Create static IPSec tunnel
- 04 Nov 2025
- 1 Minute to read
- Contributors
Create static IPSec tunnel
- Updated on 04 Nov 2025
- 1 Minute to read
- Contributors
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Post
/v2.3/networks/enhanced/{networkId}/tunnels/ipsec/static
Create a new static IPSec tunnel in an enhanced network
Security
HTTP
Type bearer
Path parameters
networkId
stringRequired
Body parameters
object
regionID
string Required
Target region ID
tunnelName
string Required
Name of the static tunnel
p81GatewaySubnets
Array of string Required
Harmony Sase gateway subnets
Min items1
string
remoteGatewaySubnets
Array of string Required
Remote gateway subnets
Min items1
string
peakBandwidth
integer
Expected peak throughput of the tunnel communication in Mbps. Typical connection will be of 1000Mbps.
Minimum10
Maximum8000
Default1000
keyExchange
string Required
IKE version for key exchange
Valid values[ "ikev1", "ikev2" ]
Default"ikev2"
ikeLifeTime
string Required
Pattern^((1[0-9]|[2-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)s)|(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|1[0-3][0-9][0-9]|14[0-3][0-9]|1440)m)|(([1-9]|1[0-9]|2[0-4])h)$
lifetime
string Required
Pattern^((1[0-9]|[2-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)s)|(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|1[0-3][0-9][0-9]|14[0-3][0-9]|1440)m)|(([1-9]|1[0-9]|2[0-4])h)$
dpdDelay
string Required
Pattern^([5-9]|[1-5][0-9]|60)s$
dpdTimeout
string Required
Pattern^([5-9]|[1-5][0-9]|60)s$
phase1
object Required
auth
Array of string
Min length1
string
Valid values[ "md5", "sha1", "sha384", "sha256", "sha512", "aesxcbc", "aescmac", "prfmd5", "prfsha1", "prfaesxcbc", "prfaescmac", "prfsha256", "prfsha384", "prfsha512" ]
encryption
Array of string
Min length1
string
Valid values[ "3des", "blowfish128", "blowfish192", "blowfish256", "aes128", "aes192", "aes256", "aes128ctr", "aes192ctr", "aes256ctr", "camellia128", "camellia192", "camellia256", "camellia128ctr", "camellia192ctr", "camellia256ctr", "aes128ccm8", "aes192ccm8", "aes256ccm8", "aes128ccm16", "aes192ccm16", "aes256ccm16", "aes128gcm8", "aes192gcm8", "aes256gcm8", "aes128gcm16", "aes192gcm16", "aes256gcm16", "camellia128ccm16", "camellia192ccm16", "camellia256ccm16", "chacha20poly1305" ]
keyExchangeMethod
Array of string Required
Key exchange method encryption
Min length0
string
Valid values[ "modp1024", "modp1536", "modp2048", "ecp256", "ecp384", "ecp521", "curve25519" ]
phase2
object Required
auth
Array of string
Min length1
string
Valid values[ "md5", "sha1", "sha384", "sha256", "sha512", "aesxcbc", "aescmac", "prfmd5", "prfsha1", "prfaesxcbc", "prfaescmac", "prfsha256", "prfsha384", "prfsha512" ]
encryption
Array of string
Min length1
string
Valid values[ "3des", "blowfish128", "blowfish192", "blowfish256", "aes128", "aes192", "aes256", "aes128ctr", "aes192ctr", "aes256ctr", "camellia128", "camellia192", "camellia256", "camellia128ctr", "camellia192ctr", "camellia256ctr", "aes128ccm8", "aes192ccm8", "aes256ccm8", "aes128ccm16", "aes192ccm16", "aes256ccm16", "aes128gcm8", "aes192gcm8", "aes256gcm8", "aes128gcm16", "aes192gcm16", "aes256gcm16", "camellia128ccm16", "camellia192ccm16", "camellia256ccm16", "chacha20poly1305" ]
keyExchangeMethod
Array of string Required
Key exchange method encryption
Min length0
string
Valid values[ "modp1024", "modp1536", "modp2048", "ecp256", "ecp384", "ecp521", "curve25519" ]
authType
string
Authentication type for tunnel (psk for pre-shared key, cert for certificate)
Valid values[ "psk", "cert" ]
passphrase
string
Pre-shared key for tunnel authentication (8-64 characters). Required when authType is psk.
Min length8
Max length64
customerRootCA
string
Customer root certificate authority. Required when authType is cert.
remotePublicIP
string (ipv4)
Remote gateway public IP address
remoteID
string
Remote gateway ID
description
string
Optional tunnel description
features
cloudSecurity
object
enabled
boolean Required
Defaultfalse
symmetricInnerMesh
object
enabled
boolean Required
Defaultfalse
DNSServices
object
redirectToResolver
object Required
enabled
boolean Required
Defaulttrue
routingType
string
Routing mode for the tunnel
Valid values[ "route", "policy" ]
Default"route"
Responses
202
Request accepted
object
statusUrl
string
samplingTime
integer
400
Bad Request
object
id
string
message
string
401
Unauthorized
object
id
string
message
string
403
Forbidden
object
id
string
message
string
404
Resource not found
object
id
string
message
string
422
Unprocessable entity
object
id
string
message
string
Was this article helpful?