Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modified cisco_asa_show_crypto_ipsec_sa #304

Merged
merged 2 commits into from
Nov 20, 2018
Merged

Modified cisco_asa_show_crypto_ipsec_sa #304

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
30ea644
Fixing recording of multiple SAs instead of just the last one
Nov 19, 2018
1badfb8
Replaced `\w+` with `\S+` in a few places to allow for non-letters (s…
Nov 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 22 additions & 13 deletions templates/cisco_asa_show_crypto_ipsec_sa.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
Value INTERFACE (\S+)
Value CRYPTO_MAP_TAG (\w+)
Value LOCAL_ADDRESS (\d+\.\d+\.\d+\.\d+)
Value Filldown INTERFACE (\S+)
Value Filldown CRYPTO_MAP_TAG (\S+)
Value Filldown SEQUENCE_NUMBER (\d+)
Value Filldown LOCAL_ADDRESS (\d+\.\d+\.\d+\.\d+)
Value LOCAL_IDENTITY_ADDR (\d+\.\d+\.\d+\.\d+)
Value LOACL_IDENTITY_MASK (\d+\.\d+\.\d+\.\d+)
Value LOCAL_IDENTITY_PROTOCOL (\d+)
Expand All @@ -26,15 +27,16 @@ Value PRE_FRAGMENT_SUCCESS (\d+)
Value PRE_FRAGMENT_FAILURES (\d+)
Value FRAGMENTS_CREATED (\d+)
Value PMTUS_SENT (\d+)
Value PMTUS_RECIEVED (\d+)
Value PMTUS_RECEIVED (\d+)
Value DECAP_FRAGS_NEEDING_REASSEMBLY (\d+)
Value SEND_ERRORS (\d+)
Value RECIEVE_ERRORS (\d+)
Value RECEIVE_ERRORS (\d+)
Value LOCAL_CRYPTO_ENDPOINT (\d+\.\d+\.\d+\.\d+)
Value REMOTE_CRYPTO_ENDPOINT (\d+\.\d+\.\d+\.\d+)
Value PATH_MTU (\d+)
Value IPSEC_OVERHEAD (\d+)
Value MEDIA_MTU (\d+)
Value CURRENT_INBOUND_SPI (\w+)
Value CURRENT_OUTBOUND_SPI (\w+)
Value INBOUND_SPI_HEX (\w+)
Value INBOUND_SPI_INTEGER (\d+)
Expand All @@ -43,8 +45,9 @@ Value INBOUND_AUTHENTICATION (\S+)
Value INBOUND_SETTINGS_IN_USE (.*)
Value INBOUND_SLOT (\d+)
Value INBOUND_CONNECTION_ID (\d+)
Value INBOUND_CRYPTO_MAP (\w+)
Value INBOUND_CRYPTO_MAP (\S+)
Value INBOUND_REMAINING_LIFETIME (\d+)
Value INBOUND_REMAINING_LIFETIME_KILOBYTES (\d+)
Value INBOUND_IV_SIZE (\d+\s+\w+)
Value INBOUND_REPLAY_DETECTION (\w+)
Value OUTBOUND_SPI_HEX (\w+)
Expand All @@ -54,15 +57,16 @@ Value OUTBOUND_AUTHENTICATION (\S+)
Value OUTBOUND_SETTINGS_IN_USE (.*)
Value OUTBOUND_SLOT (\d+)
Value OUTBOUND_CONNECTION_ID (\d+)
Value OUTBOUND_CRYPTO_MAP (\w+)
Value OUTBOUND_CRYPTO_MAP (\S+)
Value OUTBOUND_REMAINING_LIFETIME (\d+)
Value OUTBOUND_REMAINING_LIFETIME_KILOBYTES (\d+)
Value OUTBOUND_IV_SIZE (\d+\s+\w+)
Value OUTBOUND_REPLAY_DETECTION (\w+)

