Can't update local routes on VPN concentrator?

tech_monkey
Conversationalist

Can't update local routes on VPN concentrator?

Hello,

 

I'm working on automating the local routes that we advertise from our VPN concentrators. I can successfully pull a GET for the local networks being advertised into the Meraki VPN. Something along the lines of the following:

[{'localSubnet': 'x.x.x.x/32', 'useVpn': True}, {'localSubnet': 'y.y.y.y/24', 'useVpn': True}]

 

When I try to do an Update api call I get the following:

Unrecognized subnet x.x.x.x/32 for Passthrough MX - only Client VPN subnet(s) permitted

 

Which seemed odd. Even if I try to push the same exact configuration back up it fails. Looking at the documentation here I realized this endpoint is only for NAT networks. Is there another endpoint for updating the advertised routes from a concentrator/passthrough network? Or perhaps I'm using it incorrectly?

 

Thanks,

Chris

3 REPLIES 3
ww
Kind of a big deal
Kind of a big deal

Think it was this one. Try send only the subnet. (Not the name)

 

https://developer.cisco.com/meraki/api-latest/#!get-network-appliance-vpn-site-to-site-vpn

tech_monkey
Conversationalist

Hi ww,

 

Thank you for the reply, I might be misunderstanding. The GET call functions fine and I can retrieve the VPN configuration and the subnets being advertised. When I try the update call I get the same error as above. I have been using the python sdk originally but here is a test snippet for what I'm doing:

 

api_key = "apikey"
test_vmx = "vmx_network_id"

def manual():
    import requests

    url = f"https://api.meraki.cn/api/v1/networks/{test_vmx}/appliance/vpn/siteToSiteVpn"

    payload = json.dumps({
    "mode": "hub",
    "hubs": [],
    "subnets": [
            {
                "localSubnet": "192.168.1.0/24",
                "useVpn": True
            },
            {
                "localSubnet": "192.168.128.0/24",
                "useVpn": True
            }
        ]
    })

    headers = {"X-Cisco-Meraki-API-Key":api_key, "Content-Type":"application/json", "Accept":"application/json"}

    response = requests.request("PUT", url, headers=headers, data=payload)

    print(response.text)

manual()

 The above prints:

{"errors":["Unrecognized subnet 192.168.1.0/24 for Passthrough MX - only Client VPN subnet(s) permitted"]}

 

The expected behavior would be to replace any existing advertised local networks and replace them with the two 192.x networks.

 

A separate discussion: it would be nice to be able to also include the name in this call. But I can live without that for now.

 

Thanks,

Chris

ww
Kind of a big deal
Kind of a big deal

I get the same "error"

Im not sure if i used this put before.. so cant tell if it has ever worked.

 

Get notified when there are additional replies to this discussion.