Terraform: IPsec site creation with Responder-only and destination type FQDN possible?

Hi Christian,

I hope the info is still useful as it has been a while since you asked.

Here is a working example of a module to achieve what you require.
Currently it seems we need to update the provider as it requires us to give a value for "primary_cato_pop_ip" when in this example it is not actually needed. If you just use any allocated IP from your account it should suffice. 

module "ipsec-generic-ha-fully-customized" {

source = "catonetworks/ipsec-generic/cato"

ha_tunnels = false

site_name = "My-Cato-IPSec-Site-ha"

site_description = "IPSec Example Site"

native_network_range = "172.100.0.0/24"

primary_cato_pop_ip = "216.252.178.46" # Currently required but will be removed in a future version of the module, you can use the IP of any Cato IP address in your accounts Allocation.

primary_pop_location_id = "19" # Primary POP Location ID (e.g., 19 for London)

cato_local_networks = ["10.41.0.0/16", "10.254.254.0/24"]

peer_networks = ["servers:172.100.0.0/24", "desktops:172.100.1.0/24"]

peer_primary_public_ip = null

peer_secondary_public_ip = null

cato_connectionMode = "RESPONDER_ONLY"

primary_destination_type = "FQDN"

cato_identificationType = "FQDN"

downstream_bw = 100

upstream_bw = 100

site_location = {

city = "New York City"

country_code = "US"

state_code = "US-NY"

timezone = "America/New_York"

}

}