管理 IPSec VPN 通道 (ibmcloud sl ipsec)
IBM Cloud® VPN 存取容許使用者透過 IBM Cloud 專用網路,由遠端安全地管理所有伺服器。 從您的位置至專用網路的 VPN 連線,讓您能透過已加密的 VPN 通道進行頻外管理,以及伺服器救援。
從 IBM Cloud 指令行介面使用下列指令來管理 IBM Cloud 標準基礎架構 IPSec VPN 服務中的 IPSec VPN 通道。
ibmcloud sl ipsec cancel
取消 IPSec VPN 通道環境定義
ibmcloud sl ipsec cancel CONTEXT_ID [flags]
指令選項:
- -- f,force
- 強制執行作業,而不進行確認
- --immediate
- 立即取消 IPSec,而不是在計費週年日取消
- --reason
- 選用的取消理由
ibmcloud sl ipsec config
通道環境定義的要求配置
ibmcloud sl ipsec config CONTEXT_ID [OPTIONS]
Request configuration of a tunnel context.
This action will update the advancedConfigurationFlag on the context
instance and further modifications against the context will be prevented
until all changes can be propagated to network devices.
ibmcloud sl ipsec config CONTEXT_ID
ibmcloud sl ipsec detail
列出 IPSec VPN 通道環境定義詳細資料
ibmcloud sl ipsec detail CONTEXT_ID [OPTIONS]
List IPSEC VPN tunnel context details.
Additional resources can be joined using multiple instances of the include
option, for which the following choices are available.
at: address translations
is: internal subnets
rs: remote subnets
sr: statically routed subnets
ss: service subnets
ibmcloud sl ipsec detail CONTEXT_ID [flags]
指令選項:
- -- i,包括
- 包含額外的資源。 選項包含:at、is、rs、sr、ss
ibmcloud sl ipsec list
列出 IPSec VPN 通道環境定義
ibmcloud sl ipsec list [flags]
指令選項:
- --order
- 依購買 IPSec 的訂單 ID 過濾
ibmcloud sl ipsec order
訂購 IPSec VPN 通道
ibmcloud sl ipsec order [flags]
指令選項:
- --d,資料中心
- IPSec 資料中心的簡稱。 例如,dal09[必要]
ibmcloud sl ipsec subnet-add
將子網路新增至 IPSec 通道環境定義
ibmcloud sl ipsec subnet-add CONTEXT_ID [OPTIONS]
Add a subnet to an IPSEC tunnel context.
A subnet id may be specified to link to the existing tunnel context.
Otherwise, a network identifier in CIDR notation should be specified,
indicating that a subnet resource should first be created before
associating it with the tunnel context. Note that this is only supported
for remote subnets, which are also deleted upon failure to attach to a
context.
A separate configuration request should be made to realize changes on
network devices.
ibmcloud sl ipsec subnet-add CONTEXT_ID [flags]
指令選項:
- -- n,網路
- 要建立的子網路 ID
- -- s,subnet-id
- 要新增的子網路 ID,必要項目
- -- t,subnet-type
- 要新增的子網路類型。 選項包含: 內部、遠端、服務[必要]
ibmcloud sl ipsec subnet-remove
從 IPSEC 通道環境定義移除子網路
ibmcloud sl ipsec subnet-remove CONTEXT_ID SUBNET_ID SUBNET_TYPE
Remove a subnet from an IPSEC tunnel context.
The subnet id to remove must be specified.
Remote subnets are deleted upon removal from a tunnel context.
A separate configuration request should be made to realize changes on
network devices.
ibmcloud sl ipsec subnet-remove CONTEXT_ID SUBNET_ID SUBNET_TYPE
ibmcloud sl ipsec translation-add
將位址轉換新增至 IPSec 通道
ibmcloud sl ipsec translation-add CONTEXT_ID [OPTIONS]
Add an address translation to an IPSEC tunnel context.
A separate configuration request should be made to realize changes on
network devices.
ibmcloud sl ipsec translation-add CONTEXT_ID [flags]
指令選項:
- -- n,附註
- 附註值
- -- r,remote-ip
- [需要] 遠端 IP 位址
- -- s,static-ip
- [需要] 靜態 IP 位址
ibmcloud sl ipsec translation-remove
從 IPSec 移除轉換項目
ibmcloud sl ipsec translation-remove CONTEXT_ID TRANSLATION_ID
Remove a translation entry from an IPSEC tunnel context.
A separate configuration request should be made to realize changes on
network devices.
ibmcloud sl ipsec translation-remove CONTEXT_ID TRANSLATION_ID
ibmcloud sl ipsec translation-update
更新 IPSec 的位址轉換
ibmcloud sl ipsec translation-update CONTEXT_ID TRANSLATION_ID [OPTIONS]
Update an address translation for an IPSEC tunnel context.
A separate configuration request should be made to realize changes on
network devices.
ibmcloud sl ipsec translation-update CONTEXT_ID TRANSLATION_ID [flags]
指令選項:
- -- n,附註
- 附註
- -- r,remote-ip
- [需要] 遠端 IP 位址
- -- s,static-ip
- [需要] 靜態 IP 位址
ibmcloud sl ipsec update
更新通道環境定義內容
ibmcloud sl ipsec update CONTEXT_ID [OPTIONS]
Update tunnel context properties.
Updates are made atomically, so either all are accepted or none are.
Key life values must be in the range 120-172800.
Phase 2 perfect forward secrecy must be in the range 0-1.
A separate configuration request should be made to realize changes on
network devices.
ibmcloud sl ipsec update CONTEXT_ID [flags]
指令選項:
- -- n,名稱
- 一般名稱
- -- a,phase1-auth
- 階段 1 鑑別。 選項包含:MD5、SHA1、SHA256
- -- c,phase1-crypto
- 階段 1 加密。 選項包含:DES、3DES、AES128、AES192、AES256
- --d、phase1-dh
- 階段 1 Diffie-Hellman 群組。 選項包含:0、1、2、5
- -- t,phase1-key-ttl
- 階段 1 金鑰使用期限。 範圍是 120-172800
- -- u,phase2-auth
- 階段 2 鑑別。 選項包含:MD5、SHA1、SHA256
- -- y,phase2-crypto
- 階段 2 加密。 選項包含:DES、3DES、AES128、AES192、AES256
- -- e,phase2-dh
- 階段 2 Diffie-Hellman 群組。 選項包含:0、1、2、5
- -- f,phase2-forward-secrecy
- 階段 2 完全秘密轉遞。 範圍是 0-1
- -- l,phase2-key-ttl
- 階段 2 金鑰使用期限。 範圍是 120-172800
- -- k,預先共用金鑰
- 預先共用金鑰
- -- r,遠端對等節點
- 遠端對等節點 IP 位址