Problem with XML

Not applicable

Problem with XML

Hi all!

Trying to create and VPN tunnel with the XML-api , but I am not clever enough :smileyhappy:

Below is working fine, I can create the Tunnel and do almost all settings....

wget -O dum1.txt --no-check-certificate "[@name='l...<auto-key><ipsec-crypto-profile>Staffan</ipsec-crypto-profile></auto-key><tunnel-monitor><enable>no</enable></tunnel-monitor><anti-replay>yes</anti-replay><copy-tos>no</copy-tos><tunnel-interface>tunnel</tunnel-interface>"

Here I am failing, when trying to set the IKE gw for the tunnel, what is wrong with the syntax?? (tried a lot of different things, this is just one example)

Want in the end to do everything in one request if possible, but have split the XML:s now to easier do troubleshooting.

wget -O dum1.txt --no-check-certificate "[@name='..."

Output error is in this example: <response status="error" code="12"><msg><line>Invalid target object in edit handler</line></msg></response>

Running version 5.0.2 on VMware, production later on will be PA-5050s

Regards Staffan

Not applicable

Re: Problem with XML


If think your error is due to the use of the edit action in your second example, you didn't set the element that changed ( in XML API ref doc you will see

http(s)://hostname/api/?type=config&action=edit&key=keyvalue&xpath=xpath-value&element=element-value )

wget -O dum1.txt --no-check-certificate "[@name='..."

try that (check the end of the url)

&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='StaffanTunnel']/auto-key/ike-gateway&element=<entry name='StaffanGW'/>

or try to use the set action.

BTW you have to define first the IKE GW before attaching it to an ipsec-tunnel.

Below an example with an IKE GW named titi, psk test attached to interface with ip and a peer-ip and profile myprofile

note: I configured some parameters as example, if some parameters are missing just add them to your config.

note 2: the last command is the same than your last command and I got a : <response status="success" code="20"><msg>command succeeded</msg></response>

Define GATEWAY with PSK (name titi - PSK : test)




Define GATEWAY local IP (use this Ip:




Define GATEWAY peer IP (in this case the peer GW is




Define IKEv1 crypto ( profile myprofile )




Attach the ipsec-tunnel to IKE GATEWAY



element=<entry name='titi'/>


Not applicable

Re: Problem with XML

Thanks a lot!

All the other stuff with cryptos and gateways I did work out easily!

But just the small change from edit to set, did the last thing I was not able to do... :smileyhappy:

Now it is time to create hundreds of tunnels....

Regards Staffan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!