From c6dc7f63ac7331b716cbd7023a95bbb92ea31cc9 Mon Sep 17 00:00:00 2001 From: Nilambari Date: Wed, 21 Feb 2018 12:46:32 -0800 Subject: [PATCH] Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients. (#2521) * 1443089: Network feature: Setting custom ipsec policy for Virtual Network Gateway P2S clients. * 1443089:Fix network ReadMe file. * 1443089:Fix network ReadMe file. * Temporary bug fix --- .../2018-02-01/expressRouteCircuit.json | 4 +- .../2018-02-01/virtualNetworkGateway.json | 243 +++++++++++++++++- .../network/resource-manager/readme.md | 40 +-- 3 files changed, 262 insertions(+), 25 deletions(-) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json index a939a68c6d08..4cfe0d70afd4 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json @@ -1482,8 +1482,10 @@ "type": "string", "description": "Express Route Circuit Connection State. Possible values are: 'Connected' and 'Disconnected'.", "enum": [ + "Unknown", "Connected", - "Disconnected" + "Disconnected", + "Degraded" ], "readOnly": true, "x-ms-enum": { diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json index 35843ffd63c6..28b3e3300306 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json @@ -675,6 +675,98 @@ "x-ms-long-running-operation": true } }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters": { + "post": { + "tags": [ + "VirtualNetworkGateways" + ], + "operationId": "VirtualNetworkGateways_SetVpnclientIpsecParameters", + "description": "The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "name": "virtualNetworkGatewayName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the virtual network gateway." + }, + { + "name": "vpnclientIpsecParams", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/VpnClientIPsecParameters" + }, + "description": "Parameters supplied to the Begin Set vpnclient ipsec parameters of Virtual Network Gateway P2S client operation through Network resource provider." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "202": { + "description": "Accepted and the operation will complete asynchronously." + }, + "200": { + "description": "Request successful. The operation sets the specificed vpnclient ipsec parameters for P2S client of the virtual network gateway.", + "schema": { + "$ref": "#/definitions/VpnClientIPsecParameters" + } + } + }, + "x-ms-long-running-operation": true + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/getvpnclientipsecparameters": { + "post": { + "tags": [ + "VirtualNetworkGateways" + ], + "operationId": "VirtualNetworkGateways_GetVpnclientIpsecParameters", + "description": "The Get VpnclientIpsecParameters operation retrieves information about the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.", + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group." + }, + { + "name": "virtualNetworkGatewayName", + "in": "path", + "required": true, + "type": "string", + "description": "The virtual network gateway name." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Request successful. The operation returns the set vpnclient ipsec parameters for P2S client of VirtualNetworkGateway resource.", + "schema": { + "$ref": "#/definitions/VpnClientIPsecParameters" + } + } + }, + "x-ms-long-running-operation": true + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}/vpndeviceconfigurationscript": { "post": { "tags": [ @@ -1547,6 +1639,13 @@ }, "description": "VpnClientProtocols for Virtual network gateway." }, + "vpnClientIpsecPolicies": { + "type": "array", + "items": { + "$ref": "#/definitions/IpsecPolicy" + }, + "description": "VpnClientIpsecPolicies for virtual network gateway P2S client." + }, "radiusServerAddress": { "type": "string", "description": "The radius server address property of the VirtualNetworkGateway resource for vpn client connection." @@ -2099,7 +2198,9 @@ "DES3", "AES128", "AES192", - "AES256" + "AES256", + "GCMAES256", + "GCMAES128" ], "x-ms-enum": { "name": "IkeEncryption", @@ -2113,7 +2214,9 @@ "MD5", "SHA1", "SHA256", - "SHA384" + "SHA384", + "GCMAES256", + "GCMAES128" ], "x-ms-enum": { "name": "IkeIntegrity", @@ -2140,7 +2243,7 @@ }, "pfsGroup": { "type": "string", - "description": "The DH Groups used in IKE Phase 2 for new child SA.", + "description": "The Pfs Groups used in IKE Phase 2 for new child SA.", "enum": [ "None", "PFS1", @@ -2148,7 +2251,9 @@ "PFS2048", "ECP256", "ECP384", - "PFS24" + "PFS24", + "PFS14", + "PFSMM" ], "x-ms-enum": { "name": "PfsGroup", @@ -2168,6 +2273,136 @@ ], "description": "An IPSec Policy configuration for a virtual network gateway connection" }, + "VpnClientIPsecParameters": { + "properties": { + "saLifeTimeSeconds": { + "type": "integer", + "format": "int32", + "description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client." + }, + "saDataSizeKilobytes": { + "type": "integer", + "format": "int32", + "description": "The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client.." + }, + "ipsecEncryption": { + "type": "string", + "description": "The