cisco.meraki.organizations_appliance_vpn_third_party_vpnpeers module -- Resource module for organizations _appliance _vpn _thirdpartyvpnpeers
Note
This module is part of the cisco.meraki collection (version 2.22.0).
To install it, use: ansible-galaxy collection install cisco.meraki.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.meraki.organizations_appliance_vpn_third_party_vpnpeers.
New in cisco.meraki 1.0.0
Synopsis
Manage operation update of the resource organizations _appliance _vpn _thirdpartyvpnpeers.
Update the third party VPN peers for an organization.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
meraki >= 2.4.9
python >= 3.5
Parameters
Parameter |
Comments |
|---|---|
meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time Default: :ansible-option-default:`60` |
|
meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY |
|
meraki_base_url (string), preceding all endpoint resources Default: :ansible-option-default:`"https://api.meraki.com/api/v1"` |
|
meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID Default: :ansible-option-default:`""` |
|
meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy Default: :ansible-option-default:`""` |
|
meraki_inherit_logging_config (boolean), Inherits your own logger instance Choices: |
|
meraki_log_file_prefix (string), log file name appended with date and timestamp |
|
log_path (string), path to output log; by default, working directory of script if not specified Default: :ansible-option-default:`""` |
|
meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors Default: :ansible-option-default:`2` |
|
meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time Default: :ansible-option-default:`60` |
|
meraki_output_log (boolean), create an output log file? Choices: |
|
meraki_print_console (boolean), print logging output to console? Choices: |
|
meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS Default: :ansible-option-default:`""` |
|
meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)? Choices: |
|
meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time Default: :ansible-option-default:`60` |
|
meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? Choices: |
|
meraki_single_request_timeout (integer), maximum number of seconds for each API call Default: :ansible-option-default:`60` |
|
meraki_suppress_logging (boolean), disable all logging? you're on your own then! Choices: |
|
meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items Choices: |
|
meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered? Choices: |
|
OrganizationId path parameter. Organization ID. |
|
The list of VPN peers. |
|
Optional The BGP neighbor configuration for the VPN peer. Supported only for MX 19.1 and above. |
|
The eBGP hold timer in seconds for each neighbor. The eBGP hold timer must be an integer between 12 and 240. |
|
Configure this if the neighbor is not adjacent. The eBGP multi-hop must be an integer between 1 and 255. |
|
The IP version of the neighbor. |
|
Configures the local metric associated with routes received from the remote peer. Routes from peers with lower metrics are will be preferred. Must be an integer between 0 and 4294967295. MED is 6th in the decision tree when identical routes from multiple peers exist. |
|
IPv4/IPv6 address of the neighbor. |
|
Prepends the AS_PATH BGP Attribute associated with routes received from the remote peer. Configurable value of ASNs to prepend. Length of the array may not exceed 10, and each ASN in the array must be an integer between 1 and 4294967295. AS_PATH is 4th in the decision tree when identical routes from multiple peers exist. |
|
Remote ASN of the neighbor. The remote ASN must be an integer between 1 and 4294967295. |
|
Source IP of eBGP neighbor. |
|
Configures the local metric associated with routes received from the remote peer. Routes from peers with lower metrics are will be preferred. Must be an integer between 0 and 4294967295. MED is 6th in the decision tree when identical routes from multiple peers exist. |
|
Optional Contains the mapping between primary tunnel and backup tunnels. |
|
Optional Both primary and backup tunnels are active. Choices: |
|
Optional Contains the failover configuration for the group. |
|
Optional When both primary and backup tunnels are down, direct traffic to the internet. Traffic will be routed via the WAN. Choices: |
|
Optional Represents the ordering of primary and backup tunnels group. Primary and backup tunnels are grouped by this number. If you submit a request with the numbers 1, 9, 999, these numbers will be automatically adjusted to a sequential order starting from 1. So, they will be changed to 1, 2, 3 to reflect their positions in the sequence. |
|
Optional The IKE version to be used for the IPsec VPN peer configuration. Defaults to '1' when omitted. |
|
Custom IPSec policies for the VPN peer. If not included and a preset has not been chosen, the default preset for IPSec policies will be used. |
|
This is the authentication algorithms to be used in Phase 2. The value should be an array with one of the following algorithms 'sha256', 'sha1', 'md5'. |
|
This is the cipher algorithms to be used in Phase 2. The value should be an array with one or more of the following algorithms 'aes256', 'aes192', 'aes128', 'tripledes', 'des', 'null'. |
|
