import * as pulumi from "@pulumi/pulumi"; /** * `f5bigip.NetIkePeer` Manages a ikePeer configuration * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as f5bigip from "@pulumi/f5bigip"; * * const example1 = new f5bigip.NetIkePeer("example1", { * name: "example1", * localAddress: "192.16.81.240", * profile: "/Common/dslite", * }); * ``` */ export declare class NetIkePeer extends pulumi.CustomResource { /** * Get an existing NetIkePeer resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: NetIkePeerState, opts?: pulumi.CustomResourceOptions): NetIkePeer; /** * Returns true if the given object is an instance of NetIkePeer. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is NetIkePeer; /** * The application service that the object belongs to */ readonly appService: pulumi.Output; /** * the trusted root and intermediate certificate authorities */ readonly caCertFile: pulumi.Output; /** * Specifies the file name of the Certificate Revocation List. Only supported in IKEv1 */ readonly crlFile: pulumi.Output; /** * User defined description */ readonly description: pulumi.Output; /** * Specifies the number of seconds between Dead Peer Detection messages */ readonly dpdDelay: pulumi.Output; /** * Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node */ readonly generatePolicy: pulumi.Output; /** * Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations */ readonly lifetime: pulumi.Output; /** * Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder */ readonly mode: pulumi.Output; /** * Specifies the name of the certificate file object */ readonly myCertFile: pulumi.Output; /** * Specifies the name of the certificate key file object */ readonly myCertKeyFile: pulumi.Output; /** * Specifies the passphrase of the key used for my-cert-key-file */ readonly myCertKeyPassphrase: pulumi.Output; /** * Specifies the identifier type sent to the remote host to use in the phase 1 negotiation */ readonly myIdType: pulumi.Output; /** * Specifies the identifier value sent to the remote host in the phase 1 negotiation */ readonly myIdValue: pulumi.Output; /** * Name of the ike_peer */ readonly name: pulumi.Output; /** * Enables use of the NAT-Traversal IPsec extension */ readonly natTraversal: pulumi.Output; /** * Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer */ readonly passive: pulumi.Output; /** * Specifies the peer’s certificate for authentication */ readonly peersCertFile: pulumi.Output; /** * Specifies that the only peers-cert-type supported is certfile */ readonly peersCertType: pulumi.Output; /** * Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type */ readonly peersIdType: pulumi.Output; /** * Specifies the peer’s identifier to be received */ readonly peersIdValue: pulumi.Output; /** * Specifies the authentication method used for phase 1 negotiation */ readonly phase1AuthMethod: pulumi.Output; /** * Specifies the encryption algorithm used for the isakmp phase 1 negotiation */ readonly phase1EncryptAlgorithm: pulumi.Output; /** * Defines the hash algorithm used for the isakmp phase 1 negotiation */ readonly phase1HashAlgorithm: pulumi.Output; /** * Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy */ readonly phase1PerfectForwardSecrecy: pulumi.Output; /** * Specifies the preshared key for ISAKMP SAs */ readonly presharedKey: pulumi.Output; /** * Display the encrypted preshared-key for the IKE remote node */ readonly presharedKeyEncrypted: pulumi.Output; /** * Specifies the pseudo-random function used to derive keying material for all cryptographic operations */ readonly prf: pulumi.Output; /** * If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs */ readonly proxySupport: pulumi.Output; /** * Specifies the IP address of the IKE remote node */ readonly remoteAddress: pulumi.Output; /** * Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node */ readonly replayWindowSize: pulumi.Output; /** * Enables or disables this IKE remote node */ readonly state: pulumi.Output; /** * Specifies the names of the traffic-selector objects associated with this ike-peer */ readonly trafficSelectors: pulumi.Output; /** * Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file */ readonly verifyCert: pulumi.Output; /** * Specifies which version of IKE to be used */ readonly versions: pulumi.Output; /** * Create a NetIkePeer resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: NetIkePeerArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering NetIkePeer resources. */ export interface NetIkePeerState { /** * The application service that the object belongs to */ appService?: pulumi.Input; /** * the trusted root and intermediate certificate authorities */ caCertFile?: pulumi.Input; /** * Specifies the file name of the Certificate Revocation List. Only supported in IKEv1 */ crlFile?: pulumi.Input; /** * User defined description */ description?: pulumi.Input; /** * Specifies the number of seconds between Dead Peer Detection messages */ dpdDelay?: pulumi.Input; /** * Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node */ generatePolicy?: pulumi.Input; /** * Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations */ lifetime?: pulumi.Input; /** * Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder */ mode?: pulumi.Input; /** * Specifies the name of the certificate file object */ myCertFile?: pulumi.Input; /** * Specifies the name of the certificate key file object */ myCertKeyFile?: pulumi.Input; /** * Specifies the passphrase of the key used for my-cert-key-file */ myCertKeyPassphrase?: pulumi.Input; /** * Specifies the identifier type sent to the remote host to use in the phase 1 negotiation */ myIdType?: pulumi.Input; /** * Specifies the identifier value sent to the remote host in the phase 1 negotiation */ myIdValue?: pulumi.Input; /** * Name of the ike_peer */ name?: pulumi.Input; /** * Enables use of the NAT-Traversal IPsec