Automation

 View Only
last person joined: 6 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.

Configure SRX-12.3X48-D70.3 using NETCONF

  • 1.  Configure SRX-12.3X48-D70.3 using NETCONF

    Posted 11-28-2021 05:40
    I have an issue when I try to configure my SRX-12.3X48-D70.3device through Netconf using ansible. The xml is format well but when i start installation on the device, I have this error: ncclient/operations/rpc.py\", line 341, in _request\n raise self._reply.error\nncclient.operations.rpc.RPCError: syntax error, expecting <config-text/> or <configuration>\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 It's look like i missing some <config-text/> or <configuration>, but I don't know where to add this parameters in my xml. In attach you will find my xml. The version of SRX is 12.3X48-D70.3.

    This is my xml: 

    <config>
    <configuration>
    <groups operation="replace">
    <name>CCAAS-SAAQ</name>
    <undocumented><apply-flags>
    <omit/>
    </apply-flags></undocumented>
    <security>
    <nat>
    <source>
    <pool>
    <name>NETDISCO-CCAAS-SAAQ</name>
    <routing-instance>
    <ri-name>CCAAS-SAAQ</ri-name>
    </routing-instance>
    <address>
    <name>69.158.230.128/32</name>
    </address>
    </pool>
    <pool>
    <name>CCAAS-SAAQ-2605_95</name>
    <routing-instance>
    <ri-name>CCAAS-SAAQ</ri-name>
    </routing-instance>
    <address>
    <name>2605:a800:3:15:0:95::/96</name>
    </address>
    </pool>
    <pool>
    <name>CCAAS-SAAQ-172_017_024_129</name>
    <routing-instance>
    <ri-name>MCMTRL</ri-name>
    </routing-instance>
    <address>
    <name>172.17.24.129/32</name>
    </address>
    </pool>
    <pool>
    <name>CCAAS-SAAQ-172_17_24_130</name>
    <routing-instance>
    <ri-name>MCMTRL</ri-name>
    </routing-instance>
    <address>
    <name>172.17.24.130/32</name>
    </address>
    </pool>
    <rule-set>
    <name>MCMTRL-to-CCAAS-SAAQ</name>
    <from>
    <zone>MCMTRL-trust</zone>
    </from>
    <to>
    <zone>CCAAS-SAAQ-untrust</zone>
    </to>
    <rule>
    <name>NETDISCO-CCAAS-SAAQ</name>
    <src-nat-rule-match>
    <source-address-name>srv-netdisco-ccaas-saaq</source-address-name>
    </src-nat-rule-match>
    <then>
    <source-nat>
    <pool>
    <pool-name>NETDISCO-CCAAS-SAAQ</pool-name>
    </pool>
    </source-nat>
    </then>
    </rule>
    <rule>
    <name>PACO_CCAAS-SAAQ</name>
    <src-nat-rule-match>
    <source-address-name>srv-paco-smi</source-address-name>
    </src-nat-rule-match>
    <then>
    <source-nat>
    <pool>
    <pool-name>PACO-10_199_45_80</pool-name>
    </pool>
    </source-nat>
    </then>
    </rule>
    </rule-set>
    <rule-set>
    <name>CCAAS-SAAQ-to-MCMTRL</name>
    <from>
    <zone>CCAAS-SAAQ-untrust</zone>
    </from>
    <to>
    <zone>MCMTRL-trust</zone>
    </to>
    <rule>
    <name>ipv6_CCAAS-SAAQ_rule1</name>
    <src-nat-rule-match>
    <source-address>0.0.0.0/0</source-address>
    <destination-address-name>vsgmsnacor103-v6</destination-address-name>
    <destination-address-name>psgmsnacor103-v6</destination-address-name>
    <destination-address-name>vsgmssocauto001-v6</destination-address-name>
    <destination-address-name>psgmssocautomate02-v6</destination-address-name>
    <destination-address-name>srv-sat_agent-smi-v6</destination-address-name>
    <destination-address-name>srv-isev6-smi</destination-address-name>
    </src-nat-rule-match>
    <then>
    <source-nat>
    <pool>
    <pool-name>CCAAS-SAAQ-2605_95</pool-name>
    </pool>
    </source-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-ISEv4-VIP</name>
    <src-nat-rule-match>
    <destination-address-name>srv-ise-smi</destination-address-name>
    </src-nat-rule-match>
    <then>
    <source-nat>
    <pool>
    <pool-name>CCAAS-SAAQ-172_017_024_129</pool-name>
    </pool>
    </source-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-SERVICE-VIP</name>
    <src-nat-rule-match>
    <destination-address-name>r142.125.250_25</destination-address-name>
    <destination-address-name>r142.125.250.128_25</destination-address-name>
    </src-nat-rule-match>
    <then>
    <source-nat>
    <pool>
