IkeMode: the negotiation mode of IKE. Valid values: main and aggressive.
IkeConfig.IkeEncAlg: the encryption algorithm that is used in Phase 1 negotiations.
Valid values: aes, aes192, aes256, des, and 3des.
IkeConfig.IkeAuthAlg: the authentication algorithm that is used in Phase 1 negotiations.
Valid values: md5, sha1, sha256, sha384, and sha512.
IkeConfig.IkePfs: the Diffie-Hellman (DH) key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14.
IkeConfig.IkeLifetime: the security association (SA) lifetime that is determined by Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400.
IkeConfig.LocalId: the identifier of the VPN gateway. The identifier cannot exceed 100 characters in length. The default value is the IP address of the VPN gateway.
IkeConfig.RemoteId: the identifier of the customer gateway. The identifier cannot exceed 100 characters in length. The default value is the IP address of the customer gateway.
{"Psk":"pgw6dy7d1i8i****","IkeVersion":"ikev1","IkeMode":"main","IkeEncAlg":"aes","IkeAuthAlg":"sha1","IkePfs":"group2","IkeLifetime":86400,"LocalId":"116.64.XX.XX","RemoteId":"139.18.XX.XX"}
@NameInMap(value="IpsecConfig") public String ipsecConfig
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
The configuration of Phase 2 negotiations:
IpsecConfig.IpsecEncAlg: the encryption algorithm that is used in Phase 2 negotiations.
Valid values: aes, aes192, aes256, des, and 3des.
IpsecConfig. IpsecAuthAlg: the authentication algorithm that is used in Phase 2 negotiations.
Valid values: md5, sha1, sha256, sha384, and sha512.
IpsecConfig. IpsecPfs: the DH key exchange algorithm that is used in Phase 1 negotiations. If you specify this parameter, packets of all protocols are forwarded. Valid values: disabled, group1, group2, group5, and group14.
IpsecConfig. IpsecLifetime: the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400.
{"IpsecEncAlg":"aes","IpsecAuthAlg":"sha1","IpsecPfs":"group2","IpsecLifetime":86400}
@NameInMap(value="LocalSubnet") public String localSubnet
The CIDR block used to connect the virtual private cloud (VPC) to the data center. The CIDR block is used in Phase 2 negotiations.
Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.
The following routing modes are supported:
10.1.1.0/24,10.1.2.0/24
@NameInMap(value="Name") public String name
The name of the IPsec-VPN connection.
The name must be 1 to 100 characters in length and cannot start with http:// or https://.
nametest
@NameInMap(value="OwnerAccount") public String ownerAccount
@NameInMap(value="OwnerId") public Long ownerId
@NameInMap(value="RegionId") public String regionId
The ID of the region in which the IPsec-VPN connection is created.
You can call the DescribeRegions operation to query the most recent region list.
This parameter is required.
example:cn-shanghai
@NameInMap(value="RemoteCaCertificate") public String remoteCaCertificate
You can specify this parameter if you modify the configuration of a single-tunnel IPsec-VPN connection.
If the VPN gateway uses a ShangMi (SM) certificate, you can modify the CA certificate used by the IPsec peer.
If the VPN gateway does not use an SM certificate, you cannot specify this parameter.
example:-----BEGIN CERTIFICATE----- MIIB7zCCAZW**** -----END CERTIFICATE-----
@NameInMap(value="RemoteSubnet") public String remoteSubnet
The CIDR block on the data center side. This CIDR block is used in Phase 2 negotiations.
Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.
The following routing modes are supported:
10.2.1.0/24,10.2.2.0/24
@NameInMap(value="ResourceOwnerAccount") public String resourceOwnerAccount
@NameInMap(value="ResourceOwnerId") public Long resourceOwnerId
@NameInMap(value="TunnelOptionsSpecification") public List<ModifyVpnConnectionAttributeRequest.ModifyVpnConnectionAttributeRequestTunnelOptionsSpecification> tunnelOptionsSpecification
The tunnel configurations.
You can specify the parameters in TunnelOptionsSpecification if you modify the configuration of a dual-tunnel IPsec-VPN connection. You can modify both the active and standby tunnels of the IPsec-VPN connection.
if can be null:true
@NameInMap(value="VpnConnectionId") public String vpnConnectionId
The ID of the IPsec-VPN connection.
This parameter is required.
example:vco-bp1bbi27hojx80nck****
public static ModifyVpnConnectionAttributeRequest build(Map<String,?> map) throws Exception
Exceptionpublic ModifyVpnConnectionAttributeRequest setAutoConfigRoute(Boolean autoConfigRoute)
public Boolean getAutoConfigRoute()
public ModifyVpnConnectionAttributeRequest setBgpConfig(String bgpConfig)
public String getBgpConfig()
public ModifyVpnConnectionAttributeRequest setClientToken(String clientToken)
public String getClientToken()
public ModifyVpnConnectionAttributeRequest setEffectImmediately(Boolean effectImmediately)
public Boolean getEffectImmediately()
public ModifyVpnConnectionAttributeRequest setEnableDpd(Boolean enableDpd)
public Boolean getEnableDpd()
public ModifyVpnConnectionAttributeRequest setEnableNatTraversal(Boolean enableNatTraversal)
public Boolean getEnableNatTraversal()
public ModifyVpnConnectionAttributeRequest setEnableTunnelsBgp(Boolean enableTunnelsBgp)
public Boolean getEnableTunnelsBgp()
public ModifyVpnConnectionAttributeRequest setHealthCheckConfig(String healthCheckConfig)
public String getHealthCheckConfig()
public ModifyVpnConnectionAttributeRequest setIkeConfig(String ikeConfig)
public String getIkeConfig()
public ModifyVpnConnectionAttributeRequest setIpsecConfig(String ipsecConfig)
public String getIpsecConfig()
public ModifyVpnConnectionAttributeRequest setLocalSubnet(String localSubnet)
public String getLocalSubnet()
public ModifyVpnConnectionAttributeRequest setName(String name)
public String getName()
public ModifyVpnConnectionAttributeRequest setOwnerAccount(String ownerAccount)
public String getOwnerAccount()
public ModifyVpnConnectionAttributeRequest setOwnerId(Long ownerId)
public Long getOwnerId()
public ModifyVpnConnectionAttributeRequest setRegionId(String regionId)
public String getRegionId()
public ModifyVpnConnectionAttributeRequest setRemoteCaCertificate(String remoteCaCertificate)
public String getRemoteCaCertificate()
public ModifyVpnConnectionAttributeRequest setRemoteSubnet(String remoteSubnet)
public String getRemoteSubnet()
public ModifyVpnConnectionAttributeRequest setResourceOwnerAccount(String resourceOwnerAccount)
public String getResourceOwnerAccount()
public ModifyVpnConnectionAttributeRequest setResourceOwnerId(Long resourceOwnerId)
public Long getResourceOwnerId()
public ModifyVpnConnectionAttributeRequest setTunnelOptionsSpecification(List<ModifyVpnConnectionAttributeRequest.ModifyVpnConnectionAttributeRequestTunnelOptionsSpecification> tunnelOptionsSpecification)
public List<ModifyVpnConnectionAttributeRequest.ModifyVpnConnectionAttributeRequestTunnelOptionsSpecification> getTunnelOptionsSpecification()
public ModifyVpnConnectionAttributeRequest setVpnConnectionId(String vpnConnectionId)
public String getVpnConnectionId()
Copyright © 2024. All rights reserved.