I have an issue when I try to configure my SRX-12.3X48-D70.3device through Netconf using ansible. The xml is format well but when i start installation on the device, I have this error: ncclient/operations/rpc.py\", line 341, in _request\n raise self._reply.error\nncclient.operations.rpc.RPCError: syntax error, expecting <config-text/> or <configuration>\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 It's look like i missing some <config-text/> or <configuration>, but I don't know where to add this parameters in my xml. In attach you will find my xml. The version of SRX is 12.3X48-D70.3.
This is my xml:
<config>
<configuration>
<groups operation="replace">
<name>CCAAS-SAAQ</name>
<undocumented><apply-flags>
<omit/>
</apply-flags></undocumented>
<security>
<nat>
<source>
<pool>
<name>NETDISCO-CCAAS-SAAQ</name>
<routing-instance>
<ri-name>CCAAS-SAAQ</ri-name>
</routing-instance>
<address>
<name>69.158.230.128/32</name>
</address>
</pool>
<pool>
<name>CCAAS-SAAQ-2605_95</name>
<routing-instance>
<ri-name>CCAAS-SAAQ</ri-name>
</routing-instance>
<address>
<name>2605:a800:3:15:0:95::/96</name>
</address>
</pool>
<pool>
<name>CCAAS-SAAQ-172_017_024_129</name>
<routing-instance>
<ri-name>MCMTRL</ri-name>
</routing-instance>
<address>
<name>172.17.24.129/32</name>
</address>
</pool>
<pool>
<name>CCAAS-SAAQ-172_17_24_130</name>
<routing-instance>
<ri-name>MCMTRL</ri-name>
</routing-instance>
<address>
<name>172.17.24.130/32</name>
</address>
</pool>
<rule-set>
<name>MCMTRL-to-CCAAS-SAAQ</name>
<from>
<zone>MCMTRL-trust</zone>
</from>
<to>
<zone>CCAAS-SAAQ-untrust</zone>
</to>
<rule>
<name>NETDISCO-CCAAS-SAAQ</name>
<src-nat-rule-match>
<source-address-name>srv-netdisco-ccaas-saaq</source-address-name>
</src-nat-rule-match>
<then>
<source-nat>
<pool>
<pool-name>NETDISCO-CCAAS-SAAQ</pool-name>
</pool>
</source-nat>
</then>
</rule>
<rule>
<name>PACO_CCAAS-SAAQ</name>
<src-nat-rule-match>
<source-address-name>srv-paco-smi</source-address-name>
</src-nat-rule-match>
<then>
<source-nat>
<pool>
<pool-name>PACO-10_199_45_80</pool-name>
</pool>
</source-nat>
</then>
</rule>
</rule-set>
<rule-set>
<name>CCAAS-SAAQ-to-MCMTRL</name>
<from>
<zone>CCAAS-SAAQ-untrust</zone>
</from>
<to>
<zone>MCMTRL-trust</zone>
</to>
<rule>
<name>ipv6_CCAAS-SAAQ_rule1</name>
<src-nat-rule-match>
<source-address>0.0.0.0/0</source-address>
<destination-address-name>vsgmsnacor103-v6</destination-address-name>
<destination-address-name>psgmsnacor103-v6</destination-address-name>
<destination-address-name>vsgmssocauto001-v6</destination-address-name>
<destination-address-name>psgmssocautomate02-v6</destination-address-name>
<destination-address-name>srv-sat_agent-smi-v6</destination-address-name>
<destination-address-name>srv-isev6-smi</destination-address-name>
</src-nat-rule-match>
<then>
<source-nat>
<pool>
<pool-name>CCAAS-SAAQ-2605_95</pool-name>
</pool>
</source-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-ISEv4-VIP</name>
<src-nat-rule-match>
<destination-address-name>srv-ise-smi</destination-address-name>
</src-nat-rule-match>
<then>
<source-nat>
<pool>
<pool-name>CCAAS-SAAQ-172_017_024_129</pool-name>
</pool>
</source-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-SERVICE-VIP</name>
<src-nat-rule-match>
<destination-address-name>r142.125.250_25</destination-address-name>
<destination-address-name>r142.125.250.128_25</destination-address-name>
</src-nat-rule-match>
<then>
<source-nat>
<pool>
<pool-name>CCAAS-SAAQ-172_17_24_130</pool-name>
</pool>
</source-nat>
</then>
</rule>
</rule-set>
</source>
<destination>
<pool>
<name>CCAAS-SAAQ-QCDRVLISE01-V4</name>
<routing-instance>