    <pool-name>CCAAS-SAAQ-172_17_24_130</pool-name>
    </pool>
    </source-nat>
    </then>
    </rule>
    </rule-set>
    </source>
    <destination>
    <pool>
    <name>CCAAS-SAAQ-QCDRVLISE01-V4</name>
    <routing-instance>
    <ri-name>MCMTRL</ri-name>
    </routing-instance>
    <address>
    <ipaddr>69.158.229.214/32</ipaddr>
    </address>
    </pool>
    <pool>
    <name>CCAAS-SAAQ-QCDRVLISE02-V4</name>
    <routing-instance>
    <ri-name>MCMTRL</ri-name>
    </routing-instance>
    <address>
    <ipaddr>69.158.229.215/32</ipaddr>
    </address>
    </pool>
    <pool>
    <name>CCAAS-SAAQ-QCDRVLISE01-V6</name>
    <routing-instance>
    <ri-name>MCMTRL</ri-name>
    </routing-instance>
    <address>
    <ipaddr>2605:a800:3:16:0:0:0:4/128</ipaddr>
    </address>
    </pool>
    <pool>
    <name>CCAAS-SAAQ-QCDRVLISE02-V6</name>
    <routing-instance>
    <ri-name>MCMTRL</ri-name>
    </routing-instance>
    <address>
    <ipaddr>2605:a800:3:16:0:0:0:5/128</ipaddr>
    </address>
    </pool>
    <rule-set>
    <name>CCAAS-SAAQ-to-MCMTRL</name>
    <from>
    <zone>CCAAS-SAAQ-untrust</zone>
    </from>
    <rule>
    <name>CCAAS-SAAQ-QCDRVLISE01-V4</name>
    <dest-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.250.126</dst-addr-name>
    </destination-address-name>
    <destination-port>
    <name>1812</name>
    </destination-port>
    <protocol>udp</protocol>
    </dest-nat-rule-match>
    <then>
    <destination-nat>
    <pool>
    <pool-name>CCAAS-SAAQ-QCDRVLISE01-V4</pool-name>
    </pool>
    </destination-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-QCDRVLISE02-V4</name>
    <dest-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.250.254</dst-addr-name>
    </destination-address-name>
    <destination-port>
    <name>1812</name>
    </destination-port>
    <protocol>udp</protocol>
    </dest-nat-rule-match>
    <then>
    <destination-nat>
    <pool>
    <pool-name>CCAAS-SAAQ-QCDRVLISE02-V4</pool-name>
    </pool>
    </destination-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-QCDRVLISE01-V6</name>
    <dest-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.250.126</dst-addr-name>
    </destination-address-name>
    <destination-port>
    <name>49</name>
    </destination-port>
    <protocol>tcp</protocol>
    </dest-nat-rule-match>
    <then>
    <destination-nat>
    <pool>
    <pool-name>CCAAS-SAAQ-QCDRVLISE01-V6</pool-name>
    </pool>
    </destination-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-QCDRVLISE02-V6</name>
    <dest-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.250.254</dst-addr-name>
    </destination-address-name>
    <destination-port>
    <name>49</name>
    </destination-port>
    <protocol>tcp</protocol>
    </dest-nat-rule-match>
    <then>
    <destination-nat>
    <pool>
    <pool-name>CCAAS-SAAQ-QCDRVLISE02-V6</pool-name>
    </pool>
    </destination-nat>
    </then>
    </rule>
    </rule-set>
    </destination>
    <static>
    <rule-set>
    <name>CCAAS-SAAQ-STATIC-NAT</name>
    <from>
    <zone>CCAAS-SAAQ-untrust</zone>
    </from>
    <rule>
    <name>CCAAS-SAAQ-VSGMSNACOR103</name>
    <static-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.248.171</dst-addr-name>
    </destination-address-name>
    </static-nat-rule-match>
    <then>
    <static-nat>
    <prefix>
    <addr-prefix>2605:a800:3:14::171/128</addr-prefix>
    <routing-instance>MCMTRL</routing-instance>
    </prefix>
    </static-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-PSGMSNACOR103</name>
    <static-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.249.037</dst-addr-name>
    </destination-address-name>
    </static-nat-rule-match>
    <then>
    <static-nat>
    <prefix>
    <addr-prefix>2605:a800:3:14::37/128</addr-prefix>
    <routing-instance>MCMTRL</routing-instance>
    </prefix>
    </static-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-VSGMSSOCAUTO001</name>
    <static-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.248.185</dst-addr-name>
    </destination-address-name>
    </static-nat-rule-match>
    <then>
    <static-nat>
    <prefix>
    <addr-prefix>2605:a800:3:14::8e7d:f8b9/128</addr-prefix>