IPSec encryption algorithm (IKE phase 1).", + "enum": [ + "None", + "DES", + "DES3", + "AES128", + "AES192", + "AES256", + "GCMAES128", + "GCMAES192", + "GCMAES256" + ], + "x-ms-enum": { + "name": "IpsecEncryption", + "modelAsString": true + } + }, + "ipsecIntegrity": { + "type": "string", + "description": "The IPSec integrity algorithm (IKE phase 1).", + "enum": [ + "MD5", + "SHA1", + "SHA256", + "GCMAES128", + "GCMAES192", + "GCMAES256" + ], + "x-ms-enum": { + "name": "IpsecIntegrity", + "modelAsString": true + } + }, + "ikeEncryption": { + "type": "string", + "description": "The IKE encryption algorithm (IKE phase 2).", + "enum": [ + "DES", + "DES3", + "AES128", + "AES192", + "AES256", + "GCMAES256", + "GCMAES128" + ], + "x-ms-enum": { + "name": "IkeEncryption", + "modelAsString": true + } + }, + "ikeIntegrity": { + "type": "string", + "description": "The IKE integrity algorithm (IKE phase 2).", + "enum": [ + "MD5", + "SHA1", + "SHA256", + "SHA384", + "GCMAES256", + "GCMAES128" + ], + "x-ms-enum": { + "name": "IkeIntegrity", + "modelAsString": true + } + }, + "dhGroup": { + "type": "string", + "description": "The DH Groups used in IKE Phase 1 for initial SA.", + "enum": [ + "None", + "DHGroup1", + "DHGroup2", + "DHGroup14", + "DHGroup2048", + "ECP256", + "ECP384", + "DHGroup24" + ], + "x-ms-enum": { + "name": "DhGroup", + "modelAsString": true + } + }, + "pfsGroup": { + "type": "string", + "description": "The Pfs Groups used in IKE Phase 2 for new child SA.", + "enum": [ + "None", + "PFS1", + "PFS2", + "PFS2048", + "ECP256", + "ECP384", + "PFS24", + "PFS14", + "PFSMM" + ], + "x-ms-enum": { + "name": "PfsGroup", + "modelAsString": true + } + } + }, + "required": [ + "saLifeTimeSeconds", + "saDataSizeKilobytes", + "ipsecEncryption", + "ipsecIntegrity", + "ikeEncryption", + "ikeIntegrity", + "dhGroup", + "pfsGroup" + ], + "description": "An IPSec parameters for a virtual network gateway P2S connection." + }, "LocalNetworkGatewayPropertiesFormat": { "properties": { "localNetworkAddressSpace": { diff --git a/specification/network/resource-manager/readme.md b/specification/network/resource-manager/readme.md index 1ab2cee02764..756f65f15292 100644 --- a/specification/network/resource-manager/readme.md +++ b/specification/network/resource-manager/readme.md @@ -38,26 +38,26 @@ These settings apply only when `--tag=package-2018-02` is specified on the comma ``` yaml $(tag) == 'package-2018-02' input-file: -- Microsoft.Network/2018-02-01/applicationGateway.json -- Microsoft.Network/2018-02-01/applicationSecurityGroup.json -- Microsoft.Network/2018-02-01/checkDnsAvailability.json -- Microsoft.Network/2018-02-01/endpointService.json -- Microsoft.Network/2018-02-01/expressRouteCircuit.json -- Microsoft.Network/2018-02-01/loadBalancer.json -- Microsoft.Network/2018-02-01/network.json -- Microsoft.Network/2018-02-01/networkInterface.json -- Microsoft.Network/2018-02-01/networkSecurityGroup.json -- Microsoft.Network/2018-02-01/networkWatcher.json -- Microsoft.Network/2018-02-01/operation.json -- Microsoft.Network/2018-02-01/publicIpAddress.json -- Microsoft.Network/2018-02-01/routeFilter.json -- Microsoft.Network/2018-02-01/routeTable.json -- Microsoft.Network/2018-02-01/serviceCommunity.json -- Microsoft.Network/2018-02-01/usage.json -- Microsoft.Network/2018-02-01/virtualNetwork.json -- Microsoft.Network/2018-02-01/virtualNetworkGateway.json -- Microsoft.Network/2018-02-01/vmssNetworkInterface.json -- Microsoft.Network/2018-02-01/vmssPublicIpAddress.json +- Microsoft.Network/stable/2018-02-01/applicationGateway.json +- Microsoft.Network/stable/2018-02-01/applicationSecurityGroup.json +- Microsoft.Network/stable/2018-02-01/checkDnsAvailability.json +- Microsoft.Network/stable/2018-02-01/endpointService.json +- Microsoft.Network/stable/2018-02-01/expressRouteCircuit.json +- Microsoft.Network/stable/2018-02-01/loadBalancer.json +- Microsoft.Network/stable/2018-02-01/network.json +- Microsoft.Network/stable/2018-02-01/networkInterface.json +- Microsoft.Network/stable/2018-02-01/networkSecurityGroup.json +- Microsoft.Network/stable/2018-02-01/networkWatcher.json +- Microsoft.Network/stable/2018-02-01/operation.json +- Microsoft.Network/stable/2018-02-01/publicIpAddress.json +- Microsoft.Network/stable/2018-02-01/routeFilter.json +- Microsoft.Network/stable/2018-02-01/routeTable.json +- Microsoft.Network/stable/2018-02-01/serviceCommunity.json +- Microsoft.Network/stable/2018-02-01/usage.json +- Microsoft.Network/stable/2018-02-01/virtualNetwork.json +- Microsoft.Network/stable/2018-02-01/virtualNetworkGateway.json +- Microsoft.Network/stable/2018-02-01/vmssNetworkInterface.json +- Microsoft.Network/stable/2018-02-01/vmssPublicIpAddress.json ``` ### Tag: package-2018-01