The lifetime of the Phase 2 SA in seconds. |
|
This is the Diffie-Hellman group to be used for Perfect Forward Secrecy in Phase 2. The value should be an array with one of the following values 'disabled','group14', 'group5', 'group2', 'group1'. |
|
This is the authentication algorithm to be used in Phase 1. The value should be an array with one of the following algorithms 'sha256', 'sha1', 'md5'. |
|
This is the cipher algorithm to be used in Phase 1. The value should be an array with one of the following algorithms 'aes256', 'aes192', 'aes128', 'tripledes', 'des'. |
|
This is the Diffie-Hellman group to be used in Phase 1. The value should be an array with one of the following algorithms 'group14', 'group5', 'group2', 'group1'. |
|
The lifetime of the Phase 1 SA in seconds. |
|
Optional This is the pseudo-random function to be used in IKE_SA. The value should be an array with one of the following algorithms 'prfsha256', 'prfsha1', 'prfmd5', 'default'. The 'default' option can be used to default to the Authentication algorithm. |
|
One of the following available presets 'default', 'aws', 'azure', 'umbrella', 'zscaler'. If this is provided, the 'ipsecPolicies' parameter is ignored. |
|
Optional If true, the VPN peer is route-based. If not included, the default is false. Supported only for MX 19.1 and above. Choices: |
|
Optional The local ID is used to identify the MX to the peer. This will apply to all MXs this peer applies to. |
|
The name of the VPN peer. |
|
Optional A list of network Names and IDs that will connect with this peer. Supported only for MX 19.1 and above. |
|
Optional A list of network IDs. |
|
A list of network tags that will connect with this peer. Use 'all' for all networks. Use 'none' for no networks. If not included, the default is 'all'. |
|
The ID of the IPsec peer. |
|
Optional Represents the order of peer inside a group. If you submit a request with the numbers 1, 9, 999, these numbers will be automatically adjusted to a sequential order starting from 1. So, they will be changed to 1, 2, 3 to reflect their positions in the sequence. |
|
The list of the private subnets of the VPN peer. |
|
Optional The public hostname of the VPN peer. |
|
Optional The public IP of the VPN peer. |
|
Optional The remote ID is used to identify the connecting VPN peer. This can either be a valid IPv4 Address, FQDN or User FQDN. |
|
The shared secret with the VPN peer. |
|
Optional Information about the SLA policy to be applied to the peer. |
|
The ID of the SLA policy. |
Notes
Note
SDK Method used are appliance.Appliance.update_organization_appliance_vpn_third_party_vpnpeers,
Paths used are put /organizations/{organizationId}/appliance/vpn/thirdPartyVPNPeers,
Does not support
check_modeThe plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager
from Cisco Dashboard API Python(SDK)
The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection
See Also
See also
- Cisco Meraki documentation for appliance updateOrganizationApplianceVpnThirdPartyVPNPeers
Complete reference of the updateOrganizationApplianceVpnThirdPartyVPNPeers API.
Examples
- name: Update all
cisco.meraki.organizations_appliance_vpn_third_party_vpnpeers:
meraki_api_key: "{{ meraki_api_key }}"
meraki_base_url: "{{ meraki_base_url }}"
meraki_single_request_timeout: "{{ meraki_single_request_timeout }}"
meraki_certificate_path: "{{ meraki_certificate_path }}"
meraki_requests_proxy: "{{ meraki_requests_proxy }}"
meraki_wait_on_rate_limit: "{{ meraki_wait_on_rate_limit }}"
meraki_nginx_429_retry_wait_time: "{{ meraki_nginx_429_retry_wait_time }}"
meraki_action_batch_retry_wait_time: "{{ meraki_action_batch_retry_wait_time }}"
meraki_retry_4xx_error: "{{ meraki_retry_4xx_error }}"
meraki_retry_4xx_error_wait_time: "{{ meraki_retry_4xx_error_wait_time }}"
meraki_maximum_retries: "{{ meraki_maximum_retries }}"
meraki_output_log: "{{ meraki_output_log }}"
meraki_log_file_prefix: "{{ meraki_log_file_prefix }}"
meraki_log_path: "{{ meraki_log_path }}"
meraki_print_console: "{{ meraki_print_console }}"
meraki_suppress_logging: "{{ meraki_suppress_logging }}"
meraki_simulate: "{{ meraki_simulate }}"
meraki_be_geo_id: "{{ meraki_be_geo_id }}"
meraki_caller: "{{ meraki_caller }}"
meraki_use_iterator_for_get_pages: "{{ meraki_use_iterator_for_get_pages }}"
meraki_inherit_logging_config: "{{ meraki_inherit_logging_config }}"
state: present
organizationId: string
peers:
- ebgpNeighbor:
ebgpHoldTimer: 180
ebgpMultihop: 2
ipVersion: 4
multiExitDiscriminator: 1
neighborIp: 10.10.10.22
pathPrepend:
- 1
- 2
remoteAsNumber: 64343
sourceIp: 10.10.10.22
weight: 10
group:
activeActiveTunnel: true
failover:
directToInternet: true
number: 1
ikeVersion: '2'
ipsecPolicies:
childAuthAlgo:
- sha1
childCipherAlgo:
- aes128
childLifetime: 28800
childPfsGroup:
- disabled
ikeAuthAlgo:
- sha1
ikeCipherAlgo:
- tripledes
ikeDiffieHellmanGroup:
- group2
ikeLifetime: 28800
ikePrfAlgo:
- prfsha1
ipsecPoliciesPreset: default
isRouteBased: true
localId: myMXId@meraki.com
name: Peer Name
network:
ids:
- N_1
- L_2
- N_3
networkTags:
- none
peerId: '1234'
priorityInGroup: 1
privateSubnets:
- 192.168.1.0/24
- 192.168.128.0/24
publicHostname: example.com
publicIp: 123.123.123.1
remoteId: miles@meraki.com
secret: Sample Password
slaPolicy:
id: '1234'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|