    <routing-instance>MCMTRL</routing-instance>
    </prefix>
    </static-nat>
    </then>
    </rule>
    <rule>
    <name>CCAAS-SAAQ-PSGMSSOCAUTOMATE02</name>
    <static-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>s142.125.248.183</dst-addr-name>
    </destination-address-name>
    </static-nat-rule-match>
    <then>
    <static-nat>
    <prefix>
    <addr-prefix>2605:a800:3:14::8e7d:f8b7/128</addr-prefix>
    <routing-instance>MCMTRL</routing-instance>
    </prefix>
    </static-nat>
    </then>
    </rule>
    <rule>
    <name>FORTISIEM-CCAAS-SAAQ-1</name>
    <static-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>100.64.248.9/32</dst-addr-name>
    </destination-address-name>
    </static-nat-rule-match>
    <then>
    <static-nat>
    <prefix>
    <addr-prefix>10.195.10.42/32</addr-prefix>
    <routing-instance>MCMTRL</routing-instance>
    </prefix>
    </static-nat>
    </then>
    </rule>
    <rule>
    <name>FORTISIEM-CCAAS-SAAQ-2</name>
    <static-nat-rule-match>
    <destination-address-name>
    <dst-addr-name>100.64.248.10/32</dst-addr-name>
    </destination-address-name>
    </static-nat-rule-match>
    <then>
    <static-nat>
    <prefix>
    <addr-prefix>10.195.21.42/32</addr-prefix>
    <routing-instance>MCMTRL</routing-instance>
    </prefix>
    </static-nat>
    </then>
    </rule>
    </rule-set>
    </static>
    </nat>
    <policies>
    <policy>
    <from-zone-name>MCMTRL-trust</from-zone-name>
    <to-zone-name>CCAAS-SAAQ-untrust</to-zone-name>
    <policy>
    <name>ca-spectrum</name>
    <match>
    <source-address>srv-ca-spectrum-ccaas-saaq</source-address>
    <destination-address>r-ccaas-saaq</destination-address>
    <application>app-ca-spectrum-out</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>netdisco</name>
    <match>
    <source-address>srv-netdisco-ccaas-saaq</source-address>
    <destination-address>r-ccaas-saaq</destination-address>
    <application>app-netdisco-out</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>paco</name>
    <match>
    <source-address>srv-paco-smi</source-address>
    <destination-address>r-ccaas-saaq</destination-address>
    <application>app-paco-ccaas-saaq</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>ansible</name>
    <match>
    <source-address>srv-ansible-smi</source-address>
    <destination-address>r-ccaas-saaq</destination-address>
    <application>app-ansible-out</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>algo</name>
    <match>
    <source-address>srv-algo-smi</source-address>
    <destination-address>r-ccaas-saaq</destination-address>
    <application>app-algo-out</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>bsure</name>
    <match>
    <source-address>r-smi-iaas</source-address>
    <destination-address>r-ccaas-saaq</destination-address>
    <application>tcp-09100</application>
    <application>tcp-09747</application>
    <application>junos-https</application>
    <application>junos-icmp-all</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>tools-soc-v6</name>
    <match>
    <source-address>vsgmsnacor103-v6</source-address>
    <source-address>psgmsnacor103-v6</source-address>
    <source-address>vsgmssocauto001-v6</source-address>
    <source-address>psgmsjumpsoc30-v6</source-address>
    <source-address>psgmssocautomate02-v6</source-address>
    <destination-address>r-ccaas-saaq</destination-address>
    <application>tools-soc-v6</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    </policy>
    <policy>
    <from-zone-name>CCAAS-SAAQ-untrust</from-zone-name>
    <to-zone-name>MCMTRL-trust</to-zone-name>
    <policy>
    <name>ca-spectrum</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>srv-ca-spectrum-ccaas-saaq</destination-address>
    <application>app-ca-spectrum-in</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>nimsoft-proxy</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>s142.125.249.012</destination-address>
    <destination-address>s142.125.249.014</destination-address>
    <application>app-nimsoft-out</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>tacacs</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>srv-acs-smi</destination-address>
