| Parameter | Choices/Defaults | Comments | 
                
                                                            | allow_local_dns 
                    boolean
                                                                 |  | Enables local access to DNS servers configured on client prior to establishing network access connection. | 
                            
                                                            | allow_local_subnet 
                    boolean
                                                                 |  | Enables local subnet access and local access to any host or subnet in routes specified in the client routing table. When yesthe system does not support integrated IP filtering. | 
                            
                                                            | description 
                    string
                                                                 |  | User created network access description. | 
                            
                                                            | dns_address_space 
                    list
                                                                 |  | Specifies a list of domain names describing the target LAN DNS addresses. | 
                            
                                                            | dtls 
                    boolean
                                                                 |  | When yesthe network access connection uses Datagram Transport Level Security instead of TCP, to provide better throughput for high demand applications like VoIP or streaming video. | 
                            
                                                            | dtls_port 
                    integer
                                                                 |  | Specifies the port number that the network access resource uses for secure UDP traffic with DTLS. | 
                            
                                                            | excluded_dns_addresses 
                    list
                                                                 |  | Specifies the DNS address spaces for which traffic is not forced through the tunnel. | 
                            
                                                            | excluded_ipv4_adresses 
                    list
                                                                 |  | Specifies IPV4 address spaces for which traffic is not forced through the tunnel. | 
                                                        
                                                |  | subnet 
                    string
                                                                 |  | The address of subnet in CIDR format, e.g. 192.168.1.0/24 Host addresses can be specified without the CIDR mask notation. | 
                                            
                                                            | excluded_ipv6_adresses 
                    list
                                                                 |  | Specifies IPV6 address spaces for which traffic is not forced through the tunnel. | 
                                                        
                                                |  | subnet 
                    string
                                                                 |  | The address of subnet in CIDR format, e.g. 2001:db8:abcd:8000::/52 Host addresses can be specified without the CIDR mask notation. | 
                                            
                                                            | ip_version 
                    string
                                                                 |  | Supported IP version on the network access resource. | 
                            
                                                            | ipv4_address_space 
                    list
                                                                 |  | Specifies a list of IPv4 hosts or networks describing the target LAN. This option is mandatory when creating a new resource and split_tunnelis set toyes. | 
                                                        
                                                |  | subnet 
                    string
                                                                 |  | The address of subnet in CIDR format, e.g. 192.168.1.0/24 Host addresses can be specified without the CIDR mask notation. | 
                                            
                                                            | ipv4_lease_pool 
                    string
                                                                 |  | Specifies IPV4 lease pool resource to use with network access. Referencing lease pool can be done in the full path format for example, /Common/pool_name. When lease pool is referenced in full path format, the partitionparameter is ignored. | 
                            
                                                            | ipv6_address_space 
                    list
                                                                 |  | Specifies a list of IPv6 hosts or networks describing the target LAN. This option is mandatory when creating a new resource and split_tunnelis set toyes. | 
                                                        
                                                |  | subnet 
                    string
                                                                 |  | The address of subnet in CIDR format, e.g. 2001:db8:abcd:8000::/52 Host addresses can be specified without the CIDR mask notation. | 
                                            
                                                            | ipv6_lease_pool 
                    string
                                                                 |  | Specifies IPV6 lease pool resource to use with network access. Referencing lease pool can be done in the full path format for example, /Common/pool_name. When lease pool is referenced in full path format, the partitionparameter is ignored. | 
                            
                                                            | name 
                    string
                                             / required                     |  | Specifies the name of the APM network access to manage/create. | 
                            
                                                            | partition 
                    string
                                                                 | Default: 
 "Common" | Device partition to manage resources on. | 
                            
                                                            | provider 
                    dictionary
                                                                 added in 2.5 |  | A dict object containing connection details. | 
                                                        
                                                |  | auth_provider 
                    string
                                                                 |  | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | 
                            
                                                |  | password 
                    string
                                             / required                     |  | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
 | 
                            
                                                |  | server 
                    string
                                             / required                     |  | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | 
                            
                                                |  | server_port 
                    integer
                                                                 | Default: 
 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | 
                            
                                                |  | ssh_keyfile 
                    path
                                                                 |  | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | 
                            
                                                |  | timeout 
                    integer
                                                                 |  | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | 
                            
                                                |  | transport 
                    string
                                                                 |  | Configures the transport connection to use when connecting to the remote device. | 
                            
                                                |  | user 
                    string
                                             / required                     |  | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | 
                            
                                                |  | validate_certs 
                    boolean
                                                                 |  | If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | 
                                            
                                                            | snat_pool 
                    string
                                                                 |  | Specifies the name of a SNAT pool used for implementing selective and intelligent SNATs. When nonethe system uses no SNAT pool for this network resource. When automapthe system uses all of the self IP addresses as the translation addresses for the pool. | 
                            
                                                            | split_tunnel 
                    boolean
                                                                 |  | Specifies that only the traffic targeted to a specified address space is sent over the network access tunnel. | 
                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absent | When stateispresent, ensures that the ACL exists. When stateisabsent, ensures that the ACL is removed. |