Optional Readonlydh(OPTIONAL) An array of permitted Diffie-Hellman group numbers used in the IKE Phase 2 negotiations.
Default - [2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24]
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Optional Readonlyencryption(OPTIONAL) An array of encryption algorithms permitted for IKE Phase 2 negotiations.
Default - [AES128, AES256, AES128-GCM-16, AES256-GCM-16]
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Optional Readonlyintegrity(OPTIONAL) An array of integrity algorithms permitted for IKE Phase 2 negotiations.
Default - [SHA1, SHA2-256, SHA2-384, SHA2-512]
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Optional Readonlylifetime(OPTIONAL) The IKE Phase 2 lifetime (in seconds) for the VPN tunnel.
Default: 3600 (1 hour)
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
You can specify a value between 900 and 3600
NetworkConfig / CustomerGatewayConfig / VpnConnectionConfig / VpnTunnelOptionsSpecificationsConfig / Phase2Config
Description
Internet Key Exchange (IKE) Phase 2 tunnel options configuration. Use this configuration to restrict the permitted Diffie-Hellman group numbers, encryption algorithms, and integrity algorithms for IKE Phase 2 negotiations. You may also modify the Phase 2 lifetime for the VPN tunnel.
Example