From 7578d4acde2106efeef2cccd79463692c6c8e995 Mon Sep 17 00:00:00 2001 From: Hugo Tinoco <43675476+h4ndzdatm0ld@users.noreply.github.com> Date: Wed, 7 Jul 2021 09:16:22 -0700 Subject: [PATCH] New Template: cisco_ios_show_crypto_session_details (#947) --- ...sco_ios_show_crypto_session_detail.textfsm | 46 ++++++++++++ ntc_templates/templates/index | 1 + .../cisco_ios_show_crypto_session_detail.raw | 52 ++++++++++++++ .../cisco_ios_show_crypto_session_detail.yml | 71 +++++++++++++++++++ 4 files changed, 170 insertions(+) create mode 100644 ntc_templates/templates/cisco_ios_show_crypto_session_detail.textfsm create mode 100644 tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.raw create mode 100644 tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.yml diff --git a/ntc_templates/templates/cisco_ios_show_crypto_session_detail.textfsm b/ntc_templates/templates/cisco_ios_show_crypto_session_detail.textfsm new file mode 100644 index 0000000000..cd6883aa7b --- /dev/null +++ b/ntc_templates/templates/cisco_ios_show_crypto_session_detail.textfsm @@ -0,0 +1,46 @@ +Value Required INTERFACE (\S+) +Value Required SESSION_STATUS (\S+) +Value UPTIME (\S+) +Value Required PEER (\S+) +Value PORT (\d+) +Value FVRF (\S+) +Value IVRF (\S+) +Value DESC (\S+) +Value PHASE1_ID (\S+) +Value SESSION_ID (\d+) +Value LOCAL_IP (\S+) +Value LOCAL_PORT (\d+) +Value REMOTE_IP (\S+) +Value REMOTE_PORT (\S+) +Value IKEV1_STATUS (\S+) +Value CAPABILITIES (\S+) +Value CONN_ID (\d+) +Value LIFETIME (\S+) +Value PERMIT (\S+) +Value SRC_HOST (\S+) +Value DST_HOST (\S+) +Value ACTIVE_SA (\d+) +Value ORIGIN (.+) + +Start + ^Crypto\s+.* + ^Code: + ^K\s+- + ^X\s+- + ^R\s+- + ^Interface: -> Continue.Record + ^Interface:\s+${INTERFACE} + ^Session\s+status:\s+${SESSION_STATUS} + ^Uptime:\s+${UPTIME} + ^Peer:\s+${PEER}\s+port\s+${PORT}\s+fvrf:\s+${FVRF}\s+ivrf:\s+${IVRF} + ^\s+Desc:\s+${DESC} + ^\s+Phase1_id:\s+${PHASE1_ID} + ^\s+Session\s+ID:\s+${SESSION_ID} + ^\s+IKEv1\s+SA:\s+local\s+${LOCAL_IP}/${LOCAL_PORT}\s+remote\s+${REMOTE_IP}/${REMOTE_PORT}\s+${IKEV1_STATUS} + ^\s+Capabilities:${CAPABILITIES}\s+connid:${CONN_ID}\s+lifetime:${LIFETIME} + ^\s+IPSEC\s+FLOW:\s+permit\s+${PERMIT}\s+host\s+${SRC_HOST}\s+host\s+${DST_HOST} + ^\s+Active\s+SAs:\s+${ACTIVE_SA},\s+origin:\s+${ORIGIN} + ^\s+Inbound:\s+#.* + ^\s+Outbound:\s+#.* + ^\s*$$ + ^. -> Error diff --git a/ntc_templates/templates/index b/ntc_templates/templates/index index 9437876d32..93121f8db1 100644 --- a/ntc_templates/templates/index +++ b/ntc_templates/templates/index @@ -186,6 +186,7 @@ cisco_ios_show_processes_memory_sorted.textfsm, .*, cisco_ios, sh[[ow]] pro[[ces cisco_ios_show_interfaces_description.textfsm, .*, cisco_ios, sh[[ow]] int[[erfaces]] des[[cription]] cisco_ios_show_ip_device_tracking_all.textfsm, .*, cisco_ios, sh[[ow]] ip de[[vice]] t[[racking]] a[[ll]] cisco_ios_show_bfd_neighbors_details.textfsm, .*, cisco_ios, sh[[ow]] bf[[d]] n[[eighbors]] (?:(?:ipv\d+|client \S+) )?de[[tails]] +cisco_ios_show_crypto_session_detail.textfsm, .*, cisco_ios, sh[[ow]] cr[[ypto]] se[[ssion]] d[[etail]] cisco_ios_show_environment_power_all.textfsm, .*, cisco_ios, sh[[ow]] envi[[ronment]] p[[ower]] a[[ll]] cisco_ios_show_interface_transceiver.textfsm, .*, cisco_ios, sh[[ow]] int[[erface]] trans[[ceiver]] cisco_ios_show_interfaces_switchport.textfsm, .