    <destination-address>srv-acsv6-smi</destination-address>
    <application>junos-tacacs</application>
    <application>all-radius</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>satellite</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>srv-satellite-smi</destination-address>
    <application>epo-8000</application>
    <application>tcp-08140</application>
    <application>tcp-05647</application>
    <application>tcp-05000</application>
    <application>tcp-09090</application>
    <application>junos-http</application>
    <application>junos-https</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>ise</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>srv-ise-smi</destination-address>
    <destination-address>srv-isev6-smi</destination-address>
    <application>app-tacacs-in</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>bpa-agent</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>s142.125.250.014</destination-address>
    <application>app-bpa-agent</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>bsure</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>r-smi-iaas</destination-address>
    <application>junos-https</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>smtp</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>srv-smtp-smi</destination-address>
    <application>app-smtp-in</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>epo-lemss</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>srv-epo-lemss-smi</destination-address>
    <application>app-epo-lemss-in</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    <policy>
    <name>tools-soc-automation</name>
    <match>
    <source-address>r-ccaas-saaq</source-address>
    <destination-address>vsgmsnacor103-v6</destination-address>
    <destination-address>psgmsnacor103-v6</destination-address>
    <destination-address>vsgmssocauto001-v6</destination-address>
    <destination-address>psgmssocautomate02-v6</destination-address>
    <application>ftp-group</application>
    <application>junos-tftp</application>
    </match>
    <then>
    <permit>
    </permit>
    </then>
    </policy>
    </policy>
    </policies>
    <zones>
    <security-zone>
    <name>CCAAS-SAAQ-untrust</name>
    <interfaces>
    <name>reth3.2790</name>
    </interfaces>
    <interfaces>
    <name>reth7.2790</name>
    </interfaces>
    </security-zone>
    </zones>
    </security>
    <interfaces>
    <interface>
    <name>reth3</name>
    <unit>
    <name>2790</name>
    <description>Logical Interface to NBDRVLR0800 (VRF CCAAS-SAAQ)</description>
    <vlan-id>2790</vlan-id>
    <family>
    <inet>
    <address>
    <name>169.254.230.11/31</name>
    </address>
    </inet>
    </family>
    </unit>
    </interface>
    <interface>
    <name>reth7</name>
    <unit>
    <name>2790</name>
    <description>Logical Interface to NBMTRLR0800 (VRF CCAAS-SAAQ)</description>
    <vlan-id>2790</vlan-id>
    <family>
    <inet>
    <address>
    <name>169.254.230.13/31</name>
    </address>
    </inet>
    </family>
    </unit>
    </interface>
    </interfaces>
    <routing-instances>
    <instance>
    <name>CCAAS-SAAQ</name>
    <apply-groups>default-vr-template</apply-groups>
    <instance-type>virtual-router</instance-type>
    <interface>
    <name>reth3.2790</name>
    </interface>
    <interface>
    <name>reth7.2790</name>
    </interface>
    <routing-options>
    <rib>
    <name>CCAAS-SAAQ.inet6.0</name>
    <static>
    <route>
    <name>::/0</name>
    <next-table>MCMTRL.inet6.0</next-table>
    </route>
    </static>
    </rib>
    </routing-options>
    <protocols>
    <bgp>
    <group>
    <name>node0</name>
    <neighbor>
    <name>169.254.230.10</name>
    <peer-as>65099</peer-as>
    </neighbor>
    </group>
    <group>
    <name>node1</name>
    <neighbor>
    <name>169.254.230.12</name>
    <peer-as>65099</peer-as>
    </neighbor>
    </group>
    </bgp>
    </protocols>
    </instance>
    </routing-instances>
    </groups>
    </configuration>
    </config>

    ------------------------------
    YVES EKOUDI
    ------------------------------