diff --git a/templates/cisco_asa_show_crypto_ipsec_sa.textfsm b/templates/cisco_asa_show_crypto_ipsec_sa.textfsm index eb22f9e77f..bd7fa80529 100644 --- a/templates/cisco_asa_show_crypto_ipsec_sa.textfsm +++ b/templates/cisco_asa_show_crypto_ipsec_sa.textfsm @@ -2,8 +2,9 @@ Value Filldown INTERFACE (\S+) Value Filldown CRYPTO_MAP_TAG (\S+) Value Filldown SEQUENCE_NUMBER (\d+) Value Filldown LOCAL_ADDRESS (\d+\.\d+\.\d+\.\d+) +Value Filldown LOCAL_ADDRESS_NAME (\S+) Value LOCAL_IDENTITY_ADDR (\d+\.\d+\.\d+\.\d+) -Value LOACL_IDENTITY_MASK (\d+\.\d+\.\d+\.\d+) +Value LOCAL_IDENTITY_MASK (\d+\.\d+\.\d+\.\d+) Value LOCAL_IDENTITY_PROTOCOL (\d+) Value LOCAL_IDENTITY_PORT (\d+) Value REMOTE_IDENTITY_ADDR (\d+\.\d+\.\d+\.\d+) @@ -12,6 +13,8 @@ Value REMOTE_IDENTITY_PROTOCOL (\d+) Value REMOTE_IDENTITY_PORT (\d+) Value CURRENT_PEER (\d+\.\d+\.\d+\.\d+) Value DYNAMIC_PEER (\d+\.\d+\.\d+\.\d+) +Value CURRENT_PEER_NAME (\S+) +Value DYNAMIC_PEER_NAME (\S+) Value PACKETS_ENCAPSULATED (\d+) Value PACKETS_ENCRYPTED (\d+) Value PACKETS_DIGESTED (\d+) @@ -33,6 +36,8 @@ Value SEND_ERRORS (\d+) Value RECEIVE_ERRORS (\d+) Value LOCAL_CRYPTO_ENDPOINT (\d+\.\d+\.\d+\.\d+) Value REMOTE_CRYPTO_ENDPOINT (\d+\.\d+\.\d+\.\d+) +Value LOCAL_CRYPTO_ENDPOINT_NAME (\S+) +Value REMOTE_CRYPTO_ENDPOINT_NAME (\S+) Value PATH_MTU (\d+) Value IPSEC_OVERHEAD (\d+) Value MEDIA_MTU (\d+) @@ -65,12 +70,12 @@ Value OUTBOUND_REPLAY_DETECTION (\w+) Start ^interface:\s+${INTERFACE}\s* - ^\s+Crypto map tag:\s+${CRYPTO_MAP_TAG},\s+local addr:\s+${LOCAL_ADDRESS}\s* - ^\s+Crypto map tag:\s+${CRYPTO_MAP_TAG}, seq num:\s+${SEQUENCE_NUMBER},\s+local addr:\s+${LOCAL_ADDRESS}\s* - ^\s+local\s+ident\s+\(addr\/mask\/prot\/port\):\s+\(${LOCAL_IDENTITY_ADDR}\/${LOACL_IDENTITY_MASK}\/${LOCAL_IDENTITY_PROTOCOL}\/${LOCAL_IDENTITY_PORT}\)\s* + ^\s+Crypto map tag:\s+${CRYPTO_MAP_TAG},\s+local addr:\s+(?:${LOCAL_ADDRESS}|${LOCAL_ADDRESS_NAME})\s* + ^\s+Crypto map tag:\s+${CRYPTO_MAP_TAG}, seq num:\s+${SEQUENCE_NUMBER},\s+local addr:\s+(?:${LOCAL_ADDRESS}|${LOCAL_ADDRESS_NAME})\s* + ^\s+local\s+ident\s+\(addr\/mask\/prot\/port\):\s+\(${LOCAL_IDENTITY_ADDR}\/${LOCAL_IDENTITY_MASK}\/${LOCAL_IDENTITY_PROTOCOL}\/${LOCAL_IDENTITY_PORT}\)\s* ^\s+remote\s+ident\s+\(addr/mask/prot/port\):\s+\(${REMOTE_IDENTITY_ADDR}\/${REMOTE_IDENTITY_MASK}\/${REMOTE_IDENTITY_PROTOCOL}\/${REMOTE_IDENTITY_PORT}\)\s* - ^\s+current_peer:\s+${CURRENT_PEER}\s* - ^\s+dynamic\s+allocated\s+peer\s+ip:\s+${DYNAMIC_PEER}\s* + ^\s+current_peer:\s+(?:${CURRENT_PEER}|${CURRENT_PEER_NAME})\s* + ^\s+dynamic\s+allocated\s+peer\s+ip:\s+(?:${DYNAMIC_PEER}|${DYNAMIC_PEER_NAME})\s* ^\s+#pkts\s+encaps:\s+${PACKETS_ENCAPSULATED},\s+#pkts\s+encrypt:\s+${PACKETS_ENCRYPTED},\s+#pkts\s+digest:\s+${PACKETS_DIGESTED}\s* ^\s+#pkts\s+decaps:\s+${PACKETS_DECAPSULATED},\s+#pkts\s+decrypt:\s+${PACKETS_DECRYPTED},\s+#pkts\s+verify:\s+${PACKETS_VERIFIED}\s* ^\s+#pkts\s+compressed:\s+${PACKETS_COMPRESSED},\s+#pkts\s+decompressed:\s+${PACKETS_DECOMPRESSED}\s* @@ -78,7 +83,8 @@ Start ^\s+#pre-frag\s+successes:\s+${PRE_FRAGMENT_SUCCESS},\s+#pre-frag\s+failures:\s+${PRE_FRAGMENT_FAILURES},\s+#fragments\s+created:\s+${FRAGMENTS_CREATED}\s* ^\s+#PMTUs\s+sent:\s+${PMTUS_SENT},\s+#PMTUs\s+rcvd:\s+${PMTUS_RECEIVED},\s+#decapsulated\s+fra?gs\s+needing\s+reassembly:\s+${DECAP_FRAGS_NEEDING_REASSEMBLY}\s* ^\s+#send\s+errors:\s+${SEND_ERRORS},\s+#recv\s+errors:\s+${RECEIVE_ERRORS}\s* - ^\s+local\s+crypto\s+endpt\.:\s+${LOCAL_CRYPTO_ENDPOINT}(\/\d+)?,\s+remote\s+crypto\s+endpt\.:\s+${REMOTE_CRYPTO_ENDPOINT}(\/\d+)?