Class CfnVPNConnectionPropsMixin.VpnTunnelOptionsSpecificationProperty
The tunnel options for a single VPN tunnel.
Inherited Members
Namespace: Amazon.CDK.CfnPropertyMixins.AWS.EC2
Assembly: Amazon.CDK.CfnPropertyMixins.dll
Syntax (csharp)
public class CfnVPNConnectionPropsMixin.VpnTunnelOptionsSpecificationProperty : CfnVPNConnectionPropsMixin.IVpnTunnelOptionsSpecificationPropertySyntax (vb)
Public Class CfnVPNConnectionPropsMixin.VpnTunnelOptionsSpecificationProperty Implements CfnVPNConnectionPropsMixin.IVpnTunnelOptionsSpecificationPropertyRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.EC2;
var vpnTunnelOptionsSpecificationProperty = new VpnTunnelOptionsSpecificationProperty {
DpdTimeoutAction = "dpdTimeoutAction",
DpdTimeoutSeconds = 123,
EnableTunnelLifecycleControl = false,
IkeVersions = new [] { new Dictionary<string, string?> {
{ "value", "value" }
} },
LogOptions = new VpnTunnelLogOptionsSpecificationProperty {
CloudwatchLogOptions = new CloudwatchLogOptionsSpecificationProperty {
BgpLogEnabled = false,
BgpLogGroupArn = "bgpLogGroupArn",
BgpLogOutputFormat = "bgpLogOutputFormat",
LogEnabled = false,
LogGroupArn = "logGroupArn",
LogOutputFormat = "logOutputFormat"
}
},
Phase1DhGroupNumbers = new [] { new Phase1DHGroupNumbersRequestListValueProperty {
Value = 123
} },
Phase1EncryptionAlgorithms = new [] { new Phase1EncryptionAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase1IntegrityAlgorithms = new [] { new Phase1IntegrityAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase1LifetimeSeconds = 123,
Phase2DhGroupNumbers = new [] { new Phase2DHGroupNumbersRequestListValueProperty {
Value = 123
} },
Phase2EncryptionAlgorithms = new [] { new Phase2EncryptionAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase2IntegrityAlgorithms = new [] { new Phase2IntegrityAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase2LifetimeSeconds = 123,
PreSharedKey = "preSharedKey",
RekeyFuzzPercentage = 123,
RekeyMarginTimeSeconds = 123,
ReplayWindowSize = 123,
StartupAction = "startupAction",
TunnelInsideCidr = "tunnelInsideCidr",
TunnelInsideIpv6Cidr = "tunnelInsideIpv6Cidr"
};Synopsis
Constructors
| VpnTunnelOptionsSpecificationProperty() | The tunnel options for a single VPN tunnel. |
Properties
| DpdTimeoutAction | The action to take after DPD timeout occurs. |
| DpdTimeoutSeconds | The number of seconds after which a DPD timeout occurs. |
| EnableTunnelLifecycleControl | Turn on or off tunnel endpoint lifecycle control feature. |
| IkeVersions | The IKE versions that are permitted for the VPN tunnel. |
| LogOptions | Options for logging VPN tunnel activity. |
| Phase1DhGroupNumbers | One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. |
| Phase1EncryptionAlgorithms | One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. |
| Phase1IntegrityAlgorithms | One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. |
| Phase1LifetimeSeconds | The lifetime for phase 1 of the IKE negotiation, in seconds. |
| Phase2DhGroupNumbers | One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. |
| Phase2EncryptionAlgorithms | One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. |
| Phase2IntegrityAlgorithms | One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. |
| Phase2LifetimeSeconds | The lifetime for phase 2 of the IKE negotiation, in seconds. |
| PreSharedKey | The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. |
| RekeyFuzzPercentage | The percentage of the rekey window (determined by |
| RekeyMarginTimeSeconds | The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. |
| ReplayWindowSize | The number of packets in an IKE replay window. |
| StartupAction | The action to take when the establishing the tunnel for the VPN connection. |
| TunnelInsideCidr | The range of inside IP addresses for the tunnel. |
| TunnelInsideIpv6Cidr | The range of inside IPv6 addresses for the tunnel. |
Constructors
VpnTunnelOptionsSpecificationProperty()
The tunnel options for a single VPN tunnel.
public VpnTunnelOptionsSpecificationProperty()Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.EC2;
var vpnTunnelOptionsSpecificationProperty = new VpnTunnelOptionsSpecificationProperty {
DpdTimeoutAction = "dpdTimeoutAction",
DpdTimeoutSeconds = 123,
EnableTunnelLifecycleControl = false,
IkeVersions = new [] { new Dictionary<string, string?> {
{ "value", "value" }
} },
LogOptions = new VpnTunnelLogOptionsSpecificationProperty {
CloudwatchLogOptions = new CloudwatchLogOptionsSpecificationProperty {
BgpLogEnabled = false,
BgpLogGroupArn = "bgpLogGroupArn",
BgpLogOutputFormat = "bgpLogOutputFormat",
LogEnabled = false,
LogGroupArn = "logGroupArn",
LogOutputFormat = "logOutputFormat"
}
},
Phase1DhGroupNumbers = new [] { new Phase1DHGroupNumbersRequestListValueProperty {
Value = 123
} },
Phase1EncryptionAlgorithms = new [] { new Phase1EncryptionAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase1IntegrityAlgorithms = new [] { new Phase1IntegrityAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase1LifetimeSeconds = 123,
Phase2DhGroupNumbers = new [] { new Phase2DHGroupNumbersRequestListValueProperty {
Value = 123
} },
Phase2EncryptionAlgorithms = new [] { new Phase2EncryptionAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase2IntegrityAlgorithms = new [] { new Phase2IntegrityAlgorithmsRequestListValueProperty {
Value = "value"
} },
Phase2LifetimeSeconds = 123,
PreSharedKey = "preSharedKey",
RekeyFuzzPercentage = 123,
RekeyMarginTimeSeconds = 123,
ReplayWindowSize = 123,
StartupAction = "startupAction",
TunnelInsideCidr = "tunnelInsideCidr",
TunnelInsideIpv6Cidr = "tunnelInsideIpv6Cidr"
};Properties
DpdTimeoutAction
The action to take after DPD timeout occurs.
