IPSec Tunnels

This category of questions allows you to query IPSec sessions and tunnels.

IPSec Session Status

Returns the status of configured IPSec sessions.

Shows configuration settings and status for each configured IPSec tunnel in the network. The status is IPSEC_SESSION_ESTABLISHED for tunnels that are expected to be established; it is IKE_PHASE1_FAILED if IKE parameters negotiation failed; it is IKE_PHASE1_KEY_MISMATCH if IKE negotiation was successful but IKE keys do not match; it is IPSEC_PHASE2_FAILED if negotiation of IPsec parameters failed; and it is MISSING_END_POINT if the remote endpoint for a configured IPsec tunnel could not be found in the network.

Inputs

Name

Description

Type

Optional

Default Value

nodes

Include sessions whose first node matches this specifier.

NodeSpec

True

remoteNodes

Include sessions whose second node matