edit-icon download-icon

ModifyVpnConnectionAttribute

Last Updated: Apr 02, 2018

Description

Modify configurations of an IPsec connection.

Request parameters

Name Type Required Description
Action String Yes The action to perform.

Valid value: CreateVpnConnection

RegionId String Yes The region of the IPsec connection.

You can query the region ID in Regions and zones or by calling the DescribeRegions API.

VpnConnectionId String Yes The ID of the IPsec connection.
Name String No The name of the IPsec connection.
  • The name can contain [2,100] characters, numbers, underlines, and hyphens.
  • The name must start with English letters, but cannot start with http:// or https://.
LocalSubnet String No The CIDR block of the VPC to be connected with the local data center. This parameter is used for phase-two negotiation. Separate multiple CIDR blocks by commas (,). For example, 192.168.1.0/24,192.168.2.0/24.
RemoteSubnet String No The CIDR block of the local data center. This parameter is used for phase-two negotiation. Separate multiple CIDR blocks by commas (,). For example, 192.168.3.0/24,192.168.4.0/24.
EffectImmediately Boolean No Whether to delete a successfully negotiated IPsec tunnel and initiate a negotiation again. Valid value:

  • true: Negotiate immediately after the configuration is completed.
  • false (default): Negotiate when there is incoming traffic.
IkeConfig JSON string No The configurations of phase-one negotiation:
  • IkeConfig.Psk: Used for authentication between the IPsec VPN gateway and the customer gateway. This parameter is generated randomly by default and can contain up to 100 characters. You can also mamually specify the key.
  • IkeConfig.IkeVersion: The version of the IKE protocol. Valid value: ikev1 | ikev2. Default value: ikev1
  • IkeConfig. IkeMode: The negotiation mode of IKE V1. Valid value: main (main mode) | aggressive (aggressive mode). Default value: main
  • IkeConfig. IkeEncAlg: The encryption algorithm of phase-one negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Valid value: aes
  • IkeConfig.IkeAuthAlg: The authentication algorithm of the phase-one negotiation. Valid value: md5 | sha1. Default value: sha1
  • IkeConfig.IkePfs: The Diffie-Hellman key exchange algorithm used by the phase-one negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
  • IkeConfig.IkeLifetime: The SA lifecycle as the result of phase-one negotiation. The valid value of n is [0, 86400], the unit is second and the default value is 86400.
  • IkeConfig.LocalIdIPsec: The identification of the VPN gateway. This parameter can contain up to 100 characters and the default value is the public IP address of the VPN gateway.
  • IkeConfig.RemoteId: The identification of the customer gateway. This parameter can contain up to 100 characters and the default value is the public IP address of the customer gateway.
IpsecConfig JSON string No The configurations of phase-two negotiation:
  • IpsecConfig.IpsecEncAlg: The encryption algorithm of phase-two negotiation. Valid value: aes | aes192 | aes256 | des | 3des. Default value: aes
  • IpsecConfig. IpsecAuthAlg: The authentication algorithm of phase-two negotiation. Valid value: md5 | sha1. Default value: sha1
  • IpsecConfig. IpsecPfs: The Diffie-Hellman key exchange algorithm used by phase-two negotiation. Valid value: group1 | group2 | group5 | group14 | group24. Default value: group2
  • IpsecConfig. IpsecLifetime: The SA lifecycle as the result of phase-two negotiation. The valid value is [0, 86400], the unit is second and the default value is 86400.

Response parameters

Name Type Description
RequestId String The ID of the request.
VpnConnectionId String The ID of the IPsec connection.
CustomerGatewayId String The ID of the customer gateway.
VpnGatewayId String The ID of the VPN gateway.
Name String The name of the IPsec connection.
LocalSubnet String The CIDR block of the VPC.
RemoteSubnet String The CIDR block of the local data center.
CreateTime Long The creation time of the IPsec connection.
IkeConfig JSON string Configurations of phase-one negotiation.
IpsecConfig JSON string Configurations of phase-two negotiation.

Error codes

For more information, see VPC API Error Center.

Examples

Request example

  1. https://vpc.aliyuncs.com/?Action=ModifyVpnConnectionAttribute
  2. &RegionID=cn-beijing
  3. &VpnConnectionId=vco-bp10lz7aejumd2vxoqgev
  4. &<CommonParameters>

Response example

XML format

  1. <ModifyVpnConnectionAttributeResponse>
  2. <Name>vpn connection test</Name>
  3. <CustomerGatewayId>cgw-bp1pvpl9r9adju6l5nxck</CustomerGatewayId>
  4. <RemoteSubnet>2.2.2.0/24</RemoteSubnet>
  5. <IpsecConfig>
  6. <IpsecLifetime>86400</IpsecLifetime>
  7. <IpsecAuthAlg>sha1</IpsecAuthAlg>
  8. <IpsecPfs>group2</IpsecPfs>
  9. <IpsecEncAlg>aes</IpsecEncAlg>
  10. </IpsecConfig>
  11. <EffectImmediately>false</EffectImmediately>
  12. <VpnGatewayId>vpn-bp1q8bgx4xnkm2ogj0fiu</VpnGatewayId>
  13. <CreateTime>1492753817000</CreateTime>
  14. <VpnConnectionId>vco-bp10lz7aejumd2vxoqgev</VpnConnectionId>
  15. <RequestId>57070A3D-38F2-40A6-A1C9-DB14542EF54D</RequestId>
  16. <LocalSubnet>1.1.1.0/24,1.1.2.0/24</LocalSubnet>
  17. <IkeConfig>
  18. <IkeEncAlg>aes</IkeEncAlg>
  19. <RemoteId>139.196.32.167</RemoteId>
  20. <IkePfs>group2</IkePfs>
  21. <IkeAuthAlg>sha1</IkeAuthAlg>
  22. <Psk>pgw6dy7d1i8in7x5</Psk>
  23. <IkeMode>main</IkeMode>
  24. <IkeLifetime>86400</IkeLifetime>
  25. <IkeVersion>ikev1</IkeVersion>
  26. <LocalId>116.62.69.64</LocalId>
  27. </IkeConfig>
  28. </ModifyVpnConnectionAttributeResponse>

JSON format

  1. {
  2. "Name": "vpn connection test",
  3. "CustomerGatewayId": "cgw-bp1pvpl9r9adju6l5nxck",
  4. "RemoteSubnet": "2.2.2.0/24",
  5. "IpsecConfig": {
  6. "IpsecLifetime": 86400,
  7. "IpsecAuthAlg": "sha1",
  8. "IpsecPfs": "group2",
  9. "IpsecEncAlg": "aes"
  10. },
  11. "EffectImmediately": false,
  12. "VpnGatewayId": "vpn-bp1q8bgx4xnkm2ogj0fiu",
  13. "CreateTime": 1492753817000,
  14. "VpnConnectionId": "vco-bp10lz7aejumd2vxoqgev",
  15. "RequestId": "7DB79D0C-5F27-4AB5-995B-79BE55102F90",
  16. "LocalSubnet": "1.1.1.0/24,1.1.2.0/24",
  17. "IkeConfig": {
  18. "IkeEncAlg": "aes",
  19. "RemoteId": "139.196.32.167",
  20. "IkePfs": "group2",
  21. "IkeAuthAlg": "sha1",
  22. "Psk": "pgw6dy7d1i8in7x5",
  23. "IkeMode": "main",
  24. "IkeLifetime": 86400,
  25. "IkeVersion": "ikev1",
  26. "LocalId": "116.62.69.64"
  27. }
  28. }
Thank you! We've received your feedback.