cisco.meraki.meraki_mx_third_party_vpn_peers module – Manage third party (IPSec) VPN peers for MX devices
Note
This module is part of the cisco.meraki collection (version 2.8.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.meraki
.
To use it in a playbook, specify: cisco.meraki.meraki_mx_third_party_vpn_peers
.
Parameters
Parameter |
Comments |
---|---|
Authentication key provided by the dashboard. Required if environmental variable |
|
Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. Default: “api.meraki.com” |
|
Number of seconds to retry if server returns an internal server error. Default: 60 |
|
ID of organization. |
|
Name of organization. |
|
Instructs module whether response keys should be snake case (ex. Choices:
|
|
Set amount of debug output during module execution. Choices:
|
|
The list of VPN peers. |
|
The IKE version to be used for the IPsec VPN peer configuration. Choices:
|
|
Custom IPSec policies for the VPN peer. If not included and a preset has not been chosen, the default preset for IPSec policies will be used. |
|
This is the authentication algorithms to be used in Phase 2. Choices:
|
|
This is the cipher algorithms to be used in Phase 2. Choices:
|
|
The lifetime of the Phase 2 SA in seconds. |
|
This is the Diffie-Hellman group to be used for Perfect Forward Secrecy in Phase 2. Choices:
|
|
This is the authentication algorithm to be used in Phase 1. Choices:
|
|
This is the cipher algorithm to be used in Phase 1. Choices:
|
|
This is the Diffie-Hellman group to be used in Phase 1. Choices:
|
|
The lifetime of the Phase 1 SA in seconds. |
|
This is the pseudo-random function to be used in IKE_SA. Choices:
|
|
Specifies IPsec preset values. If this is provided, the ‘ipsecPolicies’ parameter is ignored. Choices:
|
|
The name of the VPN peer. Required when state is present. |
|
A list of network tags that will connect with this peer. If not included, the default is [‘all’]. |
|
The list of the private subnets of the VPN peer. Required when state is present. |
|
The public IP of the VPN peer. Required when state is present. |
|
The remote ID is used to identify the connecting VPN peer. This can either be a valid IPv4 Address, FQDN or User FQDN. |
|
The shared secret with the VPN peer. Required when state is present. |
|
Number of seconds to retry if rate limiter is triggered. Default: 165 |
|
Specifies whether object should be queried, created/modified, or removed. Choices:
|
|
Time to timeout for HTTP requests. Default: 30 |
|
If Only useful for internal Meraki developers. Choices:
|
|
If Choices:
|
|
Whether to validate HTTP certificates. Choices:
|
Notes
Note
More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki.
As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
.Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples
- name: Query all VPN peers
meraki_mx_third_party_vpn_peers:
auth_key: abc123
state: query
org_name: orgName
- name: Create VPN peer with an IPsec policy
meraki_mx_third_party_vpn_peers:
auth_key: abc123
state: present
org_name: orgName
peers:
- name: "Test peer"
public_ip: "198.51.100.1"
secret: "s3cret"
private_subnets:
- "192.0.2.0/24"
ike_version: "2"
network_tags:
- none
remote_id: "192.0.2.0"
ipsec_policies:
child_lifetime: 600
ike_lifetime: 600
child_auth_algo:
- "md5"
child_cipher_algo:
- "tripledes"
- "aes192"
child_pfs_group:
- "disabled"
ike_auth_algo:
- "sha256"
ike_cipher_algo:
- "tripledes"
ike_diffie_hellman_group:
- "group2"
ike_prf_algo:
- "prfmd5"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Information about the organization which was created or modified Returned: success |
|
IP address of Meraki appliance in the VLAN Returned: success Sample: “192.0.1.1” |
|
IP address or Meraki defined DNS servers which VLAN should use by default Returned: success Sample: “upstream_dns” |
|
The list of VPN peers. Returned: success |
|
The IKE version to be used for the IPsec VPN peer configuration. Returned: success Sample: “1” |
|
Custom IPSec policies for the VPN peer. Returned: success |
|
This is the authentication algorithms to be used in Phase 2. Returned: success Sample: [“sha1”] |
|
This is the cipher algorithms to be used in Phase 2. Returned: success Sample: [“aes192”] |
|
The lifetime of the Phase 2 SA in seconds. Returned: success Sample: “60” |
|
This is the Diffie-Hellman group to be used for Perfect Forward Secrecy in Phase 2. Returned: success Sample: [“group14”] |
|
This is the authentication algorithm to be used in Phase 1. Returned: success Sample: [“sha1”] |
|
This is the cipher algorithm to be used in Phase 1. Returned: success Sample: [“aes128”] |
|
This is the Diffie-Hellman group to be used in Phase 1. Returned: success Sample: [“group14”] |
|
The lifetime of the Phase 1 SA in seconds. Returned: success Sample: “60” |
|
This is the pseudo-random function to be used in IKE_SA. Returned: success Sample: [“prfmd5”] |
|
Preconfigured IPsec settings. Returned: success Sample: “aws” |
|
The name of the VPN peer. Returned: success Sample: “MyVPNPeer” |
|
A list of network tags that will connect with this peer. Returned: success Sample: [“all”] |
|
The list of the private subnets of the VPN peer. Returned: success Sample: [“192.0.2.0/24”] |
|
The public IP of the VPN peer. Returned: success Sample: “198.51.100.1” |
|
The remote ID is used to identify the connecting VPN peer. Returned: success Sample: “s3cret” |
Authors
Kevin Breit (@kbreit)