Problem with XML

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Problem with XML

Not applicable

Hi all!

Trying to create and VPN tunnel with the XML-api , but I am not clever enough Smiley Happy

Below is working fine, I can create the Tunnel and do almost all settings....

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=set&xpath=/config/devices/entry[@name='l...<auto-key><ipsec-crypto-profile>Staffan</ipsec-crypto-profile></auto-key><tunnel-monitor><enable>no</enable></tunnel-monitor><anti-replay>yes</anti-replay><copy-tos>no</copy-tos><tunnel-interface>tunnel</tunnel-interface>"

Here I am failing, when trying to set the IKE gw for the tunnel, what is wrong with the syntax?? (tried a lot of different things, this is just one example)

Want in the end to do everything in one request if possible, but have split the XML:s now to easier do troubleshooting.

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=edit&xpath=/config/devices/entry[@name='..."

Output error is in this example: <response status="error" code="12"><msg><line>Invalid target object in edit handler</line></msg></response>

Running version 5.0.2 on VMware, production later on will be PA-5050s

Regards Staffan

1 accepted solution

Accepted Solutions

Not applicable

Hi,

If think your error is due to the use of the edit action in your second example, you didn't set the element that changed ( in XML API ref doc you will see

http(s)://hostname/api/?type=config&action=edit&key=keyvalue&xpath=xpath-value&element=element-value )

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=edit&xpath=/config/devices/entry[@name='..."

try that (check the end of the url)

&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='StaffanTunnel']/auto-key/ike-gateway&element=<entry name='StaffanGW'/>


or try to use the set action.

BTW you have to define first the IKE GW before attaching it to an ipsec-tunnel.

Below an example with an IKE GW named titi, psk test attached to interface with ip 192.168.100.254/24 and a peer-ip 1.1.1.1 and profile myprofile

note: I configured some parameters as example, if some parameters are missing just add them to your config.

note 2: the last command is the same than your last command and I got a : <response status="success" code="20"><msg>command succeeded</msg></response>

Define GATEWAY with PSK (name titi - PSK : test)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/authentication/pre-shared-key

element=<key>test</key>

Define GATEWAY local IP (use this Ip: 192.168.100.254/24)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/local-address

element=<ip>192.168.100.254/24</ip>

Define GATEWAY peer IP (in this case the peer GW is 1.1.1.1)

action=set

xpath=obj="/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/peer-address

element=<ip>1.1.1.1</ip>

Define IKEv1 crypto ( profile myprofile )

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/protocol/ikev1

element=<ike-crypto-profile>myprofile</ike-crypto-profile><

Attach the ipsec-tunnel to IKE GATEWAY

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='toto']/auto-key/ike-gateway

element=<entry name='titi'/>

regards

View solution in original post

2 REPLIES 2

Not applicable

Hi,

If think your error is due to the use of the edit action in your second example, you didn't set the element that changed ( in XML API ref doc you will see

http(s)://hostname/api/?type=config&action=edit&key=keyvalue&xpath=xpath-value&element=element-value )

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=edit&xpath=/config/devices/entry[@name='..."

try that (check the end of the url)

&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='StaffanTunnel']/auto-key/ike-gateway&element=<entry name='StaffanGW'/>


or try to use the set action.

BTW you have to define first the IKE GW before attaching it to an ipsec-tunnel.

Below an example with an IKE GW named titi, psk test attached to interface with ip 192.168.100.254/24 and a peer-ip 1.1.1.1 and profile myprofile

note: I configured some parameters as example, if some parameters are missing just add them to your config.

note 2: the last command is the same than your last command and I got a : <response status="success" code="20"><msg>command succeeded</msg></response>

Define GATEWAY with PSK (name titi - PSK : test)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/authentication/pre-shared-key

element=<key>test</key>

Define GATEWAY local IP (use this Ip: 192.168.100.254/24)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/local-address

element=<ip>192.168.100.254/24</ip>

Define GATEWAY peer IP (in this case the peer GW is 1.1.1.1)

action=set

xpath=obj="/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/peer-address

element=<ip>1.1.1.1</ip>

Define IKEv1 crypto ( profile myprofile )

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/protocol/ikev1

element=<ike-crypto-profile>myprofile</ike-crypto-profile><

Attach the ipsec-tunnel to IKE GATEWAY

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='toto']/auto-key/ike-gateway

element=<entry name='titi'/>

regards

Thanks a lot!

All the other stuff with cryptos and gateways I did work out easily!

But just the small change from edit to set, did the last thing I was not able to do... Smiley Happy

Now it is time to create hundreds of tunnels....

Regards Staffan

  • 1 accepted solution
  • 3050 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!