public string? DpdTimeoutAction { get; set; }Property Value
Remarks
Specify restart to restart the IKE initiation. Specify clear to end the IKE session.
Valid Values: clear | none | restart
Default: clear
DpdTimeoutSeconds
The number of seconds after which a DPD timeout occurs.
public double? DpdTimeoutSeconds { get; set; }Property Value
Remarks
Constraints: A value greater than or equal to 30.
Default: 30
EnableTunnelLifecycleControl
Turn on or off tunnel endpoint lifecycle control feature.
public object? EnableTunnelLifecycleControl { get; set; }Property Value
Remarks
IkeVersions
The IKE versions that are permitted for the VPN tunnel.
public object? IkeVersions { get; set; }Property Value
Remarks
Valid values: ikev1 | ikev2
Type union: either IResolvable or (either IResolvable or CfnVPNConnectionPropsMixin.IIKEVersionsRequestListValueProperty)[]
LogOptions
Options for logging VPN tunnel activity.
public object? LogOptions { get; set; }Property Value
Remarks
Type union: either IResolvable or CfnVPNConnectionPropsMixin.IVpnTunnelLogOptionsSpecificationProperty
Phase1DhGroupNumbers
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.
public object? Phase1DhGroupNumbers { get; set; }Property Value
Remarks
Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
Type union: either IResolvable or (either IResolvable or CfnVPNConnectionPropsMixin.IPhase1DHGroupNumbersRequestListValueProperty)[]
Phase1EncryptionAlgorithms
One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.
public object? Phase1EncryptionAlgorithms { get; set; }Property Value
Remarks
Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
Type union: either IResolvable or (either IResolvable or CfnVPNConnectionPropsMixin.IPhase1EncryptionAlgorithmsRequestListValueProperty)[]
Phase1IntegrityAlgorithms
One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.
public object? Phase1IntegrityAlgorithms { get; set; }Property Value
Remarks
Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
Type union: either IResolvable or (either IResolvable or CfnVPNConnectionPropsMixin.IPhase1IntegrityAlgorithmsRequestListValueProperty)[]
Phase1LifetimeSeconds
The lifetime for phase 1 of the IKE negotiation, in seconds.
public double? Phase1LifetimeSeconds { get; set; }Property Value
Remarks
Constraints: A value between 900 and 28,800.
Default: 28800
Phase2DhGroupNumbers
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.
public object? Phase2DhGroupNumbers { get; set; }Property Value
Remarks
Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
Type union: either IResolvable or (either IResolvable or CfnVPNConnectionPropsMixin.IPhase2DHGroupNumbersRequestListValueProperty)[]
Phase2EncryptionAlgorithms
One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.
public object? Phase2EncryptionAlgorithms { get; set; }Property Value
Remarks
Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
Type union: either IResolvable or (either IResolvable or CfnVPNConnectionPropsMixin.IPhase2EncryptionAlgorithmsRequestListValueProperty)[]
Phase2IntegrityAlgorithms
One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.
public object? Phase2IntegrityAlgorithms { get; set; }Property Value
Remarks
Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
Type union: either IResolvable or (either IResolvable or CfnVPNConnectionPropsMixin.IPhase2IntegrityAlgorithmsRequestListValueProperty)[]
Phase2LifetimeSeconds
The lifetime for phase 2 of the IKE negotiation, in seconds.
public double? Phase2LifetimeSeconds { get; set; }Property Value
Remarks
Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds .
Default: 3600
PreSharedKey
The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.
public string? PreSharedKey { get; set; }Property Value
Remarks
Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
RekeyFuzzPercentage
The percentage of the rekey window (determined by RekeyMarginTimeSeconds ) during which the rekey time is randomly selected.
public double? RekeyFuzzPercentage { get; set; }Property Value
Remarks
Constraints: A value between 0 and 100.
Default: 100
RekeyMarginTimeSeconds
The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey.
public double? RekeyMarginTimeSeconds { get; set; }Property Value
Remarks
The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage .
Constraints: A value between 60 and half of Phase2LifetimeSeconds .
Default: 270
ReplayWindowSize
The number of packets in an IKE replay window.
public double? ReplayWindowSize { get; set; }Property Value
Remarks
Constraints: A value between 64 and 2048.
Default: 1024
StartupAction
The action to take when the establishing the tunnel for the VPN connection.
public string? StartupAction { get; set; }Property Value
Remarks
By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation.
Valid Values: add | start
Default: add
TunnelInsideCidr
The range of inside IP addresses for the tunnel.
public string? TunnelInsideCidr { get; set; }Property Value
Remarks
Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway.
Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:
TunnelInsideIpv6Cidr
The range of inside IPv6 addresses for the tunnel.
public string? TunnelInsideIpv6Cidr { get; set; }Property Value
Remarks
Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.
Constraints: A size /126 CIDR block from the local fd00::/8 range.