diff --git a/ntc_templates/templates/cisco_ios_show_crypto_ipsec_sa_detail.textfsm b/ntc_templates/templates/cisco_ios_show_crypto_ipsec_sa_detail.textfsm index d8d5e53fa3..cd588f1e8b 100644 --- a/ntc_templates/templates/cisco_ios_show_crypto_ipsec_sa_detail.textfsm +++ b/ntc_templates/templates/cisco_ios_show_crypto_ipsec_sa_detail.textfsm @@ -61,7 +61,7 @@ Value SA_TRANSFORM ([\S\s]+) Value SA_IN_USE_SETTINGS ([\S\s]+?) Value SA_CONN_ID (\d+) Value SA_FLOW_ID ([\S\s]+) -Value SA_SIBLING_FLAGS (\d+) +Value SA_SIBLING_FLAGS ([\d\w]+) Value SA_CRYPTO_MAP (\S+) Value SA_LIFETIME_KBYTES (\d+) Value SA_LIFETIME_SEC (\d+) diff --git a/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.raw b/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.raw new file mode 100644 index 0000000000..90e95aa623 --- /dev/null +++ b/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.raw @@ -0,0 +1,111 @@ +interface: Tunnel1 + Crypto map tag: Tunnel1-head-0, local addr 1.2.3.4 + + protected vrf: (none) + local ident (addr/mask/prot/port): (1.2.3.4/255.255.255.255/47/0) + remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/47/0) + current_peer 2.2.2.2 port 4500 + PERMIT, flags={origin_is_acl,} + #pkts encaps: 4981028, #pkts encrypt: 4981028, #pkts digest: 4981028 + #pkts decaps: 4112421, #pkts decrypt: 4112421, #pkts verify: 4112421 + #pkts compressed: 0, #pkts decompressed: 0 + #pkts not compressed: 0, #pkts compr. failed: 0 + #pkts not decompressed: 0, #pkts decompress failed: 0 + #pkts no sa (send) 0, #pkts invalid sa (rcv) 0 + #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0 + #pkts invalid prot (recv) 0, #pkts verify failed: 0 + #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0 + #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0 + ##pkts replay failed (rcv): 0 + #pkts tagged (send): 0, #pkts untagged (rcv): 0 + #pkts not tagged (send): 0, #pkts not untagged (rcv): 0 + #pkts internal err (send): 0, #pkts internal err (recv) 0 + + local crypto endpt.: 1.2.3.4, remote crypto endpt.: 2.2.2.2 + plaintext mtu 1442, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet8 + current outbound spi: 0x1234ABCD(305441741) + PFS (Y/N): N, DH group: none + + inbound esp sas: + spi: 0xABCD1234(2882343476) + transform: esp-256-aes esp-sha-hmac , + in use settings ={Transport UDP-Encaps, } + conn id: 124, flow_id: Onboard VPN:124, sibling_flags AAAAAAAA80000000, crypto map: Tunnel1-head-0 + sa timing: remaining key lifetime (k/sec): (4332650/3205) + IV size: 16 bytes + replay detection support: Y replay window size: 1024 + Status: ACTIVE(ACTIVE) + + inbound ah sas: + + inbound pcp sas: + + outbound esp sas: + spi: 0x1234ABCD(305441741) + transform: esp-256-aes esp-sha-hmac , + in use settings ={Transport UDP-Encaps, } + conn id: 123, flow_id: Onboard VPN:123, sibling_flags AAAAAAAA80000000, crypto map: Tunnel1-head-0 + sa timing: remaining key lifetime (k/sec): (4332649/3205) + IV size: 16 bytes + replay detection support: Y replay window size: 1024 + Status: ACTIVE(ACTIVE) + + outbound ah sas: + + outbound pcp sas: + +interface: Tunnel2 + Crypto map tag: Tunnel2-head-0, local addr 1.2.3.4 + + protected vrf: (none) + local ident (addr/mask/prot/port): (1.2.3.4/255.255.255.255/47/0) + remote ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/47/0) + current_peer 3.3.3.3 port 4500 + PERMIT, flags={origin_is_acl,} + #pkts encaps: 13133657, #pkts encrypt: 13133657, #pkts digest: 13133657 + #pkts decaps: 12013064, #pkts decrypt: 12013064, #pkts verify: 12013064 + #pkts compressed: 0, #pkts decompressed: 0 + #pkts not compressed: 0, #pkts compr. failed: 0 + #pkts not decompressed: 0, #pkts decompress failed: 0 + #pkts no sa (send) 0, #pkts invalid sa (rcv) 0 + #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0 + #pkts invalid prot (recv) 0, #pkts verify failed: 0 + #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0 + #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0 + ##pkts replay failed (rcv): 1 + #pkts tagged (send): 0, #pkts untagged (rcv): 0 + #pkts not tagged (send): 0, #pkts not untagged (rcv): 0 + #pkts internal err (send): 0, #pkts internal err (recv) 0 + + local crypto endpt.: 1.2.3.4, remote crypto endpt.: 3.3.3.3 + plaintext mtu 1442, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet8 + current outbound spi: 0x4321DCBA(0987612345) + PFS (Y/N): N, DH group: none + + inbound esp sas: + spi: 0x1234DCBA(4321567890) + transform: esp-256-aes esp-sha-hmac , + in use settings ={Transport UDP-Encaps, } + conn id: 457, flow_id: Onboard VPN:457, sibling_flags AAAAAAAA80000000, crypto map: Tunnel2-head-0 + sa timing: remaining key lifetime (k/sec): (4272028/2813) + IV size: 16 bytes + replay detection support: Y replay window size: 1024 + Status: ACTIVE(ACTIVE) + + inbound ah sas: + + inbound pcp sas: + + outbound esp sas: + spi: 0x4321DCBA(0987612345) + transform: esp-256-aes esp-sha-hmac , + in use settings ={Transport UDP-Encaps, } + conn id: 456, flow_id: Onboard VPN:456, sibling_flags AAAAAAAA80000000, crypto map: Tunnel2-head-0 + sa timing: remaining key lifetime (k/sec): (4272026/2813) + IV size: 16 bytes + replay detection support: Y replay window size: 1024 + Status: ACTIVE(ACTIVE) + + outbound ah sas: + + outbound pcp sas: diff --git a/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.yml b/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.yml new file mode 100644 index 0000000000..8f10ccc00d --- /dev/null +++ b/tests/cisco_ios/show_crypto_ipsec_sa_detail/cisco_ios_show_crypto_ipsec_sa_detail_3.yml @@ -0,0 +1,286 @@ +--- +parsed_sample: + - interface: "Tunnel1" + crypto_map_tag: "Tunnel1-head-0" + local_addr: "1.2.3.4" + protected_vrf: "(none)" + local_ident_addr: "1.2.3.4" + local_ident_mask: "255.255.255.255" + local_ident_prot: "47" + local_ident_port: "0" + remote_ident_addr: "2.2.2.2" + remote_ident_mask: "255.255.255.255" + remote_ident_prot: "47" + remote_ident_port: "0" + current_peer: "2.2.2.2" + port: "4500" + action: "PERMIT" + flags: "origin_is_acl," + pkts_encaps: "4981028" + pkts_encrypt: "4981028" + pkts_digest: "4981028" + pkts_decaps: "4112421" + pkts_decrypt: "4112421" + pkts_verify: "4112421" + pkts_compressed: "0" + pkts_decompressed: "0" + pkts_not_compressed: "0" + pkts_compress_failed: "0" + pkts_not_decompressed: "0" + pkts_decompress_failed: "0" + pkts_no_sa: "0" + pkts_invalid_sa: "0" + pkts_encaps_failed: "0" + pkts_decaps_failed: "0" + pkts_invalid_prot: "0" + pkts_verify_failed: "0" + pkts_invalid_identity: "0" + pkts_invalid_len: "0" + pkts_replay_rollover_send: "0" + pkts_replay_rollover_recv: "0" + pkts_replay_failed: "0" + pkts_tagged: "0" + pkts_untagged: "0" + pkts_not_tagged: "0" + pkts_not_untagged: "0" + pkts_internal_err_send: "0" + pkts_internal_err_recv: "0" + local_crypto_endpt: "1.2.3.4" + remote_crypto_endpt: "2.2.2.2" + plaintext_mtu: "1442" + path_mtu: "1500" + ip_mtu: "1500" + ip_mtu_idb: "GigabitEthernet8" + current_outbound_spi_hex: "0x1234ABCD" + current_outbound_spi_dec: "305441741" + pfs: "N" + dh_group: "none" + sa_orientation: "inbound" + sa_type: "esp" + sa_spi_hex: "0xABCD1234" + sa_spi_dec: "2882343476" + sa_transform: "esp-256-aes esp-sha-hmac" + sa_in_use_settings: "Transport UDP-Encaps" + sa_conn_id: "124" + sa_flow_id: "Onboard VPN:124" + sa_sibling_flags: "AAAAAAAA80000000" + sa_crypto_map: "Tunnel1-head-0" + sa_lifetime_kbytes: "4332650" + sa_lifetime_sec: "3205" + sa_iv_size: "16" + sa_replay_detection_support: "Y" + sa_replay_window_size: "1024" + sa_status: "ACTIVE(ACTIVE)" + - interface: "Tunnel1" + crypto_map_tag: "Tunnel1-head-0" + local_addr: "1.2.3.4" + protected_vrf: "(none)" + local_ident_addr: "1.2.3.4" + local_ident_mask: "255.255.255.255" + local_ident_prot: "47" + local_ident_port: "0" + remote_ident_addr: "2.2.2.2" + remote_ident_mask: "255.255.255.255" + remote_ident_prot: "47" + remote_ident_port: "0" + current_peer: "2.2.2.2" + port: "4500" + action: "PERMIT" + flags: "origin_is_acl," + pkts_encaps: "4981028" + pkts_encrypt: "4981028" + pkts_digest: "4981028" + pkts_decaps: "4112421" + pkts_decrypt: "4112421" + pkts_verify: "4112421" + pkts_compressed: "0" + pkts_decompressed: "0" + pkts_not_compressed: "0" + pkts_compress_failed: "0" + pkts_not_decompressed: "0" + pkts_decompress_failed: "0" + pkts_no_sa: "0" + pkts_invalid_sa: "0" + pkts_encaps_failed: "0" + pkts_decaps_failed: "0" + pkts_invalid_prot: "0" + pkts_verify_failed: "0" + pkts_invalid_identity: "0" + pkts_invalid_len: "0" + pkts_replay_rollover_send: "0" + pkts_replay_rollover_recv: "0" + pkts_replay_failed: "0" + pkts_tagged: "0" + pkts_untagged: "0" + pkts_not_tagged: "0" + pkts_not_untagged: "0" + pkts_internal_err_send: "0" + pkts_internal_err_recv: "0" + local_crypto_endpt: "1.2.3.4" + remote_crypto_endpt: "2.2.2.2" + plaintext_mtu: "1442" + path_mtu: "1500" + ip_mtu: "1500" + ip_mtu_idb: "GigabitEthernet8" + current_outbound_spi_hex: "0x1234ABCD" + current_outbound_spi_dec: "305441741" + pfs: "N" + dh_group: "none" + sa_orientation: "outbound" + sa_type: "esp" + sa_spi_hex: "0x1234ABCD" + sa_spi_dec: "305441741" + sa_transform: "esp-256-aes esp-sha-hmac" + sa_in_use_settings: "Transport UDP-Encaps" + sa_conn_id: "123" + sa_flow_id: "Onboard VPN:123" + sa_sibling_flags: "AAAAAAAA80000000" + sa_crypto_map: "Tunnel1-head-0" + sa_lifetime_kbytes: "4332649" + sa_lifetime_sec: "3205" + sa_iv_size: "16" + sa_replay_detection_support: "Y" + sa_replay_window_size: "1024" + sa_status: "ACTIVE(ACTIVE)" + - interface: "Tunnel2" + crypto_map_tag: "Tunnel2-head-0" + local_addr: "1.2.3.4" + protected_vrf: "(none)" + local_ident_addr: "1.2.3.4" + local_ident_mask: "255.255.255.255" + local_ident_prot: "47" + local_ident_port: "0" + remote_ident_addr: "3.3.3.3" + remote_ident_mask: "255.255.255.255" + remote_ident_prot: "47" + remote_ident_port: "0" + current_peer: "3.3.3.3" + port: "4500" + action: "PERMIT" + flags: "origin_is_acl," + pkts_encaps: "13133657" + pkts_encrypt: "13133657" + pkts_digest: "13133657" + pkts_decaps: "12013064" + pkts_decrypt: "12013064" + pkts_verify: "12013064" + pkts_compressed: "0" + pkts_decompressed: "0" + pkts_not_compressed: "0" + pkts_compress_failed: "0" + pkts_not_decompressed: "0" + pkts_decompress_failed: "0" + pkts_no_sa: "0" + pkts_invalid_sa: "0" + pkts_encaps_failed: "0" + pkts_decaps_failed: "0" + pkts_invalid_prot: "0" + pkts_verify_failed: "0" + pkts_invalid_identity: "0" + pkts_invalid_len: "0" + pkts_replay_rollover_send: "0" + pkts_replay_rollover_recv: "0" + pkts_replay_failed: "1" + pkts_tagged: "0" + pkts_untagged: "0" + pkts_not_tagged: "0" + pkts_not_untagged: "0" + pkts_internal_err_send: "0" + pkts_internal_err_recv: "0" + local_crypto_endpt: "1.2.3.4" + remote_crypto_endpt: "3.3.3.3" + plaintext_mtu: "1442" + path_mtu: "1500" + ip_mtu: "1500" + ip_mtu_idb: "GigabitEthernet8" + current_outbound_spi_hex: "0x4321DCBA" + current_outbound_spi_dec: "0987612345" + pfs: "N" + dh_group: "none" + sa_orientation: "inbound" + sa_type: "esp" + sa_spi_hex: "0x1234DCBA" + sa_spi_dec: "4321567890" + sa_transform: "esp-256-aes esp-sha-hmac" + sa_in_use_settings: "Transport UDP-Encaps" + sa_conn_id: "457" + sa_flow_id: "Onboard VPN:457" + sa_sibling_flags: "AAAAAAAA80000000" + sa_crypto_map: "Tunnel2-head-0" + sa_lifetime_kbytes: "4272028" + sa_lifetime_sec: "2813" + sa_iv_size: "16" + sa_replay_detection_support: "Y" + sa_replay_window_size: "1024" + sa_status: "ACTIVE(ACTIVE)" + - interface: "Tunnel2" + crypto_map_tag: "Tunnel2-head-0" + local_addr: "1.2.3.4" + protected_vrf: "(none)" + local_ident_addr: "1.2.3.4" + local_ident_mask: "255.255.255.255" + local_ident_prot: "47" + local_ident_port: "0" + remote_ident_addr: "3.3.3.3" + remote_ident_mask: "255.255.255.255" + remote_ident_prot: "47" + remote_ident_port: "0" + current_peer: "3.3.3.3" + port: "4500" + action: "PERMIT" + flags: "origin_is_acl," + pkts_encaps: "13133657" + pkts_encrypt: "13133657" + pkts_digest: "13133657" + pkts_decaps: "12013064" + pkts_decrypt: "12013064" + pkts_verify: "12013064" + pkts_compressed: "0" + pkts_decompressed: "0" + pkts_not_compressed: "0" + pkts_compress_failed: "0" + pkts_not_decompressed: "0" + pkts_decompress_failed: "0" + pkts_no_sa: "0" + pkts_invalid_sa: "0" + pkts_encaps_failed: "0" + pkts_decaps_failed: "0" + pkts_invalid_prot: "0" + pkts_verify_failed: "0" + pkts_invalid_identity: "0" + pkts_invalid_len: "0" + pkts_replay_rollover_send: "0" + pkts_replay_rollover_recv: "0" + pkts_replay_failed: "1" + pkts_tagged: "0" + pkts_untagged: "0" + pkts_not_tagged: "0" + pkts_not_untagged: "0" + pkts_internal_err_send: "0" + pkts_internal_err_recv: "0" + local_crypto_endpt: "1.2.3.4" + remote_crypto_endpt: "3.3.3.3" + plaintext_mtu: "1442" + path_mtu: "1500" + ip_mtu: "1500" + ip_mtu_idb: "GigabitEthernet8" + current_outbound_spi_hex: "0x4321DCBA" + current_outbound_spi_dec: "0987612345" + pfs: "N" + dh_group: "none" + sa_orientation: "outbound" + sa_type: "esp" + sa_spi_hex: "0x4321DCBA" + sa_spi_dec: "0987612345" + sa_transform: "esp-256-aes esp-sha-hmac" + sa_in_use_settings: "Transport UDP-Encaps" + sa_conn_id: "456" + sa_flow_id: "Onboard VPN:456" + sa_sibling_flags: "AAAAAAAA80000000" + sa_crypto_map: "Tunnel2-head-0" + sa_lifetime_kbytes: "4272026" + sa_lifetime_sec: "2813" + sa_iv_size: "16" + sa_replay_detection_support: "Y" + sa_replay_window_size: "1024" + sa_status: "ACTIVE(ACTIVE)"