IPSec Tunnels
This category of questions allows you to query IPSec sessions and tunnels.
IPSec Session Status
Returns the status of configured IPSec sessions.
Shows configuration settings and status for each configured IPSec tunnel in the network. The status is IPSEC_SESSION_ESTABLISHED for tunnels that are expected to be established; it is IKE_PHASE1_FAILED if IKE parameters negotiation failed; it is IKE_PHASE1_KEY_MISMATCH if IKE negotiation was successful but IKE keys do not match; it is IPSEC_PHASE2_FAILED if negotiation of IPsec parameters failed; and it is MISSING_END_POINT if the remote endpoint for a configured IPsec tunnel could not be found in the network.
Inputs
Name |
Description |
Type |
Optional |
Default Value |
---|---|---|---|---|
nodes |
Include sessions whose first node matches this specifier. |
True |
||
remoteNodes |
Include sessions whose second node matches this specifier. |
True |
||
status |
Only include IPSec sessions for which status matches this specifier. |
True |
Invocation
[5]:
result = bf.q.ipsecSessionStatus().answer().frame()
Return Value
Name |
Description |
Type |
---|---|---|
Node |
IPSec initiator |
str |
Node_Interface |
Initiator Interface |
|
Node_IP |
Initiator IP |
str |
Remote_Node |
IPSec responder |
str |
Remote_Node_Interface |
Responder Interface |
|
Remote_Node_IP |
Responder IP |
str |
Tunnel_Interfaces |
Tunnel interfaces pair used in peering session |
str |
Status |
IPSec session status |
str |
Print the first 5 rows of the returned Dataframe
[6]:
result.head(5)
[6]:
Node | Node_Interface | Node_IP | Remote_Node | Remote_Node_Interface | Remote_Node_IP | Tunnel_Interfaces | Status | |
---|---|---|---|---|---|---|---|---|
0 | exitgw | exitgw[GigabitEthernet3] | 147.75.69.27 | tgw-06b348adabd13452d | tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] | 3.19.24.131 | Tunnel1 -> vpn-vpn-01c45673532d3e33e-1 | IPSEC_SESSION_ESTABLISHED |
1 | exitgw | exitgw[GigabitEthernet3] | 147.75.69.27 | tgw-06b348adabd13452d | tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2] | 52.14.53.162 | Tunnel2 -> vpn-vpn-01c45673532d3e33e-2 | IPSEC_SESSION_ESTABLISHED |
2 | exitgw | exitgw[GigabitEthernet3] | 147.75.69.27 | tgw-0888a76c8a371246d | tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1] | 34.209.88.227 | Tunnel3 -> vpn-vpn-0dc7abdb974ff8a69-1 | IPSEC_SESSION_ESTABLISHED |
3 | exitgw | exitgw[GigabitEthernet3] | 147.75.69.27 | tgw-0888a76c8a371246d | tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] | 44.227.244.7 | Tunnel4 -> vpn-vpn-0dc7abdb974ff8a69-2 | IPSEC_SESSION_ESTABLISHED |
4 | tgw-06b348adabd13452d | tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] | 3.19.24.131 | exitgw | exitgw[GigabitEthernet3] | 147.75.69.27 | vpn-vpn-01c45673532d3e33e-1 -> Tunnel1 | IPSEC_SESSION_ESTABLISHED |
Print the first row of the returned Dataframe
[7]:
result.iloc[0]
[7]:
Node exitgw
Node_Interface exitgw[GigabitEthernet3]
Node_IP 147.75.69.27
Remote_Node tgw-06b348adabd13452d
Remote_Node_Interface tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]
Remote_Node_IP 3.19.24.131
Tunnel_Interfaces Tunnel1 -> vpn-vpn-01c45673532d3e33e-1
Status IPSEC_SESSION_ESTABLISHED
Name: 0, dtype: object
IPSec Edges
Returns IPSec tunnels.
Lists all IPSec tunnels in the network.
Inputs
Name |
Description |
Type |
Optional |
Default Value |
---|---|---|---|---|
nodes |
Include tunnels whose first node matches this name or regex. |
True |
.* |
|
remoteNodes |
Include tunnels whose second node matches this name or regex. |
True |
.* |
Invocation
[10]:
result = bf.q.ipsecEdges().answer().frame()
Return Value
Name |
Description |
Type |
---|---|---|
Source_Interface |
Source interface used in the IPsec session |
|
Tunnel_Interface |
Tunnel interface (if any) used in the IPsec session |
|
Remote_Source_Interface |
Remote source interface used in the IPsec session |
|
Remote_Tunnel_Interface |
Remote tunnel interface (if any) used in the IPsec session |
Print the first 5 rows of the returned Dataframe
[11]:
result.head(5)
[11]:
Source_Interface | Tunnel_Interface | Remote_Source_Interface | Remote_Tunnel_Interface | |
---|---|---|---|---|
0 | tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] | tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-1] | exitgw[GigabitEthernet3] | exitgw[Tunnel1] |
1 | tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1] | tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-1] | exitgw[GigabitEthernet3] | exitgw[Tunnel3] |
2 | tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2] | tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-2] | exitgw[GigabitEthernet3] | exitgw[Tunnel2] |
3 | exitgw[GigabitEthernet3] | exitgw[Tunnel4] | tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] | tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2] |
4 | tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] | tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2] | exitgw[GigabitEthernet3] | exitgw[Tunnel4] |
Print the first row of the returned Dataframe
[12]:
result.iloc[0]
[12]:
Source_Interface tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]
Tunnel_Interface tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-1]
Remote_Source_Interface exitgw[GigabitEthernet3]
Remote_Tunnel_Interface exitgw[Tunnel1]
Name: 0, dtype: object