Class Phase1Config

NetworkConfig / CustomerGatewayConfig / VpnConnectionConfig / VpnTunnelOptionsSpecificationsConfig / Phase1Config

Internet Key Exchange (IKE) Phase 1 tunnel options configuration. Use this configuration to restrict the permitted Diffie-Hellman group numbers, encryption algorithms, and integrity algorithms for IKE Phase 1 negotiations. You may also modify the Phase 1 lifetime for the VPN tunnel.

Example

dhGroups: [14, 20, 24]
encryptionAlgorithms: [AES256, AES256-GCM-16]
integrityAlgorithms: [SHA2-256, SHA2-384, SHA2-512]
lifetime: 3600

Hierarchy

  • Phase1Config

Implements

Constructors

constructor

Properties

dhGroups encryptionAlgorithms integrityAlgorithms lifetimeSeconds

Constructors

constructor

Properties

Readonly dhGroups

dhGroups: undefined | (2 | 22 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 24 | 23)[] = undefined

(OPTIONAL) An array of permitted Diffie-Hellman group numbers used in the IKE Phase 1 for initial authentication.

Default - [2, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24]

Remarks

If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

Readonly encryptionAlgorithms

encryptionAlgorithms: undefined | ("AES256" | "AES128" | "AES128-GCM-16" | "AES256-GCM-16")[] = undefined

(OPTIONAL) An array of encryption algorithms permitted for IKE Phase 1 negotiations.

Default - [AES128, AES256, AES128-GCM-16, AES256-GCM-16]

Remarks

If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

Readonly integrityAlgorithms

integrityAlgorithms: undefined | ("SHA1" | "SHA2-256" | "SHA2-384" | "SHA2-512")[] = undefined

(OPTIONAL) An array of integrity algorithms permitted for IKE Phase 1 negotiations.

Default - [SHA1, SHA2-256, SHA2-384, SHA2-512]

Remarks

If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

Readonly lifetimeSeconds

lifetimeSeconds: undefined | number = undefined

(OPTIONAL) The IKE Phase 1 lifetime (in seconds) for the VPN tunnel.

Default: 28800 (8 hours)

Remarks

If you update this property after deployment, your VPN tunnel will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

You can specify a value between 900 and 28800

Settings

Member Visibility

Theme

Generated using TypeDoc