cisco.meraki.meraki_nat – Manage NAT rules in Meraki cloud

From Get docs
Ansible/docs/2.10/collections/cisco/meraki/meraki nat module


cisco.meraki.meraki_nat – Manage NAT rules in Meraki cloud

Note

This plugin is part of the cisco.meraki collection (version 2.1.3).

To install it use: ansible-galaxy collection install cisco.meraki.

To use it in a playbook, specify: cisco.meraki.meraki_nat.


Synopsis

  • Allows for creation, management, and visibility of NAT rules (1:1, 1:many, port forwarding) within Meraki.

Parameters

Parameter Choices/Defaults Comments

auth_key

string / required

Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.

host

string

Default:

"api.meraki.com"

Hostname for Meraki dashboard.

Can be used to access regional Meraki environments, such as China.

internal_error_retry_time

integer

Default:

60

Number of seconds to retry if server returns an internal server error.

net_id

string

ID number of a network.

net_name

string

Name of a network.


aliases: name, network

one_to_many

list / elements=dictionary

List of 1:many NAT rules.

port_rules

list / elements=dictionary

List of associated port rules.

allowed_ips

list / elements=string

Remote IP addresses or ranges that are permitted to access the internal resource via this port forwarding rule, or 'any'.

local_ip

string

Local IP address to which traffic will be forwarded.

local_port

string

Destination port of the forwarded traffic that will be sent from the MX to the specified host on the LAN.

If you simply wish to forward the traffic without translating the port, this should be the same as the Public port.

name

string

A description of the rule.

protocol

string

  • tcp
  • udp

Protocol to apply NAT rule to.

public_port

string

Destination port of the traffic that is arriving on the WAN.

public_ip

string

The IP address that will be used to access the internal resource from the WAN.

uplink

string

  • both
  • internet1
  • internet2

The physical WAN interface on which the traffic will arrive.

one_to_one

list / elements=dictionary

List of 1:1 NAT rules.

allowed_inbound

list / elements=dictionary

The ports this mapping will provide access on, and the remote IPs that will be allowed access to the resource.

allowed_ips

list / elements=string

ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges, or 'any'.

destination_ports

list / elements=string

List of ports or port ranges that will be forwarded to the host on the LAN.

protocol

string

  • any

  • icmp-ping
  • tcp
  • udp

Protocol to apply NAT rule to.

lan_ip

string

The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN.

name

string

A descriptive name for the rule.

public_ip

string

The IP address that will be used to access the internal resource from the WAN.

uplink

string

  • both
  • internet1
  • internet2

The physical WAN interface on which the traffic will arrive.

org_id

string

ID of organization associated to a network.

org_name

string

Name of organization.


aliases: organization

output_format

string

  • snakecase

  • camelcase

Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId).

output_level

string

  • debug
  • normal

Set amount of debug output during module execution.

port_forwarding

list / elements=dictionary

List of port forwarding rules.

allowed_ips

list / elements=string

List of ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges (or any).

lan_ip

string

The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN.

local_port

integer

A port or port ranges that will receive the forwarded traffic from the WAN.

name

string

A descriptive name for the rule.

protocol

string

  • tcp
  • udp

Protocol to forward traffic for.

public_port

integer

A port or port ranges that will be forwarded to the host on the LAN.

uplink

string

  • both
  • internet1
  • internet2

The physical WAN interface on which the traffic will arrive.

rate_limit_retry_time

integer

Default:

165

Number of seconds to retry if rate limiter is triggered.

state

string

  • present

  • query

Create or modify an organization.

subset

list / elements=string

  • 1:1
  • 1:many
  • all

  • port_forwarding

Specifies which NAT components to query.

timeout

integer

Default:

30

Time to timeout for HTTP requests.

use_https

boolean

  • no
  • yes

If no, it will use HTTP. Otherwise it will use HTTPS.

Only useful for internal Meraki developers.

use_proxy

boolean

  • no

  • yes

If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.

validate_certs

boolean

  • no
  • yes

Whether to validate HTTP certificates.



Notes

Note

  • More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
  • Some of the options are likely only used for developers within Meraki.
  • As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the ANSIBLE_MERAKI_FORMAT environment variable to camelcase.
  • Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
  • Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.


