cisco / cisco.meraki / 2.9.0 / module / meraki_mx_third_party_vpn_peers Manage third party (IPSec) VPN peers for MX devices Authors: Kevin Breit (@kbreit) preview | supported by communitycisco.meraki.meraki_mx_third_party_vpn_peers (2.9.0) — module
Install with ansible-galaxy collection install cisco.meraki:==2.9.0
collections: - name: cisco.meraki version: 2.9.0
Create, edit, query, or delete third party VPN peers in a Meraki environment.
- name: Query all VPN peers meraki_mx_third_party_vpn_peers: auth_key: abc123 state: query org_name: orgName
- name: Create VPN peer with an IPsec policy meraki_mx_third_party_vpn_peers: auth_key: abc123 state: present org_name: orgName peers: - name: "Test peer" public_ip: "198.51.100.1" secret: "s3cret" private_subnets: - "192.0.2.0/24" ike_version: "2" network_tags: - none remote_id: "192.0.2.0" ipsec_policies: child_lifetime: 600 ike_lifetime: 600 child_auth_algo: - "md5" child_cipher_algo: - "tripledes" - "aes192" child_pfs_group: - "disabled" ike_auth_algo: - "sha256" ike_cipher_algo: - "tripledes" ike_diffie_hellman_group: - "group2" ike_prf_algo: - "prfmd5"
host: default: api.meraki.com description: - Hostname for Meraki dashboard. - Can be used to access regional Meraki environments, such as China. type: str peers: description: - The list of VPN peers. elements: dict suboptions: ike_version: choices: - '1' - '2' default: '1' description: - The IKE version to be used for the IPsec VPN peer configuration. type: str ipsec_policies: description: - Custom IPSec policies for the VPN peer. If not included and a preset has not been chosen, the default preset for IPSec policies will be used. suboptions: child_auth_algo: choices: - sha256 - sha1 - md5 description: - This is the authentication algorithms to be used in Phase 2. elements: str type: list child_cipher_algo: choices: - aes256 - aes192 - aes128 - tripledes - des - 'null' description: - This is the cipher algorithms to be used in Phase 2. elements: str type: list child_lifetime: description: - The lifetime of the Phase 2 SA in seconds. type: int child_pfs_group: choices: - disabled - group14 - group5 - group2 - group1 description: - This is the Diffie-Hellman group to be used for Perfect Forward Secrecy in Phase 2. elements: str type: list ike_auth_algo: choices: - sha256 - sha1 - md5 description: - This is the authentication algorithm to be used in Phase 1. elements: str type: list ike_cipher_algo: choices: - aes256 - aes192 - aes128 - tripledes - des description: - This is the cipher algorithm to be used in Phase 1. elements: str type: list ike_diffie_hellman_group: choices: - group14 - group5 - group2 - group1 description: - This is the Diffie-Hellman group to be used in Phase 1. elements: str type: list ike_lifetime: description: - The lifetime of the Phase 1 SA in seconds. type: int ike_prf_algo: choices: - prfsha256 - prfsha1 - prfmd5 - default description: - This is the pseudo-random function to be used in IKE_SA. elements: str type: list type: dict ipsec_policies_preset: choices: - default - aws - azure description: - Specifies IPsec preset values. If this is provided, the 'ipsecPolicies' parameter is ignored. type: str name: description: - The name of the VPN peer. - Required when state is present. type: str network_tags: description: - A list of network tags that will connect with this peer. If not included, the default is ['all']. elements: str type: list private_subnets: description: - The list of the private subnets of the VPN peer. - Required when state is present. elements: str type: list public_ip: description: - The public IP of the VPN peer. - Required when state is present. type: str remote_id: description: - The remote ID is used to identify the connecting VPN peer. This can either be a valid IPv4 Address, FQDN or User FQDN. type: str secret: description: - The shared secret with the VPN peer. - Required when state is present. type: str type: list state: choices: - absent - present - query default: query description: - Specifies whether object should be queried, created/modified, or removed. type: str org_id: description: - ID of organization. type: str timeout: default: 30 description: - Time to timeout for HTTP requests. type: int auth_key: description: - Authentication key provided by the dashboard. Required if environmental variable C(MERAKI_KEY) is not set. required: true type: str org_name: aliases: - organization description: - Name of organization. type: str use_https: default: true description: - If C(no), it will use HTTP. Otherwise it will use HTTPS. - Only useful for internal Meraki developers. type: bool use_proxy: default: false description: - If C(no), it will not use a proxy, even if one is defined in an environment variable on the target hosts. type: bool output_level: choices: - debug - normal default: normal description: - Set amount of debug output during module execution. type: str output_format: choices: - snakecase - camelcase default: snakecase description: - Instructs module whether response keys should be snake case (ex. C(net_id)) or camel case (ex. C(netId)). type: str validate_certs: default: true description: - Whether to validate HTTP certificates. type: bool rate_limit_retry_time: default: 165 description: - Number of seconds to retry if rate limiter is triggered. type: int internal_error_retry_time: default: 60 description: - Number of seconds to retry if server returns an internal server error. type: int
response: contains: appliance_ip: description: IP address of Meraki appliance in the VLAN returned: success sample: 192.0.1.1 type: str dnsnamservers: description: IP address or Meraki defined DNS servers which VLAN should use by default returned: success sample: upstream_dns type: str peers: contains: ike_version: description: The IKE version to be used for the IPsec VPN peer configuration. returned: success sample: '1' type: str ipsec_policies: contains: child_auth_algo: description: This is the authentication algorithms to be used in Phase 2. returned: success sample: - sha1 type: list child_cipher_algo: description: This is the cipher algorithms to be used in Phase 2. returned: success sample: - aes192 type: list child_lifetime: description: The lifetime of the Phase 2 SA in seconds. returned: success sample: '60' type: str child_pfs_group: description: This is the Diffie-Hellman group to be used for Perfect Forward Secrecy in Phase 2. returned: success sample: - group14 type: list ike_auth_algo: description: This is the authentication algorithm to be used in Phase 1. returned: success sample: - sha1 type: list ike_cipher_algo: description: This is the cipher algorithm to be used in Phase 1. returned: success sample: - aes128 type: list ike_diffie_hellman_group: description: This is the Diffie-Hellman group to be used in Phase 1. returned: success sample: - group14 type: list ike_lifetime: description: The lifetime of the Phase 1 SA in seconds. returned: success sample: '60' type: str ike_prf_algo: description: This is the pseudo-random function to be used in IKE_SA. returned: success sample: - prfmd5 type: list description: Custom IPSec policies for the VPN peer. returned: success type: complex ipsec_policies_preset: description: Preconfigured IPsec settings. returned: success sample: aws type: str name: description: The name of the VPN peer. returned: success sample: MyVPNPeer type: str network_tags: description: A list of network tags that will connect with this peer. returned: success sample: - all type: list private_subnets: description: The list of the private subnets of the VPN peer. returned: success sample: - 192.0.2.0/24 type: list public_ip: description: The public IP of the VPN peer. returned: success sample: 198.51.100.1 type: str remote_id: description: The remote ID is used to identify the connecting VPN peer. returned: success sample: s3cret type: str description: The list of VPN peers. returned: success type: complex description: Information about the organization which was created or modified returned: success type: complex