ip-sec-connection

Description

A connection between a DRG and CPE. This connection consists of multiple IPSec tunnels. Creating this connection is one of the steps required when setting up a Site-to-Site VPN.

Important: Each tunnel in an IPSec connection can use either static routing or BGP dynamic routing (see the IPSecConnectionTunnel object’s routing attribute). Originally only static routing was supported and every IPSec connection was required to have at least one static route configured. To maintain backward compatibility in the API when support for BPG dynamic routing was introduced, the API accepts an empty list of static routes if you configure both of the IPSec tunnels to use BGP dynamic routing. If you switch a tunnel’s routing from BGP to STATIC, you must first ensure that the IPSec connection is configured with at least one valid CIDR block static route. Oracle uses the IPSec connection’s static routes when routing a tunnel’s traffic only if that tunnel’s routing attribute = STATIC. Otherwise the static routes are ignored.

For more information about the workflow for setting up an IPSec connection, see Site-to-Site VPN Overview.

To use any of the API operations, you must be authorized in an IAM policy. If you’re not authorized, talk to an administrator. If you’re an administrator who needs to write policies to give users access, see Getting Started with Policies.