<ri-name>MCMTRL</ri-name>
</routing-instance>
<address>
<ipaddr>69.158.229.214/32</ipaddr>
</address>
</pool>
<pool>
<name>CCAAS-SAAQ-QCDRVLISE02-V4</name>
<routing-instance>
<ri-name>MCMTRL</ri-name>
</routing-instance>
<address>
<ipaddr>69.158.229.215/32</ipaddr>
</address>
</pool>
<pool>
<name>CCAAS-SAAQ-QCDRVLISE01-V6</name>
<routing-instance>
<ri-name>MCMTRL</ri-name>
</routing-instance>
<address>
<ipaddr>2605:a800:3:16:0:0:0:4/128</ipaddr>
</address>
</pool>
<pool>
<name>CCAAS-SAAQ-QCDRVLISE02-V6</name>
<routing-instance>
<ri-name>MCMTRL</ri-name>
</routing-instance>
<address>
<ipaddr>2605:a800:3:16:0:0:0:5/128</ipaddr>
</address>
</pool>
<rule-set>
<name>CCAAS-SAAQ-to-MCMTRL</name>
<from>
<zone>CCAAS-SAAQ-untrust</zone>
</from>
<rule>
<name>CCAAS-SAAQ-QCDRVLISE01-V4</name>
<dest-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.250.126</dst-addr-name>
</destination-address-name>
<destination-port>
<name>1812</name>
</destination-port>
<protocol>udp</protocol>
</dest-nat-rule-match>
<then>
<destination-nat>
<pool>
<pool-name>CCAAS-SAAQ-QCDRVLISE01-V4</pool-name>
</pool>
</destination-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-QCDRVLISE02-V4</name>
<dest-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.250.254</dst-addr-name>
</destination-address-name>
<destination-port>
<name>1812</name>
</destination-port>
<protocol>udp</protocol>
</dest-nat-rule-match>
<then>
<destination-nat>
<pool>
<pool-name>CCAAS-SAAQ-QCDRVLISE02-V4</pool-name>
</pool>
</destination-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-QCDRVLISE01-V6</name>
<dest-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.250.126</dst-addr-name>
</destination-address-name>
<destination-port>
<name>49</name>
</destination-port>
<protocol>tcp</protocol>
</dest-nat-rule-match>
<then>
<destination-nat>
<pool>
<pool-name>CCAAS-SAAQ-QCDRVLISE01-V6</pool-name>
</pool>
</destination-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-QCDRVLISE02-V6</name>
<dest-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.250.254</dst-addr-name>
</destination-address-name>
<destination-port>
<name>49</name>
</destination-port>
<protocol>tcp</protocol>
</dest-nat-rule-match>
<then>
<destination-nat>
<pool>
<pool-name>CCAAS-SAAQ-QCDRVLISE02-V6</pool-name>
</pool>
</destination-nat>
</then>
</rule>
</rule-set>
</destination>
<static>
<rule-set>
<name>CCAAS-SAAQ-STATIC-NAT</name>
<from>
<zone>CCAAS-SAAQ-untrust</zone>
</from>
<rule>
<name>CCAAS-SAAQ-VSGMSNACOR103</name>
<static-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.248.171</dst-addr-name>
</destination-address-name>
</static-nat-rule-match>
<then>
<static-nat>
<prefix>
<addr-prefix>2605:a800:3:14::171/128</addr-prefix>
<routing-instance>MCMTRL</routing-instance>
</prefix>
</static-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-PSGMSNACOR103</name>
<static-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.249.037</dst-addr-name>
</destination-address-name>
</static-nat-rule-match>
<then>
<static-nat>
<prefix>
<addr-prefix>2605:a800:3:14::37/128</addr-prefix>
<routing-instance>MCMTRL</routing-instance>
</prefix>
</static-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-VSGMSSOCAUTO001</name>
<static-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.248.185</dst-addr-name>
</destination-address-name>
</static-nat-rule-match>
<then>
<static-nat>
<prefix>
<addr-prefix>2605:a800:3:14::8e7d:f8b9/128</addr-prefix>
<routing-instance>MCMTRL</routing-instance>
</prefix>
</static-nat>
</then>
</rule>
<rule>
<name>CCAAS-SAAQ-PSGMSSOCAUTOMATE02</name>
<static-nat-rule-match>
<destination-address-name>
