Try SpotterRemoved in 3.0.0
Reason:Updated modules released with increased functionality | Alternative:cisco.meraki.organizations_appliance_vpn_third_party_vpnpeers
Manage third party (IPSec) VPN peers for MX devices
Authors: Kevin Breit (@kbreit)
deprecated | supported by community
Install with ansible-galaxy collection install cisco.meraki:==2.18.0
collections:
- name: cisco.meraki
version: 2.18.0Create, edit, query, or delete third party VPN peers in a Meraki environment.
- name: Query all VPN peers
meraki_mx_third_party_vpn_peers:
auth_key: abc123
state: query
org_name: orgName
- name: Create VPN peer with an IPsec policy
meraki_mx_third_party_vpn_peers:
auth_key: abc123
state: present
org_name: orgName
peers:
- name: "Test peer"
public_ip: "198.51.100.1"
secret: "s3cret"
private_subnets:
- "192.0.2.0/24"
ike_version: "2"
network_tags:
- none
remote_id: "192.0.2.0"
ipsec_policies:
child_lifetime: 600
ike_lifetime: 600
child_auth_algo:
- "md5"
child_cipher_algo:
- "tripledes"
- "aes192"
child_pfs_group:
- "disabled"
ike_auth_algo:
- "sha256"
ike_cipher_algo:
- "tripledes"
ike_diffie_hellman_group:
- "group2"
ike_prf_algo:
- "prfmd5"
host:
default: api.meraki.com
description:
- Hostname for Meraki dashboard.
- Can be used to access regional Meraki environments, such as China.
type: str
peers:
description:
- The list of VPN peers.
elements: dict
suboptions:
ike_version:
choices:
- '1'
- '2'
default: '1'
description:
- The IKE version to be used for the IPsec VPN peer configuration.
type: str
ipsec_policies:
description:
- Custom IPSec policies for the VPN peer. If not included and a preset has not
been chosen, the default preset for IPSec policies will be used.
suboptions:
child_auth_algo:
choices:
- sha256
- sha1
- md5
description:
- This is the authentication algorithms to be used in Phase 2.
elements: str
type: list
child_cipher_algo:
choices:
- aes256
- aes192
- aes128
- tripledes
- des
- 'null'
description:
- This is the cipher algorithms to be used in Phase 2.
elements: str
type: list
child_lifetime:
description:
- The lifetime of the Phase 2 SA in seconds.
type: int
child_pfs_group:
choices:
- disabled
- group14
- group5
- group2
- group1
description:
- This is the Diffie-Hellman group to be used for Perfect Forward Secrecy
in Phase 2.
elements: str
type: list
ike_auth_algo:
choices:
- sha256
- sha1
- md5
description:
- This is the authentication algorithm to be used in Phase 1.
elements: str
type: list
ike_cipher_algo:
choices:
- aes256
- aes192
- aes128
- tripledes
- des
description:
- This is the cipher algorithm to be used in Phase 1.
elements: str
type: list
ike_diffie_hellman_group:
choices:
- group14
- group5
- group2
- group1
description:
- This is the Diffie-Hellman group to be used in Phase 1.
elements: str
type: list
ike_lifetime:
description:
- The lifetime of the Phase 1 SA in seconds.
type: int
ike_prf_algo:
choices:
- prfsha256
- prfsha1
- prfmd5
- default
description:
- This is the pseudo-random function to be used in IKE_SA.
elements: str
type: list
type: dict
ipsec_policies_preset:
choices:
- default
- aws
- azure
description:
- Specifies IPsec preset values. If this is provided, the 'ipsecPolicies' parameter
is ignored.
type: str
name:
description:
- The name of the VPN peer.
- Required when state is present.
type: str
network_tags:
description:
- A list of network tags that will connect with this peer. If not included, the
default is ['all'].
elements: str
type: list
private_subnets:
description:
- The list of the private subnets of the VPN peer.
- Required when state is present.
elements: str
type: list
public_ip:
description:
- The public IP of the VPN peer.
