SD-WAN Traffic Intent

Endpoint Description
https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn List LAN Service VPN Profiles in Configuration Group
https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn/{vpn_id} Get Details for a Configuration Group and LAN Service VPN Profile
https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn/{vpn_id} Update Service Route for a Configuration Group and LAN Service VPN Profile

For information about generating your SD-WAN Manager API Gateway URL and SD-WAN Manager Cross-Site Request Forgery (CSRF) access token, see SASE Authorization.

List LAN Service VPN Profiles in a Configuration Group

List the LAN service VPN profiles in the Configuration Group.

Use the ID of the VPN profile to get the details for the Configuration Group and LAN service VPN profile.

GET https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn

Prerequisites

  • gateway_url: The URL of the SD-WAN Manager API gateway.
  • apikey: The API key for the SD-WAN Manager organization.
  • xsrf_token: The SD-WAN Manager CSRF access token.
  • serviceId: The identifier of the service in the Configuration Group.

Get the serviceId

  1. List the Configuration Groups in the organization. For more information, see List Configuration Groups.
  2. In the response, navigate to profiles and search for the profile where the type is service.
  3. Copy the value of the id field.
  4. Set the serviceId path parameter in the API request with the value of id.

Request

curl --request GET \
  --url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn \
  --header 'Authorization: Bearer {apikey}' \
  --header 'Content-Type: application/json' \
  --header 'X-xsrf-token: {xsrf_token}'

Response

[
  {
    "id": "ccceb78c-b3a4-434a-8ffb-e5844ab0db56",
    "name": "CG_UK",
    "description": "",
    "source": "retail_workflow",
    "solution": "sdwan",
    "lastUpdatedBy": "user@cisco.com",
    "lastUpdatedOn": 1773429310491,
    "createdBy": null,
    "createdOn": null,
    "profiles": [
      {
        "id": "f925e4e2-a5bb-430e-832b-a1cd55e0428a",
        "name": "CG_UK_CG1_LAN",
        "solution": "sdwan",
        "type": "service",
        "description": null,
        "lastUpdatedBy": "user@cisco.com",
        "lastUpdatedOn": 1773429310491,
        "createdBy": "user@cisco.com",
        "createdOn": 1772641068414,
        "profileParcelCount": 9,
        "origin": null
      },
      {
        "id": "50595e13-cfd5-4293-86de-da5aa9e050f6",
        "name": "CG_UK_CG1_WAN",
        "solution": "sdwan",
        "type": "transport",
        "description": null,
        "lastUpdatedBy": "user@cisco.com",
        "lastUpdatedOn": 1772641096320,
        "createdBy": "user@cisco.com",
        "createdOn": 1772641068129,
        "profileParcelCount": 7,
        "origin": null
      },
      {
        "id": "e8f36b07-10ac-464c-ad3b-4ac35e8f9570",
        "name": "CG_UK_CG1_Basic",
        "solution": "sdwan",
        "type": "system",
        "description": null,
        "lastUpdatedBy": "user@cisco.com",
        "lastUpdatedOn": 1773429312913,
        "createdBy": "user@cisco.com",
        "createdOn": 1772641067232,
        "profileParcelCount": 24,
        "origin": null
      }
    ]
  }
]

Get Details for a Configuration Group and LAN Service VPN Profile

Get the details for the service in the Configuration Group and local area network (LAN) service virtual private network (VPN) profile.

GET https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn/{vpn_id}

Prerequisites

  • gateway_url: The URL of the SD-WAN Manager API gateway.
  • apikey: The API key for the SD-WAN Manager organization.
  • xsrf_token: The SD-WAN Manager CSRF access token.
  • serviceId: The identifier of the service in the Configuration Group.
  • vpn_id: The identifier of the VPN profile.

Get the serviceId

  1. List the Configuration Groups in the organization. For more information, see List Configuration Groups.
  2. In the response, navigate to profiles and search for the profile where the type is service.
  3. Copy the value of the id field.
  4. Set the serviceId path parameter in the API request with the value of id.

Get the vpn_id

  1. Get the LAN Service VPN profiles in the Configuration Group. For more information, see List LAN Service VPN Profiles in a Configuration Group.
  2. In the response, navigate to profiles and search for the profile where the type is service.
  3. Copy the value of the id field.
  4. Set the vpn_id path parameter in the API request with the value of id.

Request

curl --request GET \
  --url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn/{vpn_id} \
  --header 'Authorization: Bearer {apikey}' \
  --header 'Content-Type: application/json' \
  --header 'X-xsrf-token: {xsrf_token}'

Response

The response includes empty routes. 