<dst-addr-name>s142.125.248.183</dst-addr-name>
</destination-address-name>
</static-nat-rule-match>
<then>
<static-nat>
<prefix>
<addr-prefix>2605:a800:3:14::8e7d:f8b7/128</addr-prefix>
<routing-instance>MCMTRL</routing-instance>
</prefix>
</static-nat>
</then>
</rule>
<rule>
<name>FORTISIEM-CCAAS-SAAQ-1</name>
<static-nat-rule-match>
<destination-address-name>
<dst-addr-name>100.64.248.9/32</dst-addr-name>
</destination-address-name>
</static-nat-rule-match>
<then>
<static-nat>
<prefix>
<addr-prefix>10.195.10.42/32</addr-prefix>
<routing-instance>MCMTRL</routing-instance>
</prefix>
</static-nat>
</then>
</rule>
<rule>
<name>FORTISIEM-CCAAS-SAAQ-2</name>
<static-nat-rule-match>
<destination-address-name>
<dst-addr-name>100.64.248.10/32</dst-addr-name>
</destination-address-name>
</static-nat-rule-match>
<then>
<static-nat>
<prefix>
<addr-prefix>10.195.21.42/32</addr-prefix>
<routing-instance>MCMTRL</routing-instance>
</prefix>
</static-nat>
</then>
</rule>
</rule-set>
</static>
</nat>
<policies>
<policy>
<from-zone-name>MCMTRL-trust</from-zone-name>
<to-zone-name>CCAAS-SAAQ-untrust</to-zone-name>
<policy>
<name>ca-spectrum</name>
<match>
<source-address>srv-ca-spectrum-ccaas-saaq</source-address>
<destination-address>r-ccaas-saaq</destination-address>
<application>app-ca-spectrum-out</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>netdisco</name>
<match>
<source-address>srv-netdisco-ccaas-saaq</source-address>
<destination-address>r-ccaas-saaq</destination-address>
<application>app-netdisco-out</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>paco</name>
<match>
<source-address>srv-paco-smi</source-address>
<destination-address>r-ccaas-saaq</destination-address>
<application>app-paco-ccaas-saaq</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>ansible</name>
<match>
<source-address>srv-ansible-smi</source-address>
<destination-address>r-ccaas-saaq</destination-address>
<application>app-ansible-out</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>algo</name>
<match>
<source-address>srv-algo-smi</source-address>
<destination-address>r-ccaas-saaq</destination-address>
<application>app-algo-out</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>bsure</name>
<match>
<source-address>r-smi-iaas</source-address>
<destination-address>r-ccaas-saaq</destination-address>
<application>tcp-09100</application>
<application>tcp-09747</application>
<application>junos-https</application>
<application>junos-icmp-all</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>tools-soc-v6</name>
<match>
<source-address>vsgmsnacor103-v6</source-address>
<source-address>psgmsnacor103-v6</source-address>
<source-address>vsgmssocauto001-v6</source-address>
<source-address>psgmsjumpsoc30-v6</source-address>
<source-address>psgmssocautomate02-v6</source-address>
<destination-address>r-ccaas-saaq</destination-address>
<application>tools-soc-v6</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
</policy>
<policy>
<from-zone-name>CCAAS-SAAQ-untrust</from-zone-name>
<to-zone-name>MCMTRL-trust</to-zone-name>
<policy>
<name>ca-spectrum</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>srv-ca-spectrum-ccaas-saaq</destination-address>
<application>app-ca-spectrum-in</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>nimsoft-proxy</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>s142.125.249.012</destination-address>
<destination-address>s142.125.249.014</destination-address>
<application>app-nimsoft-out</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>tacacs</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>srv-acs-smi</destination-address>
