This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problem with XML

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problem with XML

Go to solution
stafols
Not applicable

‎01-18-2013 04:33 AM

Hi all!

Trying to create and VPN tunnel with the XML-api , but I am not clever enough Smiley Happy

Below is working fine, I can create the Tunnel and do almost all settings....

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=set&xpath=/config/devices/entry[@name='l...<auto-key><ipsec-crypto-profile>Staffan</ipsec-crypto-profile></auto-key><tunnel-monitor><enable>no</enable></tunnel-monitor><anti-replay>yes</anti-replay><copy-tos>no</copy-tos><tunnel-interface>tunnel</tunnel-interface>"

Here I am failing, when trying to set the IKE gw for the tunnel, what is wrong with the syntax?? (tried a lot of different things, this is just one example)

Want in the end to do everything in one request if possible, but have split the XML:s now to easier do troubleshooting.

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=edit&xpath=/config/devices/entry[@name='..."

Output error is in this example: <response status="error" code="12"><msg><line>Invalid target object in edit handler</line></msg></response>

Running version 5.0.2 on VMware, production later on will be PA-5050s

Regards Staffan

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
cviaud
Not applicable

‎01-23-2013 10:49 PM

Hi,

If think your error is due to the use of the edit action in your second example, you didn't set the element that changed ( in XML API ref doc you will see

http(s)://hostname/api/?type=config&action=edit&key=keyvalue&xpath=xpath-value&element=element-value )

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=edit&xpath=/config/devices/entry[@name='..."

try that (check the end of the url)

&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='StaffanTunnel']/auto-key/ike-gateway&element=<entry name='StaffanGW'/>


or try to use the set action.

BTW you have to define first the IKE GW before attaching it to an ipsec-tunnel.

Below an example with an IKE GW named titi, psk test attached to interface with ip 192.168.100.254/24 and a peer-ip 1.1.1.1 and profile myprofile

note: I configured some parameters as example, if some parameters are missing just add them to your config.

note 2: the last command is the same than your last command and I got a : <response status="success" code="20"><msg>command succeeded</msg></response>

Define GATEWAY with PSK (name titi - PSK : test)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/authentication/pre-shared-key

element=<key>test</key>

Define GATEWAY local IP (use this Ip: 192.168.100.254/24)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/local-address

element=<ip>192.168.100.254/24</ip>

Define GATEWAY peer IP (in this case the peer GW is 1.1.1.1)

action=set

xpath=obj="/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/peer-address

element=<ip>1.1.1.1</ip>

Define IKEv1 crypto ( profile myprofile )

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/protocol/ikev1

element=<ike-crypto-profile>myprofile</ike-crypto-profile><

Attach the ipsec-tunnel to IKE GATEWAY

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='toto']/auto-key/ike-gateway

element=<entry name='titi'/>

regards

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
cviaud
Not applicable

‎01-23-2013 10:49 PM

Hi,

If think your error is due to the use of the edit action in your second example, you didn't set the element that changed ( in XML API ref doc you will see

http(s)://hostname/api/?type=config&action=edit&key=keyvalue&xpath=xpath-value&element=element-value )

wget -O dum1.txt --no-check-certificate "https://192.168.3.114/api/?type=config&key=%palokey%&action=edit&xpath=/config/devices/entry[@name='..."

try that (check the end of the url)

&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='StaffanTunnel']/auto-key/ike-gateway&element=<entry name='StaffanGW'/>


or try to use the set action.

BTW you have to define first the IKE GW before attaching it to an ipsec-tunnel.

Below an example with an IKE GW named titi, psk test attached to interface with ip 192.168.100.254/24 and a peer-ip 1.1.1.1 and profile myprofile

note: I configured some parameters as example, if some parameters are missing just add them to your config.

note 2: the last command is the same than your last command and I got a : <response status="success" code="20"><msg>command succeeded</msg></response>

Define GATEWAY with PSK (name titi - PSK : test)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/authentication/pre-shared-key

element=<key>test</key>

Define GATEWAY local IP (use this Ip: 192.168.100.254/24)

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/local-address

element=<ip>192.168.100.254/24</ip>

Define GATEWAY peer IP (in this case the peer GW is 1.1.1.1)

action=set

xpath=obj="/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/peer-address

element=<ip>1.1.1.1</ip>

Define IKEv1 crypto ( profile myprofile )

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='titi']/protocol/ikev1

element=<ike-crypto-profile>myprofile</ike-crypto-profile><

Attach the ipsec-tunnel to IKE GATEWAY

action=set

xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='toto']/auto-key/ike-gateway

element=<entry name='titi'/>

regards

0 Likes Likes

Go to solution
stafols
Not applicable
In response to cviaud

‎01-24-2013 04:57 AM

Thanks a lot!

All the other stuff with cryptos and gateways I did work out easily!

But just the small change from edit to set, did the last thing I was not able to do... Smiley Happy

Now it is time to create hundreds of tunnels....

Regards Staffan

0 Likes Likes
  • 1 accepted solution
  • 3384 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks