| Parameter | Choices/Defaults | Comments | 
                
                                                            | auth_algorithm 
                    string
                                                                 | Choices:
                                                                                                                                                            sha1sha256sha384sha512aes-gcm128aes-gcm192aes-gcm256aes-gmac128aes-gmac192aes-gmac256 | Specifies the algorithm to use for IKE authentication. | 
                            
                                                            | description 
                    string
                                                                 |  | Description of the policy | 
                            
                                                            | encrypt_algorithm 
                    string
                                                                 | Choices:
                                                                                                                                                            none3desaes128aes192aes256aes-gmac256aes-gmac192aes-gmac128aes-gcm256aes-gcm192aes-gcm256aes-gcm128 | Specifies the algorithm to use for IKE encryption. | 
                            
                                                            | ipcomp 
                    string
                                                                 | Choices:
                                                                                                                                                            nonenulldeflate | Specifies whether to use IPComp encapsulation. When none, specifies that IPComp is disabled. When deflate, specifies that IPComp is enabled and uses the Deflate compression algorithm. | 
                            
                                                            | ipv4_interface 
                    boolean
                                                                 added in 2.9 |  | When modeisinterfaceindicate if the IPv4anyaddress should be used. By defaultBIG-IPassumesany6address for tunnel addresses whenmodeisinterface. This option takes effect only when modeis set tointerface. | 
                            
                                                            | kb_lifetime 
                    integer
                                                                 |  | Specifies the length of time, in kilobytes, before the IKE security association expires. | 
                            
                                                            | lifetime 
                    integer
                                                                 |  | Specifies the length of time, in minutes, before the IKE security association expires. | 
                            
                                                            | mode 
                    string
                                                                 | Choices:
                                                                                                                                                            transportinterfaceisessiontunnel | Specifies the processing mode. When transport, specifies a mode that encapsulates only the payload (adding an ESP header, trailer, and authentication tag). When tunnel, specifies a mode that includes encapsulation of the header as well as the payload (adding a new IP header, in addition to adding an ESP header, trailer, and authentication tag). If you select this option, you must also provide IP addresses for the local and remote endpoints of the IPsec tunnel. When isession, specifies the use of iSession over an IPsec tunnel. To use this option, you must also configure the iSession endpoints with IPsec in the Acceleration section of the user interface. When interface, specifies that the IPsec policy can be used in the tunnel profile for network interfaces. | 
                            
                                                            | name 
                    string
                                             / required                     |  | Specifies the name of the IPSec policy. | 
                            
                                                            | partition 
                    string
                                                                 | Default: 
 "Common" | Device partition to manage resources on. | 
                            
                                                            | perfect_forward_secrecy 
                    string
                                                                 | Choices:
                                                                                                                                                            nonemodp768modp1024modp1536modp2048modp3072modp4096modp6144modp8192 | Specifies the Diffie-Hellman group to use for IKE Phase 2 negotiation. | 
                            
                                                            | protocol 
                    string
                                                                 |  | Specifies the IPsec protocol Options include ESP (Encapsulating Security Protocol) or AH (Authentication Header). | 
                            
                                                            | provider 
                    dictionary
                                                                 added in 2.5 |  | A dict object containing connection details. | 
                                                        
                                                |  | auth_provider 
                    string
                                                                 |  | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | 
                            
                                                |  | password 
                    string
                                             / required                     |  | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
 | 
                            
                                                |  | server 
                    string
                                             / required                     |  | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | 
                            
                                                |  | server_port 
                    integer
                                                                 | Default: 
 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | 
                            
                                                |  | ssh_keyfile 
                    path
                                                                 |  | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | 
                            
                                                |  | timeout 
                    integer
                                                                 |  | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | 
                            
                                                |  | transport 
                    string
                                                                 |  | Configures the transport connection to use when connecting to the remote device. | 
                            
                                                |  | user 
                    string
                                             / required                     |  | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | 
                            
                                                |  | validate_certs 
                    boolean
                                                                 |  | If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | 
                                            
                                                            | route_domain 
                    integer
                                                                 |  | Specifies the route domain, when interfaceis selected for themodesetting. | 
                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absent | When present, ensures that the resource exists. When absent, ensures the resource is removed. | 
                            
                                                            | tunnel_local_address 
                    string
                                                                 |  | Specifies the local endpoint IP address of the IPsec tunnel. This parameter is only valid when modeistunnel. | 
                            
                                                            | tunnel_remote_address 
                    string
                                                                 |  | Specifies the remote endpoint IP address of the IPsec tunnel. This parameter is only valid when modeistunnel. |