Start
^interface -> Continue.Record
^interface:\s+${INTERFACE}\s*
^\s+Crypto map tag:\s+${CRYPTO_MAP_TAG},\s+local addr:\s+${LOCAL_ADDRESS}\s*
^\s+Crypto map tag:\s+${CRYPTO_MAP_TAG}, seq num:\s+${SEQUENCE_NUMBER},\s+local addr:\s+${LOCAL_ADDRESS}\s*
^\s+local\s+ident\s+\(addr\/mask\/prot\/port\):\s+\(${LOCAL_IDENTITY_ADDR}\/${LOACL_IDENTITY_MASK}\/${LOCAL_IDENTITY_PROTOCOL}\/${LOCAL_IDENTITY_PORT}\)\s*
^\s+remote\s+ident\s+\(addr/mask/prot/port\):\s+\(${REMOTE_IDENTITY_ADDR}\/${REMOTE_IDENTITY_MASK}\/${REMOTE_IDENTITY_PROTOCOL}\/${REMOTE_IDENTITY_PORT}\)\s*
^\s+current_peer:\s+${CURRENT_PEER}\s*
Expand All @@ -72,11 +76,12 @@ Start
^\s+#pkts\s+compressed:\s+${PACKETS_COMPRESSED},\s+#pkts\s+decompressed:\s+${PACKETS_DECOMPRESSED}\s*
^\s+#pkts\s+not\s+compressed:\s+${PACKETS_NOT_COMPRESSED},\s+#pkts\s+comp\s+failed:\s+${PACKETS_COMPRESS_FAILED},\s+#pkts\s+decomp\s+failed:\s+${PACKETS_DECOMPRESS_FAILED}\s*
^\s+#pre-frag\s+successes:\s+${PRE_FRAGMENT_SUCCESS},\s+#pre-frag\s+failures:\s+${PRE_FRAGMENT_FAILURES},\s+#fragments\s+created:\s+${FRAGMENTS_CREATED}\s*
^\s+#PMTUs\s+sent:\s+${PMTUS_SENT},\s+#PMTUs\s+rcvd:\s+${PMTUS_RECIEVED},\s+#decapsulated\s+frags\s+needing\s+reassembly:\s+${DECAP_FRAGS_NEEDING_REASSEMBLY}\s*
^\s+#send\s+errors:\s+${SEND_ERRORS},\s+#recv\s+errors:\s+${RECIEVE_ERRORS}\s*
^\s+local\s+crypto\s+endpt\.:\s+${LOCAL_CRYPTO_ENDPOINT},\s+remote\s+crypto\s+endpt\.:\s+${REMOTE_CRYPTO_ENDPOINT}\s*
^\s+path\s+mtu\s+${PATH_MTU},\s+ipsec\s+overhead\s+${IPSEC_OVERHEAD},\s+media\s+mtu\s+${MEDIA_MTU}\s*
^\s+#PMTUs\s+sent:\s+${PMTUS_SENT},\s+#PMTUs\s+rcvd:\s+${PMTUS_RECEIVED},\s+#decapsulated\s+fra?gs\s+needing\s+reassembly:\s+${DECAP_FRAGS_NEEDING_REASSEMBLY}\s*
^\s+#send\s+errors:\s+${SEND_ERRORS},\s+#recv\s+errors:\s+${RECEIVE_ERRORS}\s*
^\s+local\s+crypto\s+endpt\.:\s+${LOCAL_CRYPTO_ENDPOINT}(\/\d+)?,\s+remote\s+crypto\s+endpt\.:\s+${REMOTE_CRYPTO_ENDPOINT}(\/\d+)?\s*
^\s+path\s+mtu\s+${PATH_MTU},\s+ipsec\s+overhead\s+${IPSEC_OVERHEAD}(\(\d+\))?,\s+media\s+mtu\s+${MEDIA_MTU}\s*
^\s+current\s+outbound\s+spi:\s+${CURRENT_OUTBOUND_SPI}\s*
^\s+current\s+inbound\s+spi\s+:\s+${CURRENT_INBOUND_SPI}\s*
^\s+inbound\s+esp\s+sas:\s* -> Inbound
^\s+outbound\s+esp\s+sas:\s* -> Outbound

Expand All @@ -86,6 +91,7 @@ Inbound
^\s+in\s+use\s+settings\s+=\{${INBOUND_SETTINGS_IN_USE},\s+\}\s*
^\s+slot:\s+${INBOUND_SLOT},\s+conn_id:\s+${INBOUND_CONNECTION_ID},\s+crypto-map:\s+${INBOUND_CRYPTO_MAP}\s*
^\s+sa\s+timing:\s+remaining\s+key\s+lifetime\s+\(sec\):\s+${INBOUND_REMAINING_LIFETIME}\s*
^\s+sa\s+timing:\s+remaining\s+key\s+lifetime\s+\(kB\/sec\):\s+\(${INBOUND_REMAINING_LIFETIME_KILOBYTES}\/${INBOUND_REMAINING_LIFETIME}\)\s*
^\s+IV\s+size:\s+${INBOUND_IV_SIZE}\s*
^\s+replay\s+detection\s+support:\s+${INBOUND_REPLAY_DETECTION}\s* -> Start

Expand All @@ -95,5 +101,8 @@ Outbound
^\s+in\s+use\s+settings\s+=\{${OUTBOUND_SETTINGS_IN_USE},\s+\}\s*
^\s+slot:\s+${OUTBOUND_SLOT},\s+conn_id:\s+${OUTBOUND_CONNECTION_ID},\s+crypto-map:\s+${OUTBOUND_CRYPTO_MAP}\s*
^\s+sa\s+timing:\s+remaining\s+key\s+lifetime\s+\(sec\):\s+${OUTBOUND_REMAINING_LIFETIME}\s*
^\s+sa\s+timing:\s+remaining\s+key\s+lifetime\s+\(kB\/sec\):\s+\(${OUTBOUND_REMAINING_LIFETIME_KILOBYTES}\/${OUTBOUND_REMAINING_LIFETIME}\)\s*
^\s+IV\s+size:\s+${OUTBOUND_IV_SIZE}\s*
^\s+replay\s+detection\s+support:\s+${OUTBOUND_REPLAY_DETECTION}\s* -> Start
^\s+replay\s+detection\s+support:\s+${OUTBOUND_REPLAY_DETECTION}\s* -> Record Start

EOF
139 changes: 136 additions & 3 deletions tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.parsed
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
---
parsed_sample:

