paloaltonetworks / paloaltonetworks.panos / 2.19.1 / module / panos_ipsec_tunnel Manage IPSec Tunnels on the firewall with subset of settings. | "added in version" 1.0.0 of paloaltonetworks.panos" Authors: Ivan Bojer (@ivanbojer)paloaltonetworks.panos.panos_ipsec_tunnel (2.19.1) — module
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections: - name: paloaltonetworks.panos version: 2.19.1
Use IPSec Tunnels to establish and manage IPSec VPN tunnels between firewalls. This is the Phase 2 portion of the
IKE/IPSec VPN setup.
- name: Add IPSec tunnel to IKE gateway profile paloaltonetworks.panos.panos_ipsec_tunnel: provider: '{{ provider }}' name: 'IPSecTunnel-Ansible' tunnel_interface: 'tunnel.2' ak_ike_gateway: 'IKEGW-Ansible' ak_ipsec_crypto_profile: 'IPSec-Ansible'
ipv6: default: false description: - Use IPv6 for the IPsec tunnel (7.0+) type: bool name: description: - Name for the IPSec tunnel. type: str port: default: 443 description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The port number to connect to the PAN-OS device on. type: int type: choices: - auto-key - manual-key - global-protect-satellite default: auto-key description: - Type of IPsec tunnel. type: str state: choices: - present - absent - replaced - merged - deleted - gathered default: present description: - The state. type: str commit: description: - B(Deprecated) - Please use M(paloaltonetworks.panos.panos_commit_firewall), M(paloaltonetworks.panos.panos_commit_panorama), M(paloaltonetworks.panos.panos_commit_push) instead. - HORIZONTALLINE - Commit changes after creating object. If I(ip_address) is a Panorama device, and I(device_group) or I(template) are also set, perform a commit to Panorama and a commit-all to the device group/template. type: bool api_key: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The API key to use instead of generating it using I(username) / I(password). type: str copy_tos: default: false description: - Copy IP TOS bits from inner packet to IPSec packet (not recommended). type: bool disabled: default: false description: - Disable the IPsec tunnel. type: bool password: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The password to use for authentication. This is ignored if I(api_key) is specified. type: str provider: description: - A dict object containing connection details. suboptions: api_key: description: - The API key to use instead of generating it using I(username) / I(password). type: str ip_address: description: - The IP address or hostname of the PAN-OS device being configured. type: str password: description: - The password to use for authentication. This is ignored if I(api_key) is specified. type: str port: default: 443 description: - The port number to connect to the PAN-OS device on. type: int serial_number: description: - The serial number of a firewall to use for targeted commands. If I(ip_address) is not a Panorama PAN-OS device, then this param is ignored. type: str username: default: admin description: - The username to use for authentication. This is ignored if I(api_key) is specified. type: str type: dict version_added: 1.0.0 version_added_collection: paloaltonetworks.panos template: description: - (Panorama only) The template this operation should target. Mutually exclusive with I(template_stack). type: str username: default: admin description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The username to use for authentication. This is ignored if I(api_key) is specified. type: str ip_address: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The IP address or hostname of the PAN-OS device being configured. type: str anti_replay: default: true description: - Enable anti-replay check on this tunnel. type: bool mk_auth_key: description: - Authentication key (manual-key). type: str mk_protocol: choices: - esp - ah description: - Protocol for traffic through the tunnel (manual-key). type: str mk_auth_type: choices: - md5 - sha1 - sha256 - sha384 - sha512 description: - Authentication type for tunnel access (manual-key). type: str mk_interface: description: - Interface to terminate tunnel (manual-key). type: str mk_local_spi: description: - Outbound SPI in hex (manual-key). type: str gps_interface: description: - Interface to communicate with portal (global-protect-satellite). type: str mk_remote_spi: description: - Inbound SPI in hex (manual-key). type: str ak_ike_gateway: aliases: - ike_gtw_name default: default description: - Name of the existing IKE gateway (auto-key). type: str template_stack: description: - (Panorama only) The template stack this operation should target. Mutually exclusive with I(template). type: str copy_flow_label: default: false description: - Copy IPv6 flow label for 6in6 tunnel from inner packet to IPSec packet (not recommended) (7.0+). type: bool gathered_filter: description: - When I(state=gathered). - An advanced filtering option to filter results returned from PAN-OS. - Refer to the guide discussing I(gathered_filter) for more information. type: str gps_prefer_ipv6: default: false description: - Prefer to register portal in IPv6 (8.0+) (global-protect-satellite). type: bool tunnel_interface: default: tunnel.1 description: - Specify existing tunnel interface that will be used. type: str mk_esp_encryption: choices: - des - 3des - aes-128-cbc - aes-192-cbc - aes-256-cbc - 'null' description: - Encryption algorithm for tunnel traffic (manual-key). type: str mk_remote_address: description: - Tunnel peer IP address (manual-key). type: str gps_portal_address: description: - GlobalProtect portal address (global-protect-satellite). type: str gps_publish_routes: description: - Specify list of routes to publish to GlobalProtect gateway (global-protect-satellite). elements: str type: list mk_local_address_ip: description: - Exact IP address if interface has multiple IP addresses (manual-key). type: str enable_tunnel_monitor: default: false description: - Enable tunnel monitoring on this tunnel. type: bool gps_interface_ipv4_ip: description: - Exact IPv4 IP address if interface has multiple IP addresses (global-protect-satellite). type: str gps_interface_ipv6_ip: description: - Exact IPv6 IP address if interface has multiple IP addresses (8.0+) (global-protect-satellite). type: str gps_local_certificate: description: - GlobalProtect satellite certificate file name (global-protect-satellite). type: str mk_esp_encryption_key: description: - Encryption key (manual-key). type: str tunnel_monitor_dest_ip: description: - Destination IP to send ICMP probe. type: str tunnel_monitor_profile: description: - Monitoring action. type: str ak_ipsec_crypto_profile: aliases: - ipsec_profile default: default description: - Name of the existing IPsec profile or use default (auto-key). type: str gps_certificate_profile: description: - Profile for authenticating GlobalProtect gateway certificates (global-protect-satellite). type: str tunnel_monitor_proxy_id: description: - Which proxy-id (or proxy-id-v6) the monitoring traffic will use. type: str gps_publish_connected_routes: default: false description: - Enable publishing of connected and static routes (global-protect-satellite). type: bool mk_local_address_floating_ip: description: - Floating IP address in HA Active-Active configuration (manual-key). type: str gps_interface_ipv4_floating_ip: description: - Floating IPv4 IP address in HA Active-Active configuration (7.0+) (global-protect-satellite). type: str gps_interface_ipv6_floating_ip: description: - Floating IPv6 IP address in HA Active-Active configuration (8.0+) (global-protect-satellite). type: str