<destination-address>srv-acsv6-smi</destination-address>
<application>junos-tacacs</application>
<application>all-radius</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>satellite</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>srv-satellite-smi</destination-address>
<application>epo-8000</application>
<application>tcp-08140</application>
<application>tcp-05647</application>
<application>tcp-05000</application>
<application>tcp-09090</application>
<application>junos-http</application>
<application>junos-https</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>ise</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>srv-ise-smi</destination-address>
<destination-address>srv-isev6-smi</destination-address>
<application>app-tacacs-in</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>bpa-agent</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>s142.125.250.014</destination-address>
<application>app-bpa-agent</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>bsure</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>r-smi-iaas</destination-address>
<application>junos-https</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>smtp</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>srv-smtp-smi</destination-address>
<application>app-smtp-in</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>epo-lemss</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>srv-epo-lemss-smi</destination-address>
<application>app-epo-lemss-in</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
<policy>
<name>tools-soc-automation</name>
<match>
<source-address>r-ccaas-saaq</source-address>
<destination-address>vsgmsnacor103-v6</destination-address>
<destination-address>psgmsnacor103-v6</destination-address>
<destination-address>vsgmssocauto001-v6</destination-address>
<destination-address>psgmssocautomate02-v6</destination-address>
<application>ftp-group</application>
<application>junos-tftp</application>
</match>
<then>
<permit>
</permit>
</then>
</policy>
</policy>
</policies>
<zones>
<security-zone>
<name>CCAAS-SAAQ-untrust</name>
<interfaces>
<name>reth3.2790</name>
</interfaces>
<interfaces>
<name>reth7.2790</name>
</interfaces>
</security-zone>
</zones>
</security>
<interfaces>
<interface>
<name>reth3</name>
<unit>
<name>2790</name>
<description>Logical Interface to NBDRVLR0800 (VRF CCAAS-SAAQ)</description>
<vlan-id>2790</vlan-id>
<family>
<inet>
<address>
<name>169.254.230.11/31</name>
</address>
</inet>
</family>
</unit>
</interface>
<interface>
<name>reth7</name>
<unit>
<name>2790</name>
<description>Logical Interface to NBMTRLR0800 (VRF CCAAS-SAAQ)</description>
<vlan-id>2790</vlan-id>
<family>
<inet>
<address>
<name>169.254.230.13/31</name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
<routing-instances>
<instance>
<name>CCAAS-SAAQ</name>
<apply-groups>default-vr-template</apply-groups>
<instance-type>virtual-router</instance-type>
<interface>
<name>reth3.2790</name>
</interface>
<interface>
<name>reth7.2790</name>
</interface>
<routing-options>
<rib>
<name>CCAAS-SAAQ.inet6.0</name>
<static>
<route>
<name>::/0</name>
<next-table>MCMTRL.inet6.0</next-table>
</route>
</static>
</rib>
</routing-options>
<protocols>
<bgp>
<group>
<name>node0</name>
<neighbor>
<name>169.254.230.10</name>
<peer-as>65099</peer-as>
</neighbor>
</group>
<group>
<name>node1</name>
<neighbor>
<name>169.254.230.12</name>
<peer-as>65099</peer-as>
</neighbor>
</group>
</bgp>
</protocols>
</instance>
</routing-instances>
</groups>
</configuration>
</config>
------------------------------
YVES EKOUDI
------------------------------