Create static IPSec tunnel

  • Updated on Feb 18, 2026
  • Published on Nov 5, 2025
  • 1 minute(s) read
  • Perimeter Support
 Prev Next
Post
/v2.3/networks/enhanced/{networkId}/tunnels/ipsec/static

Create a new static IPSec tunnel in an enhanced network

Security
HTTP
Type bearer
Path parameters
networkId
stringRequired
Body parameters
Expand All
object
regionID
string Required

Target region ID

tunnelName
string Required

Name of the static tunnel

p81GatewaySubnets
Array of string Required

Harmony Sase gateway subnets

Min items1
string
remoteGatewaySubnets
Array of string Required

Remote gateway subnets

Min items1
string
peakBandwidth
integer

Expected peak throughput of the tunnel communication in Mbps. Typical connection will be of 1000Mbps.

Minimum10
Maximum8000
Default1000
keyExchange
string Required

IKE version for key exchange

Valid values[ "ikev1", "ikev2" ]
Default"ikev2"
ikeLifeTime
string Required
Pattern^((1[0-9]|[2-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)s)|(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|1[0-3][0-9][0-9]|14[0-3][0-9]|1440)m)|(([1-9]|1[0-9]|2[0-4])h)$
lifetime
string Required
Pattern^((1[0-9]|[2-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)s)|(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|1[0-3][0-9][0-9]|14[0-3][0-9]|1440)m)|(([1-9]|1[0-9]|2[0-4])h)$
dpdDelay
string Required
Pattern^([5-9]|[1-5][0-9]|60)s$
dpdTimeout
string Required
Pattern^([5-9]|[1-5][0-9]|60)s$
phase1
object Required
auth
Array of string
Min length1
string
Valid values[ "md5", "sha1", "sha384", "sha256", "sha512", "aesxcbc", "aescmac", "prfmd5", "prfsha1", "prfaesxcbc", "prfaescmac", "prfsha256", "prfsha384", "prfsha512" ]
encryption
Array of string
Min length1
string
Valid values[ "3des", "blowfish128", "blowfish192", "blowfish256", "aes128", "aes192", "aes256", "aes128ctr", "aes192ctr", "aes256ctr", "camellia128", "camellia192", "camellia256", "camellia128ctr", "camellia192ctr", "camellia256ctr", "aes128ccm8", "aes192ccm8", "aes256ccm8", "aes128ccm16", "aes192ccm16", "aes256ccm16", "aes128gcm8", "aes192gcm8", "aes256gcm8", "aes128gcm16", "aes192gcm16", "aes256gcm16", "camellia128ccm16", "camellia192ccm16", "camellia256ccm16", "chacha20poly1305" ]
keyExchangeMethod
Array of string Required

Key exchange method encryption

Min length0
string
Valid values[ "modp1024", "modp1536", "modp2048", "ecp256", "ecp384", "ecp521", "curve25519" ]
phase2
object Required
auth
Array of string
Min length1
string
Valid values[ "md5", "sha1", "sha384", "sha256", "sha512", "aesxcbc", "aescmac", "prfmd5", "prfsha1", "prfaesxcbc", "prfaescmac", "prfsha256", "prfsha384", "prfsha512" ]
encryption
Array of string
Min length1
string
Valid values[ "3des", "blowfish128", "blowfish192", "blowfish256", "aes128", "aes192", "aes256", "aes128ctr", "aes192ctr", "aes256ctr", "camellia128", "camellia192", "camellia256", "camellia128ctr", "camellia192ctr", "camellia256ctr", "aes128ccm8", "aes192ccm8", "aes256ccm8", "aes128ccm16", "aes192ccm16", "aes256ccm16", "aes128gcm8", "aes192gcm8", "aes256gcm8", "aes128gcm16", "aes192gcm16", "aes256gcm16", "camellia128ccm16", "camellia192ccm16", "camellia256ccm16", "chacha20poly1305" ]
keyExchangeMethod
Array of string Required

Key exchange method encryption

Min length0
string
Valid values[ "modp1024", "modp1536", "modp2048", "ecp256", "ecp384", "ecp521", "curve25519" ]
authType
string

Authentication type for tunnel (psk for pre-shared key, cert for certificate)

Valid values[ "psk", "cert" ]
passphrase
string

Pre-shared key for tunnel authentication (8-64 characters). Required when authType is psk.

Min length8
Max length64
customerRootCA
string

Customer root certificate authority. Required when authType is cert.

remotePublicIP
string (ipv4)

Remote gateway public IP address

remoteID
string

Remote gateway ID

description
string

Optional tunnel description

features
cloudSecurity
object
enabled
boolean Required
Defaultfalse
symmetricInnerMesh
object
enabled
boolean Required
Defaultfalse
DNSServices
object
redirectToResolver
object Required
enabled
boolean Required
Defaulttrue
routingType
string

Routing mode for the tunnel

Valid values[ "route", "policy" ]
Default"route"
Responses
202

Request accepted

object
statusUrl
string
samplingTime
integer
400

Bad Request

object
id
string
message
string
401

Unauthorized

object
id
string
message
string
403

Forbidden

object
id
string
message
string
404

Resource not found

object
id
string
message
string
422

Unprocessable entity

object
id
string
message
string