- Required when state is present.
type: str
remote_id:
description:
- The remote ID is used to identify the connecting VPN peer. This can either be
a valid IPv4 Address, FQDN or User FQDN.
type: str
secret:
description:
- The shared secret with the VPN peer.
- Required when state is present.
type: str
type: list
state:
choices:
- absent
- present
- query
default: query
description:
- Specifies whether object should be queried, created/modified, or removed.
type: str
org_id:
description:
- ID of organization.
type: str
timeout:
default: 30
description:
- Time to timeout for HTTP requests.
type: int
auth_key:
description:
- Authentication key provided by the dashboard. Required if environmental variable
C(MERAKI_KEY) is not set.
required: true
type: str
org_name:
aliases:
- organization
description:
- Name of organization.
type: str
use_https:
default: true
description:
- If C(no), it will use HTTP. Otherwise it will use HTTPS.
- Only useful for internal Meraki developers.
type: bool
use_proxy:
default: false
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
type: bool
output_level:
choices:
- debug
- normal
default: normal
description:
- Set amount of debug output during module execution.
type: str
output_format:
choices:
- snakecase
- camelcase
default: snakecase
description:
- Instructs module whether response keys should be snake case (ex. C(net_id)) or camel
case (ex. C(netId)).
type: str
validate_certs:
default: true
description:
- Whether to validate HTTP certificates.
type: bool
rate_limit_retry_time:
default: 165
description:
- Number of seconds to retry if rate limiter is triggered.
type: int
internal_error_retry_time:
default: 60
description:
- Number of seconds to retry if server returns an internal server error.
type: int
response:
contains:
appliance_ip:
description: IP address of Meraki appliance in the VLAN
returned: success
sample: 192.0.1.1
type: str
dnsnamservers:
description: IP address or Meraki defined DNS servers which VLAN should use
by default
returned: success
sample: upstream_dns
type: str
peers:
contains:
ike_version:
description: The IKE version to be used for the IPsec VPN peer configuration.
returned: success
sample: '1'
type: str
ipsec_policies:
contains:
child_auth_algo:
description: This is the authentication algorithms to be used in Phase
2.
returned: success
sample:
- sha1
type: list
child_cipher_algo:
description: This is the cipher algorithms to be used in Phase 2.
returned: success
sample:
- aes192
type: list
child_lifetime:
description: The lifetime of the Phase 2 SA in seconds.
returned: success
sample: '60'
type: str
child_pfs_group:
description: This is the Diffie-Hellman group to be used for Perfect
Forward Secrecy in Phase 2.
returned: success
sample:
- group14
type: list
ike_auth_algo:
description: This is the authentication algorithm to be used in Phase
1.
returned: success
sample:
- sha1
type: list
ike_cipher_algo:
description: This is the cipher algorithm to be used in Phase 1.
returned: success
sample:
- aes128
type: list
ike_diffie_hellman_group:
description: This is the Diffie-Hellman group to be used in Phase 1.
returned: success
sample:
- group14
type: list
ike_lifetime:
description: The lifetime of the Phase 1 SA in seconds.
returned: success
sample: '60'
type: str
ike_prf_algo:
description: This is the pseudo-random function to be used in IKE_SA.
returned: success
sample:
- prfmd5
type: list
description: Custom IPSec policies for the VPN peer.
returned: success
type: complex
ipsec_policies_preset:
description: Preconfigured IPsec settings.
returned: success
sample: aws
type: str
name:
description: The name of the VPN peer.
returned: success
sample: MyVPNPeer
type: str
network_tags:
description: A list of network tags that will connect with this peer.
returned: success
sample:
- all
type: list
private_subnets:
description: The list of the private subnets of the VPN peer.
returned: success
sample:
- 192.0.2.0/24
type: list
public_ip:
description: The public IP of the VPN peer.
returned: success
sample: 198.51.100.1
type: str
remote_id:
description: The remote ID is used to identify the connecting VPN peer.
returned: success
sample: s3cret
type: str
description: The list of VPN peers.
returned: success
type: complex
description: Information about the organization which was created or modified
returned: success
type: complex