Obtains the configurations of an IPsec connection.

Debug

By using API Explorer, you can easily debug APIs, automatically generate SDK code examples, and quickly search for APIs.

Request parameters

Parameter Type Required? Example value Description
Action String Yes DownloadVpnConnectionConfig

The name of this action. Value:

DownloadVpnConnectionConfig

RegionId String Yes cn-shanghai

The ID of the region to which the IPsec connection belongs.

To query the region ID, call DescribeRegions.

VpnConnectionId Integer Yes vco-bp1bbi27hojx80nck9k1i

The ID of the IPsec connection.

Response parameters

Parameter Type Example value Description
RequestId String 0C68048B-0F70-40DA-B8AE-1B79B5CF62E3

The ID of the request.

VpnConnectionConfig

IPsec connection configurations.

 └IkeConfig

IKE configurations.

 └IkeAuthAlg String sha1

The IKE authentication algorithm. Both SHA-1 and MD5 are supported.

 └IkeEncAlg String aes

The IKE encryption algorithm.

 └IkeLifetime Long 86400

The IKE lifetime.

 └IkeMode String main

The IKE mode. Both main mode and aggressive mode are supported.

The main mode features high security. If NAT traversal is enabled, we recommend that you select the aggressive mode.

 └IkePfs String group2

The DH group.

 └IkeVersion String ikev1

The IKE version.

 └LocalId String 116.62.69.64

The local ID. By default, it is the IP address of the VPN Gateway. Both FQDN and IP formats are supported.

 └Psk String pgw6dy7d1i8in7x5

The pre-shared key.

 └RemoteId String 139.196.32.167

The peer ID. By default, it is the IP address of the customer gateway. Both FQDN and IP formats are supported.

 └IpsecConfig

The IPsec connection configurations.

 └IpsecAuthAlg String sha1

The IPsec authentication algorithm. Both SHA-1 and MD5 are supported.

 └IpsecEncAlg String aes

The IPsec encryption algorithm.

 └IpsecLifetime Long 86400

The IPsec lifetime.

 └IpsecPfs String group2

The DH group.

 └Local String 139.196.32.167

The IP address of the VPN Gateway.

 └LocalSubnet String 1.1.1.0/24,1.1.2.0/24

The CIDR block of the VPC.

 └Remote String 116.62.69.64

The IP address of the customer gateway.

 └RemoteSubnet String 1.1.1.0/24,1.1.2.0/24

The CIDR block of the on-premises data center.

Examples

Request example


https://vpc.aliyuncs.com/?Action=DownloadVpnConnectionConfig
&RegionId=cn-shanghai
&VpnConnectionId=vco-bp1bbi27hojx80nck9k1i
&<CommonParameters>
Response example
  • XML format

    <DownloadVpnConnectionConfigResponse>
      <RequestId>6F4A035F-7060-45D7-B9BD-719372782AF6</RequestId>
      <VpnConnectionConfig>
        <RemoteSubnet>1.1.1.0/24,1.1.2.0/24</RemoteSubnet>
        <Local>139.196.32.167</Local>
        <IpsecConfig>
          <IpsecLifetime>86400</IpsecLifetime>
          <IpsecAuthAlg>sha1</IpsecAuthAlg>
          <IpsecPfs>group2</IpsecPfs>
          <IpsecEncAlg>aes</IpsecEncAlg>
        </IpsecConfig>
        <Remote>116.62.69.64</Remote>
        <LocalSubnet>2.2.2.0/24</LocalSubnet>
        <IkeConfig>
          <IkeEncAlg>aes</IkeEncAlg>
          <IkePfs>group2</IkePfs>
          <RemoteId>116.62.69.64</RemoteId>
          <IkeAuthAlg>sha1</IkeAuthAlg>
          <Psk>pgw6dy7d1i8in7x5</Psk>
          <IkeMode>main</IkeMode>
          <IkeLifetime>86400</IkeLifetime>
          <IkeVersion>ikev1</IkeVersion>
          <LocalId>139.196.32.167</LocalId>
        </IkeConfig>
      </VpnConnectionConfig>
    </DownloadVpnConnectionConfigResponse>
    
  • JSON format

    {
    	"RequestId":"0C68048B-0F70-40DA-B8AE-1B79B5CF62E3",
    	"VpnConnectionConfig":{
    		"RemoteSubnet":"1.1.1.0/24,1.1.2.0/24",
    		"IpsecConfig":{
    			"IpsecLifetime":86400,
    			"IpsecAuthAlg":"sha1",
    			"IpsecPfs":"group2",
    			"IpsecEncAlg":"aes"
    		},
    		"Local":"139.196.32.167",
    		"Remote":"116.62.69.64",
    		"LocalSubnet":"2.2.2.0/24",
    		"IkeConfig":{
    			"IkeEncAlg":"aes",
    			"RemoteId":"116.62.69.64",
    			"IkePfs":"group2",
    			"IkeAuthAlg":"sha1",
    			"Psk":"pgw6dy7d1i8in7x5",
    			"IkeMode":"main",
    			"IkeLifetime":86400,
    			"IkeVersion":"ikev1",
    			"LocalId":"139.196.32.167"
    		}
    	}
    }

Error codes

HTTP status code Error code Error message Description
403 Forbbiden.SubUser User not authorized to operate on the specified resource as your account is created by another user. You are not authorized to operate on this resource. Please apply for the permission and try again.
403 Forbidden User not authorized to operate on the specified resource. You are not authorized to operate on this resource. For more information, open a ticket.
404 InvalidVpnConnectionInstanceId.NotFound The specified vpn connection instance id does not exist. The specified VPN connection does not exist. Check if the VPN connect is correct.

See common error codes