extension */ natTraversal?: pulumi.Input; /** * Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer */ passive?: pulumi.Input; /** * Specifies the peer’s certificate for authentication */ peersCertFile?: pulumi.Input; /** * Specifies that the only peers-cert-type supported is certfile */ peersCertType?: pulumi.Input; /** * Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type */ peersIdType?: pulumi.Input; /** * Specifies the peer’s identifier to be received */ peersIdValue?: pulumi.Input; /** * Specifies the authentication method used for phase 1 negotiation */ phase1AuthMethod?: pulumi.Input; /** * Specifies the encryption algorithm used for the isakmp phase 1 negotiation */ phase1EncryptAlgorithm?: pulumi.Input; /** * Defines the hash algorithm used for the isakmp phase 1 negotiation */ phase1HashAlgorithm?: pulumi.Input; /** * Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy */ phase1PerfectForwardSecrecy?: pulumi.Input; /** * Specifies the preshared key for ISAKMP SAs */ presharedKey?: pulumi.Input; /** * Display the encrypted preshared-key for the IKE remote node */ presharedKeyEncrypted?: pulumi.Input; /** * Specifies the pseudo-random function used to derive keying material for all cryptographic operations */ prf?: pulumi.Input; /** * If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs */ proxySupport?: pulumi.Input; /** * Specifies the IP address of the IKE remote node */ remoteAddress?: pulumi.Input; /** * Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node */ replayWindowSize?: pulumi.Input; /** * Enables or disables this IKE remote node */ state?: pulumi.Input; /** * Specifies the names of the traffic-selector objects associated with this ike-peer */ trafficSelectors?: pulumi.Input[] | undefined>; /** * Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file */ verifyCert?: pulumi.Input; /** * Specifies which version of IKE to be used */ versions?: pulumi.Input[] | undefined>; } /** * The set of arguments for constructing a NetIkePeer resource. */ export interface NetIkePeerArgs { /** * The application service that the object belongs to */ appService?: pulumi.Input; /** * the trusted root and intermediate certificate authorities */ caCertFile?: pulumi.Input; /** * Specifies the file name of the Certificate Revocation List. Only supported in IKEv1 */ crlFile?: pulumi.Input; /** * User defined description */ description?: pulumi.Input; /** * Specifies the number of seconds between Dead Peer Detection messages */ dpdDelay?: pulumi.Input; /** * Enable or disable the generation of Security Policy Database entries(SPD) when the device is the responder of the IKE remote node */ generatePolicy?: pulumi.Input; /** * Defines the lifetime in minutes of an IKE SA which will be proposed in the phase 1 negotiations */ lifetime?: pulumi.Input; /** * Defines the exchange mode for phase 1 when racoon is the initiator, or the acceptable exchange mode when racoon is the responder */ mode?: pulumi.Input; /** * Specifies the name of the certificate file object */ myCertFile?: pulumi.Input; /** * Specifies the name of the certificate key file object */ myCertKeyFile?: pulumi.Input; /** * Specifies the passphrase of the key used for my-cert-key-file */ myCertKeyPassphrase?: pulumi.Input; /** * Specifies the identifier type sent to the remote host to use in the phase 1 negotiation */ myIdType?: pulumi.Input; /** * Specifies the identifier value sent to the remote host in the phase 1 negotiation */ myIdValue?: pulumi.Input; /** * Name of the ike_peer */ name: pulumi.Input; /** * Enables use of the NAT-Traversal IPsec extension */ natTraversal?: pulumi.Input; /** * Specifies whether the local IKE agent can be the initiator of the IKE negotiation with this ike-peer */ passive?: pulumi.Input; /** * Specifies the peer’s certificate for authentication */ peersCertFile?: pulumi.Input; /** * Specifies that the only peers-cert-type supported is certfile */ peersCertType?: pulumi.Input; /** * Specifies which of address, fqdn, asn1dn, user-fqdn or keyid-tag types to use as peers-id-type */ peersIdType?: pulumi.Input; /** * Specifies the peer’s identifier to be received */ peersIdValue?: pulumi.Input; /** * Specifies the authentication method used for phase 1 negotiation */ phase1AuthMethod?: pulumi.Input; /** * Specifies the encryption algorithm used for the isakmp phase 1 negotiation */ phase1EncryptAlgorithm?: pulumi.Input; /** * Defines the hash algorithm used for the isakmp phase 1 negotiation */ phase1HashAlgorithm?: pulumi.Input; /** * Defines the Diffie-Hellman group for key exchange to provide perfect forward secrecy */ phase1PerfectForwardSecrecy?: pulumi.Input; /** * Specifies the preshared key for ISAKMP SAs */ presharedKey?: pulumi.Input; /** * Display the encrypted preshared-key for the IKE remote node */ presharedKeyEncrypted?: pulumi.Input; /** * Specifies the pseudo-random function used to derive keying material for all cryptographic operations */ prf?: pulumi.Input; /** * If this value is enabled, both values of ID payloads in the phase 2 exchange are used as the addresses of end-point of IPsec-SAs */ proxySupport?: pulumi.Input; /** * Specifies the IP address of the IKE remote node */ remoteAddress: pulumi.Input; /** * Specifies the replay window size of the IPsec SAs negotiated with the IKE remote node */ replayWindowSize?: pulumi.Input; /** * Enables or disables this IKE remote node */ state?: pulumi.Input; /** * Specifies the names of the traffic-selector objects associated with this ike-peer */ trafficSelectors?: pulumi.Input[] | undefined>; /** * Specifies whether to verify the certificate chain of the remote peer based on the trusted certificates in ca-cert-file */ verifyCert?: pulumi.Input; /** * Specifies which version of IKE to be used */ versions?: pulumi.Input[] | undefined>; } //# sourceMappingURL=netIkePeer.d.ts.map