{
  "parcelId": "129f5627-acde-4799-afe8-5191302b9b6b",
  "parcelType": "lan/vpn",
  "createdBy": "user@cisco.com",
  "origin": "user",
  "lastUpdatedBy": "user@cisco.com",
  "createdOn": 1773926706194,
  "lastUpdatedOn": 1774348630472,
  "payload": {
    "name": "CorporateLAN",
    "description": "",
    "data": {
      "vpnId": {
        "optionType": "global",
        "value": 10
      },
      "name": {
        "optionType": "default"
      },
      "ompAdminDistance": {
        "optionType": "default"
      },
      "ompAdminDistanceIpv6": {
        "optionType": "default"
      },
      "newHostMapping": [],
      "ompAdvertiseIp4": [],
      "ompAdvertiseIpv6": [],
      "ipv4Route": [],
      "ipv6Route": [],
      "service": [],
      "serviceRoute": [],
      "greRoute": [],
      "ipsecRoute": [],
      "natPortForward": [],
      "nat64V4Pool": [],
      "routeLeakFromGlobal": [],
      "routeLeakFromService": [],
      "routeLeakBetweenServices": [],
      "mplsVpnIpv4RouteTarget": {
        "importRtList": [],
        "exportRtList": []
      },
      "mplsVpnIpv6RouteTarget": {
        "importRtList": [],
        "exportRtList": []
      },
      "enableSdra": {
        "optionType": "default",
        "value": false
      }
    }
  }
}

Update Service Route for a Configuration Group and LAN Service VPN Profile

Add the default service route for the Configuration Group and the LAN service VPN profile. The default service route defines connectivity to Secure Access.

PUT https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn/{vpn_id}

Prerequisites

  • gateway_url: The URL of the SD-WAN Manager API gateway.
  • apikey: The API key for the SD-WAN Manager organization.
  • xsrf_token: The SD-WAN Manager CSRF access token.
  • serviceId: The identifier of the service in the Configuration Group.
  • vpn_id: The identifier of the VPN profile.

Get the serviceId

  1. List the Configuration Groups in the organization. For more information, see List Configuration Groups.
  2. In the response, navigate profiles and search for the profile where the type is service.
  3. Copy the value of the id field.
  4. Set the serviceId path parameter in the API request with the value of id.

Get the vpn_id

  1. Get the LAN Service VPN profiles in the Configuration Group. For more information, see List LAN Service VPN Profiles in a Configuration Group.
  2. In the response, navigate to the list of profiles and search for the profile where the type is service.
  3. Copy the value of the id field.
  4. Set the vpn_id path parameter in the API request with the value of id.

Request

curl --request PUT \
  --url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/service/{serviceId}/lan/vpn/{vpn_id} \
  --header 'Authorization: Bearer {apikey}' \
  --header 'Content-Type: application/json' \
  --header 'X-xsrf-token: {xsrf_token}' \
  --data '{
  "data": {
    "enableSdra": {
      "optionType": "default",
      "value": false
    },
    "greRoute": [],
    "ipsecRoute": [],
    "ipv4Route": [],
    "ipv6Route": [],
    "mplsVpnIpv4RouteTarget": {
      "exportRtList": [],
      "importRtList": []
    },
    "mplsVpnIpv6RouteTarget": {
      "exportRtList": [],
      "importRtList": []
    },
    "name": {
      "optionType": "default"
    },
    "nat64V4Pool": [],
    "natPortForward": [],
    "newHostMapping": [],
    "ompAdminDistance": {
      "optionType": "default"
    },
    "ompAdminDistanceIpv6": {
      "optionType": "default"
    },
    "ompAdvertiseIp4": [],
    "ompAdvertiseIpv6": [],
    "routeLeakBetweenServices": [],
    "routeLeakFromGlobal": [],
    "routeLeakFromService": [],
    "service": [],
    "serviceRoute": [
      {
        "prefix": {
          "ipAddress": {
            "optionType": "global",
            "value": "0.0.0.0"
          },
          "subnetMask": {
            "optionType": "global",
            "value": "0.0.0.0"
          }
        },
        "service": {
          "optionType": "global",
          "value": "SSE"
        },
        "sseInstance": {
          "optionType": "global",
          "value": "Cisco-Secure-Access"
        },
        "vpn": {
          "optionType": "global",
          "value": 0
        }
      }
    ],
    "vpnId": {
      "optionType": "global",
      "value": 10
    }
  },
  "description": "",
  "name": "CorporateLAN"
}'

Response

{
  "parcelId": "129f5627-acde-4799-afe8-5191302b9b6b"
}