# Create IPSec Tunnel
* Creates a new IPSec Tunnel.
* The full IPSec Tunnel needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a IPSec Tunnel, perform a `POST` request.
## Endpoint
Use a [region-specific](/cloud/network-services/vpn-gateway/api-how-tos.md#endpoints) endpoint to create IPSec Tunnel: `https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels`.
## Request
```bash
curl --location \
--request POST 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}'
```
{% tabs %}
{% tab title="Path Parameters" %}
You can update the `gatewayId` value to get a specific IPSecGateway:
| Path Parameter | Type | Description | Example |
| -------------- | ------ | ----------------------------------- | -------------------------------------- |
| `gatewayId` | string | The ID (UUID) of the IPSec Gateway. | `66a114c7-2ddd-5119-9ddf-5a789f5a5a44` |
| {% endtab %} | | | |
{% tab title="Request Body Parameters" %}
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
| Body Parameters | Required | Type | Description | Example |
| ------------------------------ | -------- | ------ | ------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------- |
| `metadata` | no | object | Metadata | `{}` |
| `properties` | yes | object | Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway. | |
| `properties.name` | yes | string | The human-readable name of your IPSec Gateway Tunnel. | `My Tunnel` |
| `properties.description` | no | string | Human-readable description of the IPSec Gateway Tunnel. | `Tunnel connecting site A to site B.` |
| `properties.remoteHost` | yes | string | The remote peer host fully qualified domain name or IPV4 IP to connect to. | `203.0.113.1` |
| `properties.auth` | yes | object | Properties needed to define IPSec Authentication. | |
| `properties.auth.ike` | yes | object | Settings for the initial security exchange phase. | `{ "encryption": "AES-256", "hash": "SHA256" }` |
| `properties.auth.esp` | yes | object | Settings for the IPSec SA (ESP) phase. | `{ "encryption": "AES-256", "auth": "SHA256" }` |
| `properties.cloudNetworkCIDRs` | yes | array | The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel. | `["10.0.0.0/24", "203.0.113.0/24"]` |
| `properties.peerNetworkCIDRs` | yes | array | The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel. | `["10.0.1.0/24", "198.51.100.0/24"]` |
| {% endtab %} | | | | |
{% tab title="Request Header Parameters" %}
To make authenticated requests to the API, the following fields are mandatory in the request header:
| Header Parameters | Required | Type | Description |
| ----------------- | -------- | ------ | --------------------------------------------------------------------------------- |
| `Authorization` | yes | string | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
| `Content-Type` | yes | string | Set this to `application/json`. |
| {% endtab %} | | | |
| {% endtabs %} | | | |
## Response
**201 Successful operation**
```json
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos::::",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}
```
{% hint style="success" %}
**Result:** The IPSec Tunnel is successfully created. the `id` and other details of the created IPSec Tunnel are provided in the response.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ionos.com/cloud/network-services/vpn-gateway/api-how-tos/create-ipsec-tunnel.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.