VMware VSHIELD APP 1.0 - API Uživatelský manuál Strana 48

  • Stažení
  • Přidat do mých příruček
  • Tisk
  • Strana
    / 104
  • Tabulka s obsahem
  • KNIHY
  • Hodnocené. / 5. Na základě hodnocení zákazníků
Zobrazit stránku 47
vShield API Programming Guide
48 VMware, Inc.
The<peerIpAddress>canbeany,oranactualIPaddress.Ifany,thenthissidecanbearesponderonly,
waitingforthepeertoinitiateconnection.ThepreSharedKeyForDynamicIpSites(seeabove)mustbe
configuredinordertomatchapeerfrom“any”peerIpAddress,andallpeersfrom“any”must
be
configuredtosharetheglobalpresharedkey.IfanIPaddressisspecified,theaddressshouldbethe
peerspublicaddressthatthevShieldEdgecanreachtomakeconnection.Thisaddressisalsorequiredto
createthesitelevelpresharedkeysecretentryforthissite.
The<encryptionAlgorithm>canbe3des,aes,oraes256.
If<enablePfs>issettrue,PerfectForwardSecrecy(PFS)isenabled.InIPsecnegotiations,PFSensures
thateachnewcryptographickeyisunrelatedtoanypreviouskey.Thedefaultistrue(enabled).Youmust
enableordisablePFSonboththetunnelpeers,otherwisetheIPsectunnelcannotbeestablished.
The<dhGroup>canbedh2(thedefault)ordh5.ThisisneededtosupportVPNacrossvendors.DHmeans
DiffieHellman,apublickeycryptographyschemethatallowstwopartiestoestablishasharedsecret
overaninsecurecommunicationschannel.
Loggingisdisabledbydefault.Toenablelogging,addan<enableLog>elementsettotrue.
VPNservicerequiresencryption.Specifythe<encryptionAlgorithm>elementaseither3desoraes.
Manage VPN Service
Example 5-28. Start VPN service
POST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-vc-moref-id>/edge
<vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0">
<ipsecSiteToSiteService>up</ipsecSiteToSiteService>
</vshieldEdgeConfig>
Example 5-29. Stop VPN service
POST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-vc-moref-id>/edge
<vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0">
<ipsecSiteToSiteService>down</ipsecSiteToSiteService>
</vshieldEdgeConfig>
Delete the VPN Configuration
Example 5-30. Delete VPN configuration
POST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-vc-moref-id>/edge
<vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0">
<ipsecSiteToSiteConfig/>
</vshieldEdgeConfig>
Generate Certificate Signing Request (CSR)
YoucangenerateaCSRforvShieldEdge.AcertificateisrequiredtoconfigureVPNinauthenticationmode.
Example 5-31. Generate CSR
Request:
POST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-vc-moref-id>/edge/csr
SampleRequestBody:
<vshieldEdgeConfig xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="vmware.vshield.edge.2.0">
<certificateStoreConfig>
<csrParams>
<commonName>up.example.com</commonName>
<organization>Example Inc</organization>
Zobrazit stránku 47
1 2 ... 43 44 45 46 47 48 49 50 51 52 53 ... 103 104

Komentáře k této Příručce

Žádné komentáře