VPN Static Routes through API

SOLVED
PAULPAT
Conversationalist

VPN Static Routes through API

I am trying to go  through to Meraki API to turn up an existing static route on the site-to-site VPN of the MX-65 device. Is there a way that this can be done?

 

I have no issues pulling the information using the API, but I can only turn up the VPN via the API if the subnet is local to the Meraki, otherwise I get a page can't be found error. 

1 ACCEPTED SOLUTION

Yes, in my case the static route is defined in the hub. However that shouldn't really matter. You just need to make sure that you're using the correct networkId in the API call... i.e. the network in which the static route was defined.

 

In the case of a spoke, the hubs are obligatory as well which may be the problem in your case. You're just getting an Error 404 which isn't very helpful indeed.

 

Here's another test I did for you:

2019-06-28 17_50_03-Greenshot.png

 

I'd try it out in postman first. Also, copy the body from the GET call to make it easier to generate the correct body for the PUT. Once it's running in postman, translate it into a python script.

View solution in original post

7 REPLIES 7
BrechtSchamp
Kind of a big deal

Hi Paul,

 

Can you rephrase the question? What do you mean with "turn up"?

For the MX-65 device...under Site-to-Site VPN option, there is a section called VPN Settings. There you have the option to select 'Yes' or 'No' for the Use VPN option. Using the portal you can opt to select the to use VPN regardless if the subnet is local to the meraki device or is a static route that can be configured under the Addressing & VLANs section. 

 

If you are trying to change the option to 'Yes' for Use VPN going through the API, it only allows you to change this option for locally connected subnets and not any static routes configured. 

 

I was wondering if anyone an a workaround for automating changing the Use VPN for static routes. 

 

Use VPN.PNG

Oh I see.

 

Well I just tested it and I can change "no" to "yes" for a subnet that gets added automatically by a static route. I did notice that the "mode" parameter in the body is obligatory.

 

Here's what I tested succesfully, that 10.28.0.0/16 is a static route I have defined on my MX, it's not a local subnet:

2019-06-28 16_51_27-Postman.png

What error comes up?


It looks as if you are running this through the hub. I currently have multiple devices that are running as spokes going back to a "VPN concentrator" HUB at my data center. The spokes are advertising the local subnets back to the data center HUB.  

 

I am also running a python script being that I have multiple locations that vary in IP scheme. Below are the results that I get. 

VPN error.PNG

Yes, in my case the static route is defined in the hub. However that shouldn't really matter. You just need to make sure that you're using the correct networkId in the API call... i.e. the network in which the static route was defined.

 

In the case of a spoke, the hubs are obligatory as well which may be the problem in your case. You're just getting an Error 404 which isn't very helpful indeed.

 

Here's another test I did for you:

2019-06-28 17_50_03-Greenshot.png

 

I'd try it out in postman first. Also, copy the body from the GET call to make it easier to generate the correct body for the PUT. Once it's running in postman, translate it into a python script.

You are absolutely correct. I was able to correct the static route via Postman. I think the issue may have been that I was not correctly I identifying the hubs. I just have to modify it to the python script. 

 

Thanks a lot for your help on this!

Glad I could be of help!

Get notified when there are additional replies to this discussion.