\s* + ^\s+local\s+crypto\s+endpt\.:\s+${LOCAL_CRYPTO_ENDPOINT},\s+remote\s+crypto\s+endpt\.:\s+${REMOTE_CRYPTO_ENDPOINT}\s* + ^\s+local\s+crypto\s+endpt\.:\s+(?:${LOCAL_CRYPTO_ENDPOINT}|${LOCAL_CRYPTO_ENDPOINT_NAME})(\/\d+),\s+remote\s+crypto\s+endpt\.:\s+(?:${REMOTE_CRYPTO_ENDPOINT}|${REMOTE_CRYPTO_ENDPOINT_NAME})(\/\d+)\s* ^\s+path\s+mtu\s+${PATH_MTU},\s+ipsec\s+overhead\s+${IPSEC_OVERHEAD}(\(\d+\))?,\s+media\s+mtu\s+${MEDIA_MTU}\s* ^\s+current\s+outbound\s+spi:\s+${CURRENT_OUTBOUND_SPI}\s* ^\s+current\s+inbound\s+spi\s+:\s+${CURRENT_INBOUND_SPI}\s* diff --git a/templates/index b/templates/index index b73f7338d7..fbb71fa952 100644 --- a/templates/index +++ b/templates/index @@ -118,7 +118,7 @@ cisco_asa_show_crypto_ikev1_sa_detail.textfsm, .*, cisco_asa, sh[[ow]] cry[[pto] cisco_asa_show_object-group_network.textfsm, .*, cisco_asa, sh[[ow]] (?:ru[[nning-config]] object-[[group]]|ob[[ject-group]]) n[[etwork]] cisco_asa_show_running-config_ipsec.textfsm, .*, cisco_asa, sh[[ow]] ru[[nning-config]] ips[[ec]] cisco_asa_show_interface_detail.textfsm, .*, cisco_asa, sh[[ow]] int[[erface]] d[[etail]] -cisco_asa_show_crypto_ipsec_sa.textfsm, .*, cisco_asa, sh[[ow]] cry[[pto]] ip[[sec]] sa +cisco_asa_show_crypto_ipsec_sa.textfsm, .*, cisco_asa, sh[[ow]] (?:cry[[pto]] ip[[sec]]|ipsec) sa cisco_asa_show_resource_usage.textfsm, .*, cisco_asa, sh[[ow]] res[[ource]] u[[sage]] cisco_asa_show_access-list.textfsm, .*, cisco_asa, sh[[ow]] ac[[cess-list]] cisco_asa_show_license_all.textfsm, .*, cisco_asa, (?:fa[[ilover]]\s+e[[xec]]\s+)?sh[[ow]] lic[[ense]] a[[ll]] diff --git a/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.raw b/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.raw index 5c7e27359b..67df11b730 100644 --- a/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.raw +++ b/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.raw @@ -80,12 +80,12 @@ interface: COLO Anti replay bitmap: 0x00000000 0x00000001 - Crypto map tag: COLO-MAP, seq num: 3, local addr: 172.20.248.119 + Crypto map tag: COLO-MAP, seq num: 3, local addr: LOCAL-ADDR-172.20.248.119 access-list 200 extended permit ip 172.20.122.32 255.255.255.240 10.160.4.0 255.255.255.0 local ident (addr/mask/prot/port): (172.20.122.32/255.255.255.240/0/0) remote ident (addr/mask/prot/port): (10.160.4.0/255.255.255.0/0/0) - current_peer: 8.8.4.4 + current_peer: REMOTE-PEER-8.8.4.4 #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 @@ -98,7 +98,7 @@ interface: COLO #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #send errors: 0, #recv errors: 0 - local crypto endpt.: 172.20.248.119/0, remote crypto endpt.: 8.8.4.4/0 + local crypto endpt.: LOCAL-ADDR-172.20.248.119/500, remote crypto endpt.: REMOTE-PEER-8.8.4.4/500 path mtu 1500, ipsec overhead 74(44), media mtu 1500 PMTU time remaining (sec): 0, DF policy: copy-df ICMP error