- interface: "outside2"
crypto_map_tag: "def"
sequence_number: ""
local_address: "10.132.0.17"
local_identity_addr: "0.0.0.0"
loacl_identity_mask: "0.0.0.0"
Expand All @@ -28,15 +30,16 @@ parsed_sample:
pre_fragment_failures: "1"
fragments_created: "10"
pmtus_sent: "5"
pmtus_recieved: "2"
pmtus_received: "2"
decap_frags_needing_reassembly: "1"
send_errors: "0"
recieve_errors: "0"
receive_errors: "0"
local_crypto_endpoint: "10.132.0.17"
remote_crypto_endpoint: "172.20.0.21"
path_mtu: "1500"
ipsec_overhead: "60"
media_mtu: "1500"
current_inbound_spi: ""
current_outbound_spi: "DC15BF68"
inbound_spi_hex: "0x1E8246FC"
inbound_spi_integer: "511854332"
Expand All @@ -47,6 +50,7 @@ parsed_sample:
inbound_connection_id: "3"
inbound_crypto_map: "def"
inbound_remaining_lifetime: "548"
inbound_remaining_lifetime_kilobytes: ""
inbound_iv_size: "8 bytes"
inbound_replay_detection: "Y"
outbound_spi_hex: "0xDC15BF68"
Expand All @@ -58,5 +62,134 @@ parsed_sample:
outbound_connection_id: "3"
outbound_crypto_map: "def"
outbound_remaining_lifetime: "548"
outbound_remaining_lifetime_kilobytes: ""
outbound_iv_size: "8 bytes"
outbound_replay_detection: "Y"
outbound_replay_detection: "Y"
- interface: "COLO"
crypto_map_tag: "COLO-MAP"
sequence_number: "2"
local_address: "172.16.248.119"
local_identity_addr: "172.16.122.32"
loacl_identity_mask: "255.255.255.240"
local_identity_protocol: "0"
local_identity_port: "0"
remote_identity_addr: "172.30.1.153"
remote_identity_mask: "255.255.255.255"
remote_identity_protocol: "0"
remote_identity_port: "0"
current_peer: "8.8.8.8"
dynamic_peer: ""
packets_encapsulated: "13915315"
packets_encrypted: "13915315"
packets_digested: "13915315"
packets_decapsulated: "23606461"
packets_decrypted: "23606461"
packets_verified: "23606461"
packets_compressed: "0"
packets_decompressed: "0"
packets_not_compressed: "13915315"
packets_compress_failed: "0"
packets_decompress_failed: "0"
pre_fragment_success: "0"
pre_fragment_failures: "0"
fragments_created: "0"
pmtus_sent: "0"
pmtus_received: "0"
decap_frags_needing_reassembly: "0"
send_errors: "0"
receive_errors: "0"
local_crypto_endpoint: "172.16.248.119"
remote_crypto_endpoint: "8.8.8.8"
path_mtu: "1500"
ipsec_overhead: "82"
media_mtu: "1500"
current_inbound_spi: "32F752FF"
current_outbound_spi: "50023DDC"
inbound_spi_hex: "0x32F752FF"
inbound_spi_integer: "855069439"
inbound_encryption: "esp-aes-256"
inbound_authentication: "esp-md5-hmac"
inbound_settings_in_use: "L2L, Tunnel, NAT-T-Encaps, IKEv1"
inbound_slot: "0"
inbound_connection_id: "159694848"
inbound_crypto_map: "COLO-MAP"
inbound_remaining_lifetime: "25461"
inbound_remaining_lifetime_kilobytes: "2699423"
inbound_iv_size: "16 bytes"
inbound_replay_detection: "Y"
outbound_spi_hex: "0x50023DDC"
outbound_spi_integer: "1342324188"
outbound_encryption: "esp-aes-256"
outbound_authentication: "esp-md5-hmac"
outbound_settings_in_use: "L2L, Tunnel, NAT-T-Encaps, IKEv1"
outbound_slot: "0"
outbound_connection_id: "159694848"
outbound_crypto_map: "COLO-MAP"
outbound_remaining_lifetime: "25461"
outbound_remaining_lifetime_kilobytes: "3892153"
outbound_iv_size: "16 bytes"
outbound_replay_detection: "Y"
- interface: "COLO"
crypto_map_tag: "COLO-MAP"
sequence_number: "3"
local_address: "172.20.248.119"
local_identity_addr: "172.20.122.32"
loacl_identity_mask: "255.255.255.240"
local_identity_protocol: "0"
local_identity_port: "0"
remote_identity_addr: "10.160.4.0"
remote_identity_mask: "255.255.255.0"
remote_identity_protocol: "0"
remote_identity_port: "0"
current_peer: "8.8.4.4"
dynamic_peer: ""
packets_encapsulated: "0"
packets_encrypted: "0"
packets_digested: "0"
packets_decapsulated: "0"
packets_decrypted: "0"
packets_verified: "0"
packets_compressed: "0"
packets_decompressed: "0"
packets_not_compressed: "0"
packets_compress_failed: "0"
packets_decompress_failed: "0"
pre_fragment_success: "0"
pre_fragment_failures: "0"
fragments_created: "0"
pmtus_sent: "0"
pmtus_received: "0"
decap_frags_needing_reassembly: "0"
send_errors: "0"
receive_errors: "0"
local_crypto_endpoint: "172.20.248.119"
remote_crypto_endpoint: "8.8.4.4"
path_mtu: "1500"
ipsec_overhead: "74"
media_mtu: "1500"
current_inbound_spi: "6A7391E0"
current_outbound_spi: "EA40155F"
inbound_spi_hex: "0x6A7391E0"
inbound_spi_integer: "1785958880"
inbound_encryption: "esp-aes-256"
inbound_authentication: "esp-md5-hmac"
inbound_settings_in_use: "L2L, Tunnel, IKEv1"
inbound_slot: "0"
inbound_connection_id: "14376960"
inbound_crypto_map: "COLO-MAP"
inbound_remaining_lifetime: "70749"
inbound_remaining_lifetime_kilobytes: "2038431743"
inbound_iv_size: "16 bytes"
inbound_replay_detection: "Y"
outbound_spi_hex: "0xEA40155F"
outbound_spi_integer: "3930068319"
outbound_encryption: "esp-aes-256"
outbound_authentication: "esp-md5-hmac"
outbound_settings_in_use: "L2L, Tunnel, IKEv1"
outbound_slot: "0"
outbound_connection_id: "14376960"
outbound_crypto_map: "COLO-MAP"
outbound_remaining_lifetime: "70749"
outbound_remaining_lifetime_kilobytes: "2038431743"
outbound_iv_size: "16 bytes"
outbound_replay_detection: "Y"
99 changes: 98 additions & 1 deletion tests/cisco_asa/show_crypto_ipsec_sa/cisco_asa_show_crypto_ipsec_sa.raw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,101 @@ interface: outside2
slot: 0, conn_id: 3, crypto-map: def
sa timing: remaining key lifetime (sec): 548
IV size: 8 bytes
replay detection support: Y
replay detection support: Y

