Powershell Put Script - Create Third Party VPN Peer

SOLVED
scubes
Conversationalist

Powershell Put Script - Create Third Party VPN Peer

I am using the following PowerShell code to attempt to create a Third Party VPN Peer in a Meraki organization.

 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json ; charset=utf-8'
	
}

$orgID = 'YYYYYYYYYYYYYYYYY'

$api = @{

	"endpoint" = 'https://nZZ.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url

$parms = [ordered]@{
	name = "VPN-PEER-NAME"
    publicIp = "1.1.1.1"
    privateSubnets = @(
        "10.0.1.1/32"
    )
    secret = "WWWWWWWWWWWWWWWWWWWWW"
    ipsecPolicies = @{
        ikeCipherAlgo = "aes256"
        ikeAuthAlgo = "sha1"
        ikeDiffieHellmanGroup = "group2"
        ikeLifetime = "28800"
        childCipherAlgo = "aes256"
        childAuthAlgo = "sha1"
        childPfsGroup = "disabled"
        childLifetime = "3600"
    }
}
$json = $parms | ConvertTo-Json
$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header
$change

Once I run that, I get the following error:

 

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At line:58 char:11
+ $change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Header ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

I was thinking that perhaps my json is incorrect. I've tried numerous different approaches to format it.

 

I am following this link for direction on the construction of the calls:

https://documenter.getpostman.com/view/897512/meraki-dashboard-api/2To9xm#c2d0ec2c-b1e9-4eaa-83eb-cf...

 

Now, I do note that this says "update" and not "create". So, that may be the issue as well....

1 ACCEPTED SOLUTION

All right, I think I figured it out. The remaining issue was the depth of the JSON conversion.

 

Here's the working code:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json'
	
}

$orgID = 'XXXXXXXXXXXXXXXXXXXXXXXXX'

$api = @{

	"endpoint" = 'https://nXXX.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url



$parms =@(
[ordered]@{
		name = "My peer 2"
		publicIp = "123.123.123.1"
		privateSubnets = @(
			"192.168.13.0/24"
		)
		secret = "asdf1234"
		ipsecPolicies = [ordered]@{
			ikeCipherAlgo = @(
				"tripledes"
			)
			ikeAuthAlgo = @(
				"sha1"
			)
			ikeDiffieHellmanGroup = @(
				"group2"
			)
			ikeLifetime = "28800"
			childCipherAlgo = @(
				"aes128"
			)
			childAuthAlgo = @(
				"sha1"
			)
			childPfsGroup = @(
				"disabled"
			)
			childLifetime = "28800"
		}
	}
)

$json = ConvertTo-Json -Depth 5 -InputObject $parms 

$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header -Verbose
$change

Hope that helps.

View solution in original post

4 REPLIES 4
CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)

From your specific example, it looks like you're missing [ ] brackets around your child cipher statements. As the dashboard takes multiple values you'll need to pass the values in as an array. Here's the JSON that I used when trying directly in postman. 

 

[
    {
        "name": "test",
        "publicIp": "1.1.1.1",
        "privateSubnets": [
            "10.1.1.1/32"
        ],
        "secret": "WWWWWW",
        "ipsecPolicies": {
            "ikeCipherAlgo": "aes256",
            "ikeAuthAlgo": "sha1",
            "ikeDiffieHellmanGroup": "group2",
            "ikeLifetime": "28800",
            "childCipherAlgo": [
                "aes256"
            ],
            "childAuthAlgo": [
                "sha1"
            ],
            "childPfsGroup": "disabled",
            "childLifetime": "3600"
        },
        "networkTags": [
            "all"
        ]
    }
]
BrechtSchamp
Kind of a big deal

I've been analyzing it a bit and I think apart from what @CN mentioned about the child ciphers I think you also need an array at the outermost level:

@(
   [ordered]@{
		name = "...
   }
)

 

I also noticed that for me postman puts not only the child ipsecPolicies in brackets but all of them except the 2 lifetime ones.

 

I also noticed that there's a difference in behavior between:

$json = $parms | ConvertTo-Json


$json = ConvertTo-Json -InputObject $parms

I couldn't get it to work with powershell myself either, I'm still experimenting...

All right, I think I figured it out. The remaining issue was the depth of the JSON conversion.

 

Here's the working code:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json'
	
}

$orgID = 'XXXXXXXXXXXXXXXXXXXXXXXXX'

$api = @{

	"endpoint" = 'https://nXXX.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url



$parms =@(
[ordered]@{
		name = "My peer 2"
		publicIp = "123.123.123.1"
		privateSubnets = @(
			"192.168.13.0/24"
		)
		secret = "asdf1234"
		ipsecPolicies = [ordered]@{
			ikeCipherAlgo = @(
				"tripledes"
			)
			ikeAuthAlgo = @(
				"sha1"
			)
			ikeDiffieHellmanGroup = @(
				"group2"
			)
			ikeLifetime = "28800"
			childCipherAlgo = @(
				"aes128"
			)
			childAuthAlgo = @(
				"sha1"
			)
			childPfsGroup = @(
				"disabled"
			)
			childLifetime = "28800"
		}
	}
)

$json = ConvertTo-Json -Depth 5 -InputObject $parms 

$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header -Verbose
$change

Hope that helps.

Thanks everyone! I would have *never* figured that out!

 

Amazing help!

Get notified when there are additional replies to this discussion.