Private/New-P2PPhase2Interface.ps1

#Required by functions
#New-P2PTunnel
#New-P2PTunnelNAT
#New-DialUPTunnelDynamic
#New-DialUPTunnelStatic

<#
    .Description
    Create Phase 2 Interfaces for the Functions Listed in the Link help.
#>


Function New-P2PPhase2Interface {

    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true, HelpMessage = "Provide a Phase 2 Name in the format of <TunnelName P2 #>")]
        $PhaseName,
        [Parameter(Mandatory = $true, HelpMessage = "Provide a VPN Tunnel Name with a maximum 15 AlphaNumeric characters.")]
        $TunnelName,
        [Parameter(Mandatory = $true)]$Proposal,
        [Parameter(Mandatory = $true, HelpMessage = "Provide the Phase 2 Time to Live.")]
        $TTL,
        [Parameter(Mandatory = $true, HelpMessage = "Specify the Peer address for the Tunnel Peer.")]
        $dhgroups,
        [Parameter(Mandatory = $false, HelpMessage = "Specify the Source Address Object or Group Name.")]
        $SourceAddressName,
        [Parameter(Mandatory = $false, HelpMessage = "Specify the Destination Address Object or Group Name.")]
        $DestinationAddressName,
        [Parameter(Mandatory = $true, HelpMessage = "Specify if PFS should be enabled")]
        [ValidateSet('yes', 'no')]
        $PFS,
        [Parameter(Mandatory = $true, HelpMessage = "True or False option specifying if a wildcard selector should be used for the Phase 2 proposals.")]
        [ValidateSet('yes', 'no')]
        [string]$WildcardSelector
    )

    #If using a wildcard selector
    if ($WildcardSelector -eq 'yes') {
        if ($pfs -eq 'yes') {
            Write-Output "
config vpn ipsec phase2-interface
    edit ""$PhaseName""
        set phase1name ""$TunnelName""
        set proposal $Proposal
        set dhgrp $dhgroups
        set replay disable
        set keylifeseconds $TTL
        set src-addr-type subnet
        set dst-addr-type subnet
        set src-subnet 0.0.0.0 0.0.0.0
        set dst-subnet 0.0.0.0 0.0.0.0
    next
end"

        }
        else {
            Write-Output "
config vpn ipsec phase2-interface
    edit ""$PhaseName""
        set phase1name ""$TunnelName""
        set proposal $Proposal
        set pfs disable
        set replay disable
        set keylifeseconds $TTL
        set src-addr-type subnet
        set dst-addr-type subnet
        set src-subnet 0.0.0.0 0.0.0.0
        set dst-subnet 0.0.0.0 0.0.0.0
    next
end"

        }
    }

    # If not using a wildcard selector
    else {
        if ($pfs -eq 'yes') {
            Write-Output "
config vpn ipsec phase2-interface
    edit ""$PhaseName""
        set phase1name ""$TunnelName""
        set proposal $Proposal
        set dhgrp $dhgroups
        set replay disable
        set keylifeseconds $TTL
        set src-addr-type name
        set dst-addr-type name
        set src-name ""$SourceAddressName""
        set dst-name ""$DestinationAddressName""
    next
end"

        }
        else {
            Write-Output "
config vpn ipsec phase2-interface
    edit ""$PhaseName""
        set phase1name ""$TunnelName""
        set proposal $Proposal
        set pfs disable
        set replay disable
        set keylifeseconds $TTL
        set src-addr-type name
        set dst-addr-type name
        set src-name ""$SourceAddressName""
        set dst-name ""$DestinationAddressName""
    next
end"

        }
    }
}