interface: COLO
Crypto map tag: COLO-MAP, seq num: 2, local addr: 172.16.248.119

access-list 2 extended permit ip 172.16.122.32 255.255.255.240 host 172.30.1.153
local ident (addr/mask/prot/port): (172.16.122.32/255.255.255.240/0/0)
remote ident (addr/mask/prot/port): (172.30.1.153/255.255.255.255/0/0)
current_peer: 8.8.8.8


#pkts encaps: 13915315, #pkts encrypt: 13915315, #pkts digest: 13915315
#pkts decaps: 23606461, #pkts decrypt: 23606461, #pkts verify: 23606461
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 13915315, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 172.16.248.119/4500, remote crypto endpt.: 8.8.8.8/4500
path mtu 1500, ipsec overhead 82(52), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 50023DDC
current inbound spi : 32F752FF

inbound esp sas:
spi: 0x32F752FF (855069439)
SA State: active
transform: esp-aes-256 esp-md5-hmac no compression
in use settings ={L2L, Tunnel, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 159694848, crypto-map: COLO-MAP
sa timing: remaining key lifetime (kB/sec): (2699423/25461)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x50023DDC (1342324188)
SA State: active
transform: esp-aes-256 esp-md5-hmac no compression
in use settings ={L2L, Tunnel, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 159694848, crypto-map: COLO-MAP
sa timing: remaining key lifetime (kB/sec): (3892153/25461)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

Crypto map tag: COLO-MAP, seq num: 3, local addr: 172.20.248.119

access-list 200 extended permit ip 172.20.122.32 255.255.255.240 10.160.4.0 255.255.255.0
local ident (addr/mask/prot/port): (172.20.122.32/255.255.255.240/0/0)
remote ident (addr/mask/prot/port): (10.160.4.0/255.255.255.0/0/0)
current_peer: 8.8.4.4


#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 172.20.248.119/0, remote crypto endpt.: 8.8.4.4/0
path mtu 1500, ipsec overhead 74(44), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: EA40155F
current inbound spi : 6A7391E0

inbound esp sas:
spi: 0x6A7391E0 (1785958880)
SA State: active
transform: esp-aes-256 esp-md5-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 14376960, crypto-map: COLO-MAP
sa timing: remaining key lifetime (kB/sec): (2038431743/70749)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0xEA40155F (3930068319)
SA State: active
transform: esp-aes-256 esp-md5-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 14376960, crypto-map: COLO-MAP
sa timing: remaining key lifetime (kB/sec): (2038431743/70749)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001