Readonly
dh(OPTIONAL) An array of permitted Diffie-Hellman group numbers used in the IKE Phase 2 negotiations.
Default - [2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24]
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Readonly
encryption(OPTIONAL) An array of encryption algorithms permitted for IKE Phase 2 negotiations.
Default - [AES128, AES256, AES128-GCM-16, AES256-GCM-16]
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Readonly
integrity(OPTIONAL) An array of integrity algorithms permitted for IKE Phase 2 negotiations.
Default - [SHA1, SHA2-256, SHA2-384, SHA2-512]
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Readonly
lifetime(OPTIONAL) The IKE Phase 2 lifetime (in seconds) for the VPN tunnel.
Default: 3600
(1 hour)
If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
You can specify a value between 900 and 3600
Generated using TypeDoc
NetworkConfig / CustomerGatewayConfig / VpnConnectionConfig / VpnTunnelOptionsSpecificationsConfig / Phase2Config
Internet Key Exchange (IKE) Phase 2 tunnel options configuration. Use this configuration to restrict the permitted Diffie-Hellman group numbers, encryption algorithms, and integrity algorithms for IKE Phase 2 negotiations. You may also modify the Phase 2 lifetime for the VPN tunnel.
Example