ListIpsecServers - Virtual Private Cloud - Alibaba Cloud Documentation Center

Queries IPsec servers.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
vpc:ListIpsecServers	list	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region where the IPsec server is created. You can call the DescribeRegions operation to query the most recent region list.	cn-hangzhou
IpsecServerName	string	No	The name of the IPsec server. The name must be 1 to 100 characters in length and cannot start with `http://` or `https://`.	test
VpnGatewayId	string	No	The ID of the VPN gateway.	vpn-bp1q8bgx4xnkm2ogj****
NextToken	string	No	The pagination token that is used in the next request to retrieve a new page of results. Valid values: If this is your first request and no next requests are to be performed, you do not need to specify this parameter. You must specify the token that is obtained from the previous query as the value of NextToken.	caeba0bbb2be03f84eb48b699f0a****
MaxResults	integer	No	The number of entries to return on each page. Valid values: 1 to 20. Default value: 10.	10
IpsecServerId	array	No	The ID of the IPsec server.
	string	No	The ID of the IPsec server. Valid values of N: 1 to 20.	iss-bp1bo3xuvcxo7ixll****
ResourceGroupId	string	No	The ID of the resource group to which the IPsec server belongs. The IPsec server has the same resource group as its associated VPN gateway instance. You can call the DescribeVpnGateway operation to query the ID of the resource group to which the VPN gateway instance belongs.	rg-acfmzs372yg****

Response parameters

Parameter	Type	Description	Example
	object
NextToken	string	A pagination token. It can be used in the next request to retrieve a new page of results. Valid values: If no value is returned for NextToken, no next queries are sent. If a value is returned for NextToken, the value can be used in the next request to retrieve a new page of results.	caeba0bbb2be03f84eb48b699f0a****
RequestId	string	The request ID.	54B48E3D-DF70-471B-AA93-08E683A1B457
TotalCount	integer	The total number of entries returned.	10
MaxResults	integer	The number of entries returned per page.	1
IpsecServers	array<object>	The list of IPsec servers.
	object
CreationTime	string	The time when the IPsec server was created. T is used as a delimiter. Z indicates that the time is in UTC.	2018-12-03T10:11:55Z
OnlineClientCount	integer	The number of clients that are connected to the IPsec server.	1
InternetIp	string	The public IP address of the VPN gateway.	47.22.XX.XX
IpsecServerName	string	The name of the IPsec server.	test
IDaaSInstanceId	string	The ID of the IDaaS instance.	idaas-cn-hangzhou-****
EffectImmediately	boolean	Indicates whether the current IPsec tunnel is deleted and negotiations are reinitiated. Valid values: true: immediately initiates negotiations after the configuration is completed. false: initiates negotiations when inbound traffic is detected.	false
VpnGatewayId	string	The ID of the VPN gateway.	vpn-bp1q8bgx4xnkm2ogj****
LocalSubnet	string	The local CIDR blocks, which refer to the CIDR blocks on the virtual private cloud (VPC) side.	192.168.0.0/16,172.17.0.0/16
Psk	string	The pre-shared key.	pgw6dy7d****
RegionId	string	The ID of the region where the IPsec server is created.	cn-hangzhou
PskEnabled	boolean	Indicates whether pre-shared key authentication is enabled. Only true may be returned, which indicates that pre-shared key authentication is enabled.	true
IpsecServerId	string	The IPsec server ID.	iss-bp1bo3xuvcxo7ixll****
MultiFactorAuthEnabled	boolean	Indicates whether two-factor authentication is enabled. Valid values: true false: The feature is disabled.	true
MaxConnections	integer	The number of SSL-VPN connections supported by the VPN gateway. Note The number of SSL-VPN connections specified in this parameter includes both SSL-VPN and IPsec-VPN connections. For example, you have five SSL-VPN connections and three SSL clients occupy three SSL-VPN connections. In this case, two clients can connect to the IPsec server.	5
ClientIpPool	string	The client CIDR block. It refers to the CIDR block that is allocated to the virtual interface of the client.	10.0.0.0/24
IkeConfig	object	The configurations of Phase 1 negotiations.
RemoteId	string	The identifier of the customer gateway. Both fully qualified domain names (FQDNs) and IP addresses are supported. By default, this parameter is empty.	139.67.XX.XX
IkeLifetime	long	The IKE lifetime. Unit: seconds.	86400
IkeEncAlg	string	The IKE encryption algorithm.	aes
LocalId	string	The ID of the IPsec server. The default value is the public IP address of the VPN gateway. Both FQDNs and IP addresses are supported.	116.64.XX.XX
IkeMode	string	The IKE negotiation mode. Valid values: main: This mode offers higher security during negotiations.	main
IkeVersion	string	The IKE version.	ikev2
IkePfs	string	The Diffie-Hellman key exchange algorithm.	group2
IkeAuthAlg	string	The IKE authentication algorithm.	sha1
IpsecConfig	object	The configurations of Phase 2 negotiations.
IpsecAuthAlg	string	The IPsec authentication algorithm.	sha1
IpsecLifetime	long	The IPsec lifetime. Unit: seconds.	86400
IpsecEncAlg	string	The IPsec encryption algorithm.	aes
IpsecPfs	string	The Diffie-Hellman key exchange algorithm.	group2
ResourceGroupId	string	The ID of the resource group to which the IPsec server belongs. You can call the ListResourceGroups operation to query the resource group information.	rg-acfmzs372yg****

Examples

Sample success responses

JSONformat

{
  "NextToken": "caeba0bbb2be03f84eb48b699f0a****",
  "RequestId": "54B48E3D-DF70-471B-AA93-08E683A1B457",
  "TotalCount": 10,
  "MaxResults": 1,
  "IpsecServers": [
    {
      "CreationTime": "2018-12-03T10:11:55Z",
      "OnlineClientCount": 1,
      "InternetIp": "47.22.XX.XX",
      "IpsecServerName": "test",
      "IDaaSInstanceId": "idaas-cn-hangzhou-****",
      "EffectImmediately": false,
      "VpnGatewayId": "vpn-bp1q8bgx4xnkm2ogj****",
      "LocalSubnet": "192.168.0.0/16,172.17.0.0/16",
      "Psk": "pgw6dy7d****",
      "RegionId": "cn-hangzhou",
      "PskEnabled": true,
      "IpsecServerId": "iss-bp1bo3xuvcxo7ixll****",
      "MultiFactorAuthEnabled": true,
      "MaxConnections": 5,
      "ClientIpPool": "10.0.0.0/24",
      "IkeConfig": {
        "RemoteId": "139.67.XX.XX",
        "IkeLifetime": 86400,
        "IkeEncAlg": "aes",
        "LocalId": "116.64.XX.XX",
        "IkeMode": "main",
        "IkeVersion": "ikev2",
        "IkePfs": "group2",
        "IkeAuthAlg": "sha1"
      },
      "IpsecConfig": {
        "IpsecAuthAlg": "sha1",
        "IpsecLifetime": 86400,
        "IpsecEncAlg": "aes",
        "IpsecPfs": "group2"
      },
      "ResourceGroupId": "rg-acfmzs372yg****"
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	IllegalParam.NextToken	The specified NextToken is invalid.	The specified NextToken is invalid.
403	Forbidden	User not authorized to operate on the specified resource.	You do not have the permissions to manage the specified resource. Apply for the permissions and try again.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2023-10-19	API Description Update. The Error code has changed. The request parameters of the API has changed. The response structure of the API has changed	View Change Details