---
title: "Create static IPSec tunnel"
slug: "create-static-ipsec-tunnel-1"
updated: 2026-02-18T12:52:40Z
published: 2026-02-18T12:52:58Z
canonical: "support.perimeter81.com/create-static-ipsec-tunnel-1"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create static IPSec tunnel

Post/v2.3/networks/enhanced/{networkId}/tunnels/ipsec/static

Create a new static IPSec tunnel in an enhanced network

SecurityHTTPType bearer

Path parametersnetworkIdstringRequired

Body parameters<select class='api-response-data' aria-label='Media type'><option value='227db53b-add9-45f4-b103-0fa7ec84b73f'>application/json</option>
</select>Expand Allobject  regionIDstring    Required

Target region ID

tunnelNamestring    Required

Name of the static tunnel

p81GatewaySubnets Array of string   Required

Harmony Sase gateway subnets

Min items1string    
remoteGatewaySubnets Array of string   Required

Remote gateway subnets

Min items1string    
peakBandwidthinteger    

Expected peak throughput of the tunnel communication in Mbps. Typical connection will be of 1000Mbps.

Minimum10Maximum8000Default1000
keyExchangestring    Required

IKE version for key exchange

Valid values[
  "ikev1",
  "ikev2"
]Default"ikev2"
ikeLifeTimestring    RequiredPattern^((1[0-9]|[2-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)s)|(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|1[0-3][0-9][0-9]|14[0-3][0-9]|1440)m)|(([1-9]|1[0-9]|2[0-4])h)$
lifetimestring    RequiredPattern^((1[0-9]|[2-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)s)|(([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|1[0-3][0-9][0-9]|14[0-3][0-9]|1440)m)|(([1-9]|1[0-9]|2[0-4])h)$
dpdDelaystring    RequiredPattern^([5-9]|[1-5][0-9]|60)s$
dpdTimeoutstring    RequiredPattern^([5-9]|[1-5][0-9]|60)s$
phase1object  Requiredauth Array of string   Min length1string    Valid values[
  "md5",
  "sha1",
  "sha384",
  "sha256",
  "sha512",
  "aesxcbc",
  "aescmac",
  "prfmd5",
  "prfsha1",
  "prfaesxcbc",
  "prfaescmac",
  "prfsha256",
  "prfsha384",
  "prfsha512"
]
encryption Array of string   Min length1string    Valid values[
  "3des",
  "blowfish128",
  "blowfish192",
  "blowfish256",
  "aes128",
  "aes192",
  "aes256",
  "aes128ctr",
  "aes192ctr",
  "aes256ctr",
  "camellia128",
  "camellia192",
  "camellia256",
  "camellia128ctr",
  "camellia192ctr",
  "camellia256ctr",
  "aes128ccm8",
  "aes192ccm8",
  "aes256ccm8",
  "aes128ccm16",
  "aes192ccm16",
  "aes256ccm16",
  "aes128gcm8",
  "aes192gcm8",
  "aes256gcm8",
  "aes128gcm16",
  "aes192gcm16",
  "aes256gcm16",
  "camellia128ccm16",
  "camellia192ccm16",
  "camellia256ccm16",
  "chacha20poly1305"
]
keyExchangeMethod Array of string   Required

Key exchange method encryption

Min length0string    Valid values[
  "modp1024",
  "modp1536",
  "modp2048",
  "ecp256",
  "ecp384",
  "ecp521",
  "curve25519"
]

phase2object  Requiredauth Array of string   Min length1string    Valid values[
  "md5",
  "sha1",
  "sha384",
  "sha256",
  "sha512",
  "aesxcbc",
  "aescmac",
  "prfmd5",
  "prfsha1",
  "prfaesxcbc",
  "prfaescmac",
  "prfsha256",
  "prfsha384",
  "prfsha512"
]
encryption Array of string   Min length1string    Valid values[
  "3des",
  "blowfish128",
  "blowfish192",
  "blowfish256",
  "aes128",
  "aes192",
  "aes256",
  "aes128ctr",
  "aes192ctr",
  "aes256ctr",
  "camellia128",
  "camellia192",
  "camellia256",
  "camellia128ctr",
  "camellia192ctr",
  "camellia256ctr",
  "aes128ccm8",
  "aes192ccm8",
  "aes256ccm8",
  "aes128ccm16",
  "aes192ccm16",
  "aes256ccm16",
  "aes128gcm8",
  "aes192gcm8",
  "aes256gcm8",
  "aes128gcm16",
  "aes192gcm16",
  "aes256gcm16",
  "camellia128ccm16",
  "camellia192ccm16",
  "camellia256ccm16",
  "chacha20poly1305"
]
keyExchangeMethod Array of string   Required

Key exchange method encryption

Min length0string    Valid values[
  "modp1024",
  "modp1536",
  "modp2048",
  "ecp256",
  "ecp384",
  "ecp521",
  "curve25519"
]

authTypestring    

Authentication type for tunnel (psk for pre-shared key, cert for certificate)

Valid values[
  "psk",
  "cert"
]
passphrasestring    

Pre-shared key for tunnel authentication (8-64 characters). Required when authType is psk.

Min length8Max length64
customerRootCAstring    

Customer root certificate authority. Required when authType is cert.

remotePublicIPstring  (ipv4)    

Remote gateway public IP address

remoteIDstring    

Remote gateway ID

descriptionstring    

Optional tunnel description

featurescloudSecurityobject  enabledboolean    RequiredDefaultfalse

symmetricInnerMeshobject  enabledboolean    RequiredDefaultfalse

DNSServicesobject  redirectToResolverobject  Requiredenabledboolean    RequiredDefaulttrue

routingTypestring    

Routing mode for the tunnel

Valid values[
  "route",
  "policy"
]Default"route"

Responses202

Request accepted

<select class='api-response-data' aria-label='Media type'><option value='25aaab7c-b513-4993-9b2a-3b0ebc19136f'>application/json</option>
</select>object  statusUrlstring    
samplingTimeinteger    

400

Bad Request

<select class='api-response-data' aria-label='Media type'><option value='a37bb499-ef07-4858-bbaa-87431f552329'>application/json</option>
</select>object  idstring    
messagestring    

401

Unauthorized

<select class='api-response-data' aria-label='Media type'><option value='9af05fda-e309-4a54-9cef-987fd3e36efd'>application/json</option>
</select>object  idstring    
messagestring    

403

Forbidden

<select class='api-response-data' aria-label='Media type'><option value='fc3b3257-e061-436d-b90d-2e174d7d36b0'>application/json</option>
</select>object  idstring    
messagestring    

404

Resource not found

<select class='api-response-data' aria-label='Media type'><option value='0c09b938-046a-451d-a331-a98c5f1a3791'>application/json</option>
</select>object  idstring    
messagestring    

422

Unprocessable entity

<select class='api-response-data' aria-label='Media type'><option value='d5fa4868-a7b2-4d6c-b59a-a097a68a3994'>application/json</option>
</select>object  idstring    
messagestring