Interface CfnVPNConnection.VpnTunnelOptionsSpecificationProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnVPNConnection.VpnTunnelOptionsSpecificationProperty.Jsii$Proxy
- Enclosing class:
CfnVPNConnection
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.ec2.*;
VpnTunnelOptionsSpecificationProperty vpnTunnelOptionsSpecificationProperty = VpnTunnelOptionsSpecificationProperty.builder()
.dpdTimeoutAction("dpdTimeoutAction")
.dpdTimeoutSeconds(123)
.enableTunnelLifecycleControl(false)
.ikeVersions(List.of(Map.of(
"value", "value")))
.logOptions(VpnTunnelLogOptionsSpecificationProperty.builder()
.cloudwatchLogOptions(CloudwatchLogOptionsSpecificationProperty.builder()
.logEnabled(false)
.logGroupArn("logGroupArn")
.logOutputFormat("logOutputFormat")
.build())
.build())
.phase1DhGroupNumbers(List.of(Phase1DHGroupNumbersRequestListValueProperty.builder()
.value(123)
.build()))
.phase1EncryptionAlgorithms(List.of(Phase1EncryptionAlgorithmsRequestListValueProperty.builder()
.value("value")
.build()))
.phase1IntegrityAlgorithms(List.of(Phase1IntegrityAlgorithmsRequestListValueProperty.builder()
.value("value")
.build()))
.phase1LifetimeSeconds(123)
.phase2DhGroupNumbers(List.of(Phase2DHGroupNumbersRequestListValueProperty.builder()
.value(123)
.build()))
.phase2EncryptionAlgorithms(List.of(Phase2EncryptionAlgorithmsRequestListValueProperty.builder()
.value("value")
.build()))
.phase2IntegrityAlgorithms(List.of(Phase2IntegrityAlgorithmsRequestListValueProperty.builder()
.value("value")
.build()))
.phase2LifetimeSeconds(123)
.preSharedKey("preSharedKey")
.rekeyFuzzPercentage(123)
.rekeyMarginTimeSeconds(123)
.replayWindowSize(123)
.startupAction("startupAction")
.tunnelInsideCidr("tunnelInsideCidr")
.tunnelInsideIpv6Cidr("tunnelInsideIpv6Cidr")
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnVPNConnection.VpnTunnelOptionsSpecificationPropertystatic final classAn implementation forCfnVPNConnection.VpnTunnelOptionsSpecificationProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default StringThe action to take after DPD timeout occurs.default NumberThe number of seconds after which a DPD timeout occurs.default ObjectTurn on or off tunnel endpoint lifecycle control feature.default ObjectThe IKE versions that are permitted for the VPN tunnel.default ObjectOptions for logging VPN tunnel activity.default ObjectOne or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.default ObjectOne or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.default ObjectOne or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.default NumberThe lifetime for phase 1 of the IKE negotiation, in seconds.default ObjectOne or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.default ObjectOne or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.default ObjectOne or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.default NumberThe lifetime for phase 2 of the IKE negotiation, in seconds.default StringThe pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.default NumberThe percentage of the rekey window (determined byRekeyMarginTimeSeconds) during which the rekey time is randomly selected.default NumberThe margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey.default NumberThe number of packets in an IKE replay window.default StringThe action to take when the establishing the tunnel for the VPN connection.default StringThe range of inside IP addresses for the tunnel.default StringThe range of inside IPv6 addresses for the tunnel.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getDpdTimeoutAction
The action to take after DPD timeout occurs.Specify
restartto restart the IKE initiation. Specifyclearto end the IKE session.Valid Values:
clear|none|restartDefault:
clear- See Also:
-
getDpdTimeoutSeconds
The number of seconds after which a DPD timeout occurs.Constraints: A value greater than or equal to 30.
Default:
30- See Also:
-
getEnableTunnelLifecycleControl
Turn on or off tunnel endpoint lifecycle control feature.- See Also:
-
getIkeVersions
The IKE versions that are permitted for the VPN tunnel.Valid values:
ikev1|ikev2- See Also:
-
getLogOptions
Options for logging VPN tunnel activity.- See Also:
-
getPhase1DhGroupNumbers
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.Valid values:
2|14|15|16|17|18|19|20|21|22|23|24- See Also:
-
getPhase1EncryptionAlgorithms
One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.Valid values:
AES128|AES256|AES128-GCM-16|AES256-GCM-16- See Also:
-
getPhase1IntegrityAlgorithms
One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.Valid values:
SHA1|SHA2-256|SHA2-384|SHA2-512- See Also:
-
getPhase1LifetimeSeconds
The lifetime for phase 1 of the IKE negotiation, in seconds.Constraints: A value between 900 and 28,800.
Default:
28800- See Also:
-
getPhase2DhGroupNumbers
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.Valid values:
2|5|14|15|16|17|18|19|20|21|22|23|24- See Also:
-
getPhase2EncryptionAlgorithms
One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.Valid values:
AES128|AES256|AES128-GCM-16|AES256-GCM-16- See Also:
-
getPhase2IntegrityAlgorithms
One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.Valid values:
SHA1|SHA2-256|SHA2-384|SHA2-512- See Also:
-
getPhase2LifetimeSeconds
The lifetime for phase 2 of the IKE negotiation, in seconds.Constraints: A value between 900 and 3,600. The value must be less than the value for
Phase1LifetimeSeconds.Default:
3600- See Also:
-
getRekeyFuzzPercentage
The percentage of the rekey window (determined byRekeyMarginTimeSeconds) during which the rekey time is randomly selected.Constraints: A value between 0 and 100.
Default:
100- See Also:
-
getRekeyMarginTimeSeconds
The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey.The exact time of the rekey is randomly selected based on the value for
RekeyFuzzPercentage.Constraints: A value between 60 and half of
Phase2LifetimeSeconds.Default:
270- See Also:
-
getReplayWindowSize
The number of packets in an IKE replay window.Constraints: A value between 64 and 2048.
Default:
1024- See Also:
-
getStartupAction
The action to take when the establishing the tunnel for the VPN connection.By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify
startfor AWS to initiate the IKE negotiation.Valid Values:
add|startDefault:
add- See Also:
-
getTunnelInsideCidr
The range of inside IP addresses for the tunnel.Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway.
Constraints: A size /30 CIDR block from the
169.254.0.0/16range. The following CIDR blocks are reserved and cannot be used:169.254.0.0/30169.254.1.0/30169.254.2.0/30169.254.3.0/30169.254.4.0/30169.254.5.0/30169.254.169.252/30
- See Also:
-
getTunnelInsideIpv6Cidr
The range of inside IPv6 addresses for the tunnel.Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.
Constraints: A size /126 CIDR block from the local
fd00::/8range.- See Also:
-
builder
-