Meraki

Community

Powershell Put Script - Create Third Party VPN Peer

Solved
scubes
Conversationalist
‎Mar 23 2019 8:18 AM
‎Mar 23 2019 8:18 AM

Powershell Put Script - Create Third Party VPN Peer

I am using the following PowerShell code to attempt to create a Third Party VPN Peer in a Meraki organization.

 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json ; charset=utf-8'
	
}

$orgID = 'YYYYYYYYYYYYYYYYY'

$api = @{

	"endpoint" = 'https://nZZ.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url

$parms = [ordered]@{
	name = "VPN-PEER-NAME"
    publicIp = "1.1.1.1"
    privateSubnets = @(
        "10.0.1.1/32"
    )
    secret = "WWWWWWWWWWWWWWWWWWWWW"
    ipsecPolicies = @{
        ikeCipherAlgo = "aes256"
        ikeAuthAlgo = "sha1"
        ikeDiffieHellmanGroup = "group2"
        ikeLifetime = "28800"
        childCipherAlgo = "aes256"
        childAuthAlgo = "sha1"
        childPfsGroup = "disabled"
        childLifetime = "3600"
    }
}
$json = $parms | ConvertTo-Json
$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header
$change

Once I run that, I get the following error:

 

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At line:58 char:11
+ $change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Header ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

I was thinking that perhaps my json is incorrect. I've tried numerous different approaches to format it.

 

I am following this link for direction on the construction of the calls:

https://documenter.getpostman.com/view/897512/meraki-dashboard-api/2To9xm#c2d0ec2c-b1e9-4eaa-83eb-cf...

 

Now, I do note that this says "update" and not "create". So, that may be the issue as well....

Labels:
0 Kudos
1 Accepted Solution
In response to BrechtSchamp
BrechtSchamp
Kind of a big deal
‎Mar 23 2019 11:28 AM
‎Mar 23 2019 11:28 AM

All right, I think I figured it out. The remaining issue was the depth of the JSON conversion.

 

Here's the working code:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json'
	
}

$orgID = 'XXXXXXXXXXXXXXXXXXXXXXXXX'

$api = @{

	"endpoint" = 'https://nXXX.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url



$parms =@(
[ordered]@{
		name = "My peer 2"
		publicIp = "123.123.123.1"
		privateSubnets = @(
			"192.168.13.0/24"
		)
		secret = "asdf1234"
		ipsecPolicies = [ordered]@{
			ikeCipherAlgo = @(
				"tripledes"
			)
			ikeAuthAlgo = @(
				"sha1"
			)
			ikeDiffieHellmanGroup = @(
				"group2"
			)
			ikeLifetime = "28800"
			childCipherAlgo = @(
				"aes128"
			)
			childAuthAlgo = @(
				"sha1"
			)
			childPfsGroup = @(
				"disabled"
			)
			childLifetime = "28800"
		}
	}
)

$json = ConvertTo-Json -Depth 5 -InputObject $parms 

$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header -Verbose
$change

Hope that helps.

View solution in original post

4 Replies 4
CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 23 2019 10:30 AM
‎Mar 23 2019 10:30 AM

From your specific example, it looks like you're missing [ ] brackets around your child cipher statements. As the dashboard takes multiple values you'll need to pass the values in as an array. Here's the JSON that I used when trying directly in postman. 

 

[
    {
        "name": "test",
        "publicIp": "1.1.1.1",
        "privateSubnets": [
            "10.1.1.1/32"
        ],
        "secret": "WWWWWW",
        "ipsecPolicies": {
            "ikeCipherAlgo": "aes256",
            "ikeAuthAlgo": "sha1",
            "ikeDiffieHellmanGroup": "group2",
            "ikeLifetime": "28800",
            "childCipherAlgo": [
                "aes256"
            ],
            "childAuthAlgo": [
                "sha1"
            ],
            "childPfsGroup": "disabled",
            "childLifetime": "3600"
        },
        "networkTags": [
            "all"
        ]
    }
]
In response to CN
BrechtSchamp
Kind of a big deal
‎Mar 23 2019 11:16 AM
‎Mar 23 2019 11:16 AM

I've been analyzing it a bit and I think apart from what @CN mentioned about the child ciphers I think you also need an array at the outermost level:

@(
   [ordered]@{
		name = "...
   }
)

 

I also noticed that for me postman puts not only the child ipsecPolicies in brackets but all of them except the 2 lifetime ones.

 

I also noticed that there's a difference in behavior between:

$json = $parms | ConvertTo-Json


$json = ConvertTo-Json -InputObject $parms

I couldn't get it to work with powershell myself either, I'm still experimenting...

0 Kudos
In response to BrechtSchamp
BrechtSchamp
Kind of a big deal
‎Mar 23 2019 11:28 AM
‎Mar 23 2019 11:28 AM

All right, I think I figured it out. The remaining issue was the depth of the JSON conversion.

 

Here's the working code:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json'
	
}

$orgID = 'XXXXXXXXXXXXXXXXXXXXXXXXX'

$api = @{

	"endpoint" = 'https://nXXX.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url



$parms =@(
[ordered]@{
		name = "My peer 2"
		publicIp = "123.123.123.1"
		privateSubnets = @(
			"192.168.13.0/24"
		)
		secret = "asdf1234"
		ipsecPolicies = [ordered]@{
			ikeCipherAlgo = @(
				"tripledes"
			)
			ikeAuthAlgo = @(
				"sha1"
			)
			ikeDiffieHellmanGroup = @(
				"group2"
			)
			ikeLifetime = "28800"
			childCipherAlgo = @(
				"aes128"
			)
			childAuthAlgo = @(
				"sha1"
			)
			childPfsGroup = @(
				"disabled"
			)
			childLifetime = "28800"
		}
	}
)

$json = ConvertTo-Json -Depth 5 -InputObject $parms 

$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header -Verbose
$change

Hope that helps.

In response to BrechtSchamp
scubes
Conversationalist
‎Mar 23 2019 2:25 PM
‎Mar 23 2019 2:25 PM

Thanks everyone! I would have *never* figured that out!

 

Amazing help!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.