Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell Put Script - Create Third Party VPN Peer

Solved
scubes
Conversationalist
‎Mar 23 2019 8:18 AM
‎Mar 23 2019 8:18 AM

Powershell Put Script - Create Third Party VPN Peer

I am using the following PowerShell code to attempt to create a Third Party VPN Peer in a Meraki organization.

 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json ; charset=utf-8'
	
}

$orgID = 'YYYYYYYYYYYYYYYYY'

$api = @{

	"endpoint" = 'https://nZZ.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url

$parms = [ordered]@{
	name = "VPN-PEER-NAME"
    publicIp = "1.1.1.1"
    privateSubnets = @(
        "10.0.1.1/32"
    )
    secret = "WWWWWWWWWWWWWWWWWWWWW"
    ipsecPolicies = @{
        ikeCipherAlgo = "aes256"
        ikeAuthAlgo = "sha1"
        ikeDiffieHellmanGroup = "group2"
        ikeLifetime = "28800"
        childCipherAlgo = "aes256"
        childAuthAlgo = "sha1"
        childPfsGroup = "disabled"
        childLifetime = "3600"
    }
}
$json = $parms | ConvertTo-Json
$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header
$change

Once I run that, I get the following error:

 

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At line:58 char:11
+ $change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Header ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

I was thinking that perhaps my json is incorrect. I've tried numerous different approaches to format it.

 

I am following this link for direction on the construction of the calls:

https://documenter.getpostman.com/view/897512/meraki-dashboard-api/2To9xm#c2d0ec2c-b1e9-4eaa-83eb-cf...

 

Now, I do note that this says "update" and not "create". So, that may be the issue as well....

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to BrechtSchamp
BrechtSchamp
Kind of a big deal
‎Mar 23 2019 11:28 AM
‎Mar 23 2019 11:28 AM

All right, I think I figured it out. The remaining issue was the depth of the JSON conversion.

 

Here's the working code:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json'
	
}

$orgID = 'XXXXXXXXXXXXXXXXXXXXXXXXX'

$api = @{

	"endpoint" = 'https://nXXX.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url



$parms =@(
[ordered]@{
		name = "My peer 2"
		publicIp = "123.123.123.1"
		privateSubnets = @(
			"192.168.13.0/24"
		)
		secret = "asdf1234"
		ipsecPolicies = [ordered]@{
			ikeCipherAlgo = @(
				"tripledes"
			)
			ikeAuthAlgo = @(
				"sha1"
			)
			ikeDiffieHellmanGroup = @(
				"group2"
			)
			ikeLifetime = "28800"
			childCipherAlgo = @(
				"aes128"
			)
			childAuthAlgo = @(
				"sha1"
			)
			childPfsGroup = @(
				"disabled"
			)
			childLifetime = "28800"
		}
	}
)

$json = ConvertTo-Json -Depth 5 -InputObject $parms 

$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header -Verbose
$change

Hope that helps.

View solution in original post

Subscribe
4 Replies 4
CN
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 23 2019 10:30 AM
‎Mar 23 2019 10:30 AM

From your specific example, it looks like you're missing [ ] brackets around your child cipher statements. As the dashboard takes multiple values you'll need to pass the values in as an array. Here's the JSON that I used when trying directly in postman. 

 

[
    {
        "name": "test",
        "publicIp": "1.1.1.1",
        "privateSubnets": [
            "10.1.1.1/32"
        ],
        "secret": "WWWWWW",
        "ipsecPolicies": {
            "ikeCipherAlgo": "aes256",
            "ikeAuthAlgo": "sha1",
            "ikeDiffieHellmanGroup": "group2",
            "ikeLifetime": "28800",
            "childCipherAlgo": [
                "aes256"
            ],
            "childAuthAlgo": [
                "sha1"
            ],
            "childPfsGroup": "disabled",
            "childLifetime": "3600"
        },
        "networkTags": [
            "all"
        ]
    }
]
Subscribe
In response to CN
BrechtSchamp
Kind of a big deal
‎Mar 23 2019 11:16 AM
‎Mar 23 2019 11:16 AM

I've been analyzing it a bit and I think apart from what @CN mentioned about the child ciphers I think you also need an array at the outermost level:

@(
   [ordered]@{
		name = "...
   }
)

 

I also noticed that for me postman puts not only the child ipsecPolicies in brackets but all of them except the 2 lifetime ones.

 

I also noticed that there's a difference in behavior between:

$json = $parms | ConvertTo-Json


$json = ConvertTo-Json -InputObject $parms

I couldn't get it to work with powershell myself either, I'm still experimenting...

0 Kudos
Subscribe
In response to BrechtSchamp
BrechtSchamp
Kind of a big deal
‎Mar 23 2019 11:28 AM
‎Mar 23 2019 11:28 AM

All right, I think I figured it out. The remaining issue was the depth of the JSON conversion.

 

Here's the working code:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX'

$header = @{
	
	"X-Cisco-Meraki-API-Key" = $api_key
	"Content-Type" = 'application/json'
	
}

$orgID = 'XXXXXXXXXXXXXXXXXXXXXXXXX'

$api = @{

	"endpoint" = 'https://nXXX.meraki.com/api/v0'

}

$api.url = '/organizations/' + $orgID + '/thirdPartyVPNPeers'
$uri = $api.endpoint + $api.url



$parms =@(
[ordered]@{
		name = "My peer 2"
		publicIp = "123.123.123.1"
		privateSubnets = @(
			"192.168.13.0/24"
		)
		secret = "asdf1234"
		ipsecPolicies = [ordered]@{
			ikeCipherAlgo = @(
				"tripledes"
			)
			ikeAuthAlgo = @(
				"sha1"
			)
			ikeDiffieHellmanGroup = @(
				"group2"
			)
			ikeLifetime = "28800"
			childCipherAlgo = @(
				"aes128"
			)
			childAuthAlgo = @(
				"sha1"
			)
			childPfsGroup = @(
				"disabled"
			)
			childLifetime = "28800"
		}
	}
)

$json = ConvertTo-Json -Depth 5 -InputObject $parms 

$change = Invoke-RestMethod -Method Put -Uri $uri -Body $json -Headers $header -Verbose
$change

Hope that helps.

Subscribe
In response to BrechtSchamp
scubes
Conversationalist
‎Mar 23 2019 2:25 PM
‎Mar 23 2019 2:25 PM

Thanks everyone! I would have *never* figured that out!

 

Amazing help!

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.