Examples

- name: Query all NAT rules
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: query
    subset: all
  delegate_to: localhost

- name: Query 1:1 NAT rules
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: query
    subset: '1:1'
  delegate_to: localhost

- name: Create 1:1 rule
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    one_to_one:
      - name: Service behind NAT
        public_ip: 1.2.1.2
        lan_ip: 192.168.128.1
        uplink: internet1
        allowed_inbound:
          - protocol: tcp
            destination_ports:
              - 80
            allowed_ips:
              - 10.10.10.10
  delegate_to: localhost

- name: Create 1:many rule
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    one_to_many:
      - public_ip: 1.1.1.1
        uplink: internet1
        port_rules:
          - name: Test rule
            protocol: tcp
            public_port: 10
            local_ip: 192.168.128.1
            local_port: 11
            allowed_ips:
              - any
  delegate_to: localhost

- name: Create port forwarding rule
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    port_forwarding:
      - name: Test map
        lan_ip: 192.168.128.1
        uplink: both
        protocol: tcp
        allowed_ips:
          - 1.1.1.1
        public_port: 10
        local_port: 11
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

data

complex

success

Information about the created or manipulated object.


one_to_many

complex

success, when 1:many NAT object is in task

Information about 1:many NAT object.


rules

complex

success, when 1:many NAT object is in task

List of 1:many NAT rules.


portRules

complex

success, when 1:many NAT object is in task

List of NAT port rules.


allowedIps

list / elements=string

success, when 1:1 NAT object is in task

List of IP addresses to be forwarded.


Sample:

10.80.100.0/24

localIp

string

success, when 1:1 NAT object is in task

Local IP address traffic will be forwarded.


Sample:

192.0.2.10

localPort

integer

success, when 1:1 NAT object is in task

Destination port to be forwarded to.


Sample:

443

name

string

success, when 1:many NAT object is in task

Name of NAT object.


Sample:

Web server behind NAT

protocol

string

success, when 1:1 NAT object is in task

Protocol to apply NAT rule to.


Sample:

tcp

publicPort

integer

success, when 1:1 NAT object is in task

Destination port of the traffic that is arriving on WAN.


Sample:

9443

publicIp

string

success, when 1:many NAT object is in task

Public IP address to be mapped.


Sample:

148.2.5.100

uplink

string

success, when 1:many NAT object is in task

Internet port where rule is applied.


Sample:

internet1

one_to_one

complex

success, when 1:1 NAT object is in task

Information about 1:1 NAT object.


rules

complex

success, when 1:1 NAT object is in task

List of 1:1 NAT rules.


allowedInbound

complex

success, when 1:1 NAT object is in task

List of inbound forwarding rules.


allowedIps

list / elements=string

success, when 1:1 NAT object is in task

List of IP addresses to be forwarded.


Sample:

10.80.100.0/24

destinationPorts

string

success, when 1:1 NAT object is in task

Ports to apply NAT rule to.


Sample:

80

protocol

string

success, when 1:1 NAT object is in task

Protocol to apply NAT rule to.


Sample:

tcp

lanIp

string

success, when 1:1 NAT object is in task

Local IP address to be mapped.


Sample:

192.168.128.22

name

string

success, when 1:1 NAT object is in task

Name of NAT object.


Sample:

Web server behind NAT

publicIp

string

success, when 1:1 NAT object is in task

Public IP address to be mapped.


Sample:

148.2.5.100

uplink

string

success, when 1:1 NAT object is in task

Internet port where rule is applied.


Sample:

internet1

port_forwarding

complex

success, when port forwarding is in task

Information about port forwarding rules.


rules

complex

success, when port forwarding is in task

List of port forwarding rules.


allowedIps

list / elements=string

success, when port forwarding is in task

List of IP addresses to be forwarded.


Sample:

10.80.100.0/24

lanIp

string

success, when port forwarding is in task

Local IP address to be mapped.


Sample:

192.168.128.22

localPort

integer

success, when port forwarding is in task

Destination port to be forwarded to.


Sample:

443

name

string

success, when port forwarding is in task

Name of NAT object.


Sample:

Web server behind NAT

protocol

string

success, when port forwarding is in task

Protocol to apply NAT rule to.


Sample:

tcp

publicPort

integer

success, when port forwarding is in task

Destination port of the traffic that is arriving on WAN.


Sample:

9443

uplink

string

success, when port forwarding is in task

Internet port where rule is applied.


Sample:

internet1




Authors

  • Kevin Breit (@kbreit)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/cisco/meraki/meraki_nat_module.html