validation: disabled, TFC packets: disabled diff --git a/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.yml b/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.yml index 3358ed0084..7a226d7e89 100644 --- a/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.yml +++ b/tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.yml @@ -4,8 +4,9 @@ parsed_sample: crypto_map_tag: "def" sequence_number: "" local_address: "10.132.0.17" + local_address_name: "" local_identity_addr: "0.0.0.0" - loacl_identity_mask: "0.0.0.0" + local_identity_mask: "0.0.0.0" local_identity_protocol: "0" local_identity_port: "0" remote_identity_addr: "172.20.0.21" @@ -13,7 +14,9 @@ parsed_sample: remote_identity_protocol: "0" remote_identity_port: "0" current_peer: "172.20.0.21" + current_peer_name: "" dynamic_peer: "10.135.1.5" + dynamic_peer_name: "" packets_encapsulated: "0" packets_encrypted: "0" packets_digested: "0" @@ -34,7 +37,9 @@ parsed_sample: send_errors: "0" receive_errors: "0" local_crypto_endpoint: "10.132.0.17" + local_crypto_endpoint_name: "" remote_crypto_endpoint: "172.20.0.21" + remote_crypto_endpoint_name: "" path_mtu: "1500" ipsec_overhead: "60" media_mtu: "1500" @@ -68,8 +73,9 @@ parsed_sample: crypto_map_tag: "COLO-MAP" sequence_number: "2" local_address: "172.16.248.119" + local_address_name: "" local_identity_addr: "172.16.122.32" - loacl_identity_mask: "255.255.255.240" + local_identity_mask: "255.255.255.240" local_identity_protocol: "0" local_identity_port: "0" remote_identity_addr: "172.30.1.153" @@ -77,7 +83,9 @@ parsed_sample: remote_identity_protocol: "0" remote_identity_port: "0" current_peer: "8.8.8.8" + current_peer_name: "" dynamic_peer: "" + dynamic_peer_name: "" packets_encapsulated: "13915315" packets_encrypted: "13915315" packets_digested: "13915315" @@ -98,7 +106,9 @@ parsed_sample: send_errors: "0" receive_errors: "0" local_crypto_endpoint: "172.16.248.119" + local_crypto_endpoint_name: "" remote_crypto_endpoint: "8.8.8.8" + remote_crypto_endpoint_name: "" path_mtu: "1500" ipsec_overhead: "82" media_mtu: "1500" @@ -131,17 +141,20 @@ parsed_sample: - interface: "COLO" crypto_map_tag: "COLO-MAP" sequence_number: "3" - local_address: "172.20.248.119" + local_address: "" + local_address_name: "LOCAL-ADDR-172.20.248.119" local_identity_addr: "172.20.122.32" - loacl_identity_mask: "255.255.255.240" + local_identity_mask: "255.255.255.240" local_identity_protocol: "0" local_identity_port: "0" remote_identity_addr: "10.160.4.0" remote_identity_mask: "255.255.255.0" remote_identity_protocol: "0" remote_identity_port: "0" - current_peer: "8.8.4.4" + current_peer: "" + current_peer_name: "REMOTE-PEER-8.8.4.4" dynamic_peer: "" + dynamic_peer_name: "" packets_encapsulated: "0" packets_encrypted: "0" packets_digested: "0" @@ -161,8 +174,10 @@ parsed_sample: decap_frags_needing_reassembly: "0" send_errors: "0" receive_errors: "0" - local_crypto_endpoint: "172.20.248.119" - remote_crypto_endpoint: "8.8.4.4" + local_crypto_endpoint: "" + local_crypto_endpoint_name: "LOCAL-ADDR-172.20.248.119" + remote_crypto_endpoint: "" + remote_crypto_endpoint_name: "REMOTE-PEER-8.8.4.4" path_mtu: "1500" ipsec_overhead: "74" media_mtu: "1500"