*, cisco_ios, sh[[ow]] int[[erfaces]] sw[[itchport]] diff --git a/tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.raw b/tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.raw new file mode 100644 index 0000000000..c5615095da --- /dev/null +++ b/tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.raw @@ -0,0 +1,52 @@ +Crypto session current status + +Code: C - IKE Configuration mode, D - Dead Peer Detection +K - Keepalives, N - NAT-traversal, T - cTCP encapsulation +X - IKE Extended Authentication, F - IKE Fragmentation +R - IKE Auto Reconnect + +Interface: Tunnel1201 +Session status: DOWN-NEGOTIATING +Peer: 10.161.255.14 port 500 fvrf: (none) ivrf: (none) + Desc: (none) + Phase1_id: (none) + Session ID: 0 + IKEv1 SA: local 10.175.200.116/500 remote 10.161.255.14/500 Inactive + Capabilities:(none) connid:0 lifetime:0 + Session ID: 0 + IKEv1 SA: local 10.175.200.116/500 remote 10.161.255.14/500 Inactive + Capabilities:(none) connid:0 lifetime:0 + IPSEC FLOW: permit 47 host 10.175.200.116 host 10.161.255.14 + Active SAs: 0, origin: crypto map + Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0 + Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0 + +Interface: Tunnel1101 +Uptime: 7w0d +Session status: UP-ACTIVE +Peer: 192.168.0.1 port 4500 fvrf: (none) ivrf: (none) + Phase1_id: SOME_DEVICE1234.1pc.com + Desc: (none) + Session ID: 0 + IKEv1 SA: local 169.0.1.1/4500 remote 192.168.0.1/4500 Active + Capabilities:DN connid:2913 lifetime:09:03:41 + IPSEC FLOW: permit 47 host 169.0.1.1 host 192.168.0.1 + Active SAs: 2, origin: crypto map + Inbound: #pkts dec'ed 15344097 drop 0 life (KB/Sec) 4236992/615 + Outbound: #pkts enc'ed 18074395 drop 0 life (KB/Sec) 4236962/615 + +Interface: Tunnel2201 +Session status: DOWN-NEGOTIATING +Peer: 10.163.255.14 port 500 fvrf: (none) ivrf: (none) + Desc: (none) + Phase1_id: (none) + Session ID: 0 + IKEv1 SA: local 10.175.200.116/500 remote 10.163.255.14/500 Inactive + Capabilities:(none) connid:0 lifetime:0 + Session ID: 0 + IKEv1 SA: local 10.175.200.116/500 remote 10.163.255.14/500 Inactive + Capabilities:(none) connid:0 lifetime:0 + IPSEC FLOW: permit 47 host 10.175.200.116 host 10.163.255.14 + Active SAs: 0, origin: crypto map + Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0 + Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0 diff --git a/tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.yml b/tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.yml new file mode 100644 index 0000000000..016a19445e --- /dev/null +++ b/tests/cisco_ios/show_crypto_session_detail/cisco_ios_show_crypto_session_detail.yml @@ -0,0 +1,71 @@ +--- +parsed_sample: + - interface: "Tunnel1201" + session_status: "DOWN-NEGOTIATING" + uptime: "" + peer: "10.161.255.14" + port: "500" + fvrf: "(none)" + ivrf: "(none)" + desc: "(none)" + phase1_id: "(none)" + session_id: "0" + local_ip: "10.175.200.116" + local_port: "500" + remote_ip: "10.161.255.14" + remote_port: "500" + ikev1_status: "Inactive" + capabilities: "(none)" + conn_id: "0" + lifetime: "0" + permit: "47" + src_host: "10.175.200.116" + dst_host: "10.161.255.14" + active_sa: "0" + origin: "crypto map" + - interface: "Tunnel1101" + session_status: "UP-ACTIVE" + uptime: "7w0d" + peer: "192.168.0.1" + port: "4500" + fvrf: "(none)" + ivrf: "(none)" + desc: "(none)" + phase1_id: "SOME_DEVICE1234.1pc.com" + session_id: "0" + local_ip: "169.0.1.1" + local_port: "4500" + remote_ip: "192.168.0.1" + remote_port: "4500" + ikev1_status: "Active" + capabilities: "DN" + conn_id: "2913" + lifetime: "09:03:41" + permit: "47" + src_host: "169.0.1.1" + dst_host: "192.168.0.1" + active_sa: "2" + origin: "crypto map" + - interface: "Tunnel2201" + session_status: "DOWN-NEGOTIATING" + uptime: "" + peer: "10.163.255.14" + port: "500" + fvrf: "(none)" + ivrf: "(none)" + desc: "(none)" + phase1_id: "(none)" + session_id: "0" + local_ip: "10.175.200.116" + local_port: "500" + remote_ip: "10.163.255.14" + remote_port: "500" + ikev1_status: "Inactive" + capabilities: "(none)" + conn_id: "0" + lifetime: "0" + permit: "47" + src_host: "10.175.200.116" + dst_host: "10.163.255.14" + active_sa: "0" + origin: "crypto map"