Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can't update local routes on VPN concentrator?

tech_monkey
Conversationalist
‎Apr 11 2022 1:01 PM
‎Apr 11 2022 1:01 PM

Can't update local routes on VPN concentrator?

Hello,

 

I'm working on automating the local routes that we advertise from our VPN concentrators. I can successfully pull a GET for the local networks being advertised into the Meraki VPN. Something along the lines of the following:

[{'localSubnet': 'x.x.x.x/32', 'useVpn': True}, {'localSubnet': 'y.y.y.y/24', 'useVpn': True}]

 

When I try to do an Update api call I get the following:

Unrecognized subnet x.x.x.x/32 for Passthrough MX - only Client VPN subnet(s) permitted

 

Which seemed odd. Even if I try to push the same exact configuration back up it fails. Looking at the documentation here I realized this endpoint is only for NAT networks. Is there another endpoint for updating the advertised routes from a concentrator/passthrough network? Or perhaps I'm using it incorrectly?

 

Thanks,

Chris

0 Kudos
Subscribe
3 Replies 3
ww
Kind of a big deal
Kind of a big deal
‎Apr 11 2022 1:08 PM
‎Apr 11 2022 1:08 PM

Think it was this one. Try send only the subnet. (Not the name)

 

https://developer.cisco.com/meraki/api-latest/#!get-network-appliance-vpn-site-to-site-vpn

0 Kudos
Subscribe
In response to ww
tech_monkey
Conversationalist
‎Apr 11 2022 2:05 PM
‎Apr 11 2022 2:05 PM

Hi ww,

 

Thank you for the reply, I might be misunderstanding. The GET call functions fine and I can retrieve the VPN configuration and the subnets being advertised. When I try the update call I get the same error as above. I have been using the python sdk originally but here is a test snippet for what I'm doing:

 

api_key = "apikey"
test_vmx = "vmx_network_id"

def manual():
    import requests

    url = f"https://api.meraki.cn/api/v1/networks/{test_vmx}/appliance/vpn/siteToSiteVpn"

    payload = json.dumps({
    "mode": "hub",
    "hubs": [],
    "subnets": [
            {
                "localSubnet": "192.168.1.0/24",
                "useVpn": True
            },
            {
                "localSubnet": "192.168.128.0/24",
                "useVpn": True
            }
        ]
    })

    headers = {"X-Cisco-Meraki-API-Key":api_key, "Content-Type":"application/json", "Accept":"application/json"}

    response = requests.request("PUT", url, headers=headers, data=payload)

    print(response.text)

manual()

 The above prints:

{"errors":["Unrecognized subnet 192.168.1.0/24 for Passthrough MX - only Client VPN subnet(s) permitted"]}

 

The expected behavior would be to replace any existing advertised local networks and replace them with the two 192.x networks.

 

A separate discussion: it would be nice to be able to also include the name in this call. But I can live without that for now.

 

Thanks,

Chris

0 Kudos
Subscribe
In response to tech_monkey
ww
Kind of a big deal
Kind of a big deal
‎Apr 12 2022 4:57 AM
‎Apr 12 2022 4:57 AM

I get the same "error"

Im not sure if i used this put before.. so cant tell if it has ever worked.

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.