# Ensure IPSec Tunnel
Ensures that the IPSec Tunnel with the provided ID is created or modified. The full IPSec Tunnel needs to be provided to ensure (either update or create) the IPSec Tunnel. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.s
To ensure that the IPSec Tunnel with the provided ID is created or modified, perform `PUT` request.
{% hint style="info" %}
**Note:** If IPSec Tunnel for a given `tunnelId` does not exist, a new one is created instead.
{% endhint %}
## Endpoint
Use a [region-specific](https://docs.ionos.com/sections-test/guides/network-services/vpn-gateway/api-how-tos/..#endpoints) endpoint to ensure that IPSec Tunnel is created or modified: `https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}`.
## Request
{% hint style="info" %}
**Note:** The following request contains a sample `gatewayId` and `tunnelId`. Replace them with the `gatewayId` and `tunnelId` values whose information you want to update.
{% endhint %}
```bash
curl --location \
--request PUT 'https://vpn.de-fra.ionos.com/ipsecgateways/66a114c7-2ddd-5119-9ddf-5a789f5a5a44/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--header 'Content-Type: application/json' \
--data-raw '{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {
"key": "X2wosbaw74M8hQGbK3jCCaEusR6CCFRa"
}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}'
```
{% tabs %}
{% tab title="Path Parameters" %}
You can update the `gatewayId` and `tunnelId` values to specify the IPSec Gateway and Tunnel:
| Path Parameter | Type | Description | Example |
| -------------- | ------ | ----------------------------------- | -------------------------------------- |
| `gatewayId` | string | The ID (UUID) of the IPSec Gateway. | `66a114c7-2ddd-5119-9ddf-5a789f5a5a44` |
| `tunnelId` | string | The ID (UUID) of the IPSec Tunnel. | `c28b2d3e-7b15-53ca-ae88-6ae9378d6efe` |
| {% endtab %} | | | |
{% tab title="Request Body Parameters" %}
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
| Body Parameters | Required | Type | Description | Example |
| ------------------------------ | -------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
| `id` | yes | string | The ID (UUID) of the IPSec Tunnel. | `c28b2d3e-7b15-53ca-ae88-6ae9378d6efe` |
| `metadata` | no | object | Metadata | `{}` |
| `properties` | yes | object | Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway. | |
| `properties.name` | yes | string | The human-readable name of your IPSec Gateway Tunnel. | `My Updated Tunnel` |
| `properties.description` | no | string | Human-readable description of the IPSec Gateway Tunnel. | `Updated tunnel connecting site A to site B.` |
| `properties.remoteHost` | yes | string | The remote peer host fully qualified domain name or IPV4 IP to connect to. | `203.0.113.1` |
| `properties.auth` | yes | object | Properties with all data needed to define IPSec Authentication. | |
| `properties.auth.method` | yes | string | The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: `PSK` | `PSK` |
| `properties.auth.psk` | yes | object | Properties needed to define IPSec Authentication PSK. This is required if the method is `PSK`. | `{ "secret": "your-psk-value" }` |
| `properties.ike` | no | object | Settings for the initial security exchange phase. | `{ "encryption": "AES-256", "hash": "SHA256" }` |
| `properties.esp` | no | object | Settings for the IPSec SA (ESP) phase. | `{ "encryption": "AES-256", "auth": "SHA256" }` |
| `properties.cloudNetworkCIDRs` | yes | array | The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, that is, the CIDRs within your IONOS Cloud LAN. | `["10.0.0.0/24", "203.0.113.0/24"]` |
| `properties.peerNetworkCIDRs` | yes | array | The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel. | `["10.0.1.0/24", "198.51.100.0/24"]` |
| {% endtab %} | | | | |
{% tab title="Request Header Parameters" %}
To make authenticated requests to the API, the following fields are mandatory in the request header:
| Header Parameters | Required | Type | Description |
| ----------------- | -------- | ------ | --------------------------------------------------------------------------------- |
| `Authorization` | yes | string | The Bearer token to enable requests to authenticate using a JSON Web Token (JWT). |
| `Content-Type` | yes | string | Set this to `application/json`. |
| {% endtab %} | | | |
| {% endtabs %} | | | |
## Response
**200 Successful operation**
Following is an example of when a IPSec Tunnel is successfully created.
```json
{
"id": "c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"type": "ipsectunnel",
"href": "/ipsecgateways/{gatewayId}/tunnels/c28b2d3e-7b15-53ca-ae88-6ae9378d6efe",
"metadata": {
"createdDate": "2020-12-10T13:37:50+01:00",
"createdBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"createdByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedDate": "2020-12-11T13:37:50+01:00",
"lastModifiedBy": "ionos:identity:::users/87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"lastModifiedByUserId": "87f9a82e-b28d-49ed-9d04-fba2c0459cd3",
"resourceURN": "ionos::::",
"status": "AVAILABLE",
"statusMessage": null
},
"properties": {
"name": "My Company Gateway Tunnel",
"description": "Allows local subnet X to connect to virtual network Y.",
"remoteHost": "vpn.mycompany.com",
"auth": {
"method": "PSK",
"psk": {}
},
"ike": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 86400
},
"esp": {
"diffieHellmanGroup": "16-MODP4096",
"encryptionAlgorithm": "AES256",
"integrityAlgorithm": "SHA256",
"lifetime": 3600
},
"cloudNetworkCIDRs": [
"203.0.113.0/24"
],
"peerNetworkCIDRs": [
"198.51.100.0/24"
]
}
}
```
{% hint style="success" %}
**Result:** The IPSec Tunnel is successfully updated or created.
{% endhint %}