Downloads the configurations of the peer gateway device of an IPsec-VPN connection.
Debugging
Request parameters
Parameter |
Type |
Required |
Example |
Description |
Action | String | Yes | DownloadVpnConnectionConfig | The operation that you want to perform. Set the value to DownloadVpnConnectionConfig. |
RegionId | String | Yes | cn-shanghai | The ID of the region where the IPsec-VPN connection is created. You can call the DescribeRegions operation to query the most recent region list. |
VpnConnectionId | String | Yes | vco-bp1bbi27hojx80nck**** | The ID of the IPsec-VPN connection. |
Response parameters
Parameter |
Type |
Example |
Description |
RequestId | String | 0C68048B-0F70-40DA-B8AE-1B79B5CF62E3 | The request ID. |
VpnConnectionConfig | Object | The configurations of the peer gateway device. |
|
Remote | String | 116.62.XX.XX | The identifier of the VPN gateway. |
Local | String | 139.196.XX.XX | The identifier of the customer gateway. |
RemoteSubnet | String | 192.168.0.0/16 | The CIDR block on the virtual private cloud (VPC) side. |
LocalSubnet | String | 10.0.0.0/8 | The CIDR block on the data center side. |
IkeConfig | Object | The configurations of Phase 1 negotiations. |
|
RemoteId | String | 116.62.XX.XX | The identifier of the VPN gateway. FQDN and IP formats are supported. The default value is the IP address of the VPN gateway. |
IkeLifetime | Long | 86400 | The lifetime in the IKE phase. Unit: seconds. |
IkeEncAlg | String | aes | The encryption algorithm in the IKE phase. |
LocalId | String | 139.196.XX.XX | The identifier of the customer gateway. FQDN and IP formats are supported. The default value is the IP address of the customer gateway. |
IkeMode | String | main | The IKE negotiation mode. Valid values:
|
IkeVersion | String | ikev1 | The IKE version. |
IkePfs | String | group2 | The DH group in the IKE phase. |
Psk | String | pgw6dy7d1i8i**** | The pre-shared key. |
IkeAuthAlg | String | sha1 | The authentication algorithm in the IKE phase. |
IpsecConfig | Object | The configurations of Phase 2 negotiations. |
|
IpsecAuthAlg | String | sha1 | The authentication algorithm in the IPsec phase. |
IpsecEncAlg | String | aes | The encryption algorithm in the IPsec phase. |
IpsecLifetime | Long | 86400 | The lifetime in the IPsec phase. Unit: seconds. |
IpsecPfs | String | group2 | The DH group in the IPsec phase. |
TunnelsConfig | Array of TunnelConfig | The tunnel configuration of the peer gateway device. Parameters in TunnelsConfig are returned only if the IPsec-VPN connection is in dual-tunnel mode. |
|
TunnelConfig | |||
TunnelId | String | tun-opsqc4d97wni27**** | The tunnel ID. |
Local | String | 47.21.XX.XX | The identifier of the tunnel on the data center side. |
Remote | String | 47.24.XX.XX | The identifier of the tunnel on the Alibaba Cloud side. |
IkeConfig | Object | The configurations of Phase 1 negotiations. |
|
Psk | String | pgw6dy7d1i8i**** | The pre-shared key. |
IkeVersion | String | ikev1 | The IKE version. |
IkeMode | String | main | The IKE negotiation mode. Valid values:
|
IkeEncAlg | String | aes | The encryption algorithm in the IKE phase. |
IkeAuthAlg | String | sha1 | The authentication algorithm in the IKE phase. |
IkePfs | String | group2 | The DH group in the IKE phase. |
IkeLifetime | Long | 86400 | The lifetime in the IKE phase. Unit: seconds. |
LocalId | String | 47.21.XX.XX | The identifier of the tunnel on the data center side. |
RemoteId | String | 47.24.XX.XX | The identifier of the tunnel on the Alibaba Cloud side. |
IpsecConfig | Object | The configurations of Phase 2 negotiations. |
|
IpsecAuthAlg | String | sha1 | The authentication algorithm in the IPsec phase. |
IpsecEncAlg | String | aes | The encryption algorithm in the IPsec phase. |
IpsecPfs | String | group2 | The DH group in the IPsec phase. |
IpsecLifetime | Long | 86400 | The lifetime in the IPsec phase. Unit: seconds. |
Examples
Sample requests
https://vpc.aliyuncs.com/?Action=DownloadVpnConnectionConfig
&RegionId=cn-shanghai
&VpnConnectionId=vco-bp1bbi27hojx80nck****
&<Common request parameters>
Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<DownloadVpnConnectionConfigResponse>
<RequestId>0C68048B-0F70-40DA-B8AE-1B79B5CF62E3</RequestId>
<VpnConnectionConfig>
<Remote>116.62.XX.XX</Remote>
<Local>139.196.XX.XX</Local>
<RemoteSubnet>192.168.0.0/16</RemoteSubnet>
<LocalSubnet>10.0.0.0/8</LocalSubnet>
<IkeConfig>
<RemoteId>139.196.XX.XX</RemoteId>
<IkeLifetime>86400</IkeLifetime>
<IkeEncAlg>aes</IkeEncAlg>
<LocalId>116.62.XX.XX</LocalId>
<IkeMode>main</IkeMode>
<IkeVersion>ikev1</IkeVersion>
<IkePfs>group2</IkePfs>
<Psk>pgw6dy7d1i8i****</Psk>
<IkeAuthAlg>sha1</IkeAuthAlg>
</IkeConfig>
<IpsecConfig>
<IpsecAuthAlg>sha1</IpsecAuthAlg>
<IpsecLifetime>86400</IpsecLifetime>
<IpsecEncAlg>aes</IpsecEncAlg>
<IpsecPfs>group2</IpsecPfs>
</IpsecConfig>
</VpnConnectionConfig>
</DownloadVpnConnectionConfigResponse>
JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "0C68048B-0F70-40DA-B8AE-1B79B5CF62E3",
"VpnConnectionConfig" : {
"Remote" : "116.62.XX.XX",
"Local" : "139.196.XX.XX",
"RemoteSubnet" : "192.168.0.0/16",
"LocalSubnet" : "10.0.0.0/8",
"IkeConfig" : {
"RemoteId" : "139.196.XX.XX",
"IkeLifetime" : 86400,
"IkeEncAlg" : "aes",
"LocalId" : "116.62.XX.XX",
"IkeMode" : "main",
"IkeVersion" : "ikev1",
"IkePfs" : "group2",
"Psk" : "pgw6dy7d1i8i****",
"IkeAuthAlg" : "sha1"
},
"IpsecConfig" : {
"IpsecAuthAlg" : "sha1",
"IpsecLifetime" : 86400,
"IpsecEncAlg" : "aes",
"IpsecPfs" : "group2"
}
}
}
Error codes
HttpCode |
Error code |
Error message |
Description |
403 | Forbbiden.SubUser | User not authorized to operate on the specified resource as your account is created by another user. | You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again. |
403 | Forbidden | User not authorized to operate on the specified resource. | You are unauthorized to perform this operation on the specified resource. You can apply for the required permissions and try again. |
404 | InvalidVpnConnectionInstanceId.NotFound | The specified vpn connection instance id does not exist. | The specified IPsec connection does not exist. Check whether the ID of the IPsec connection is valid. |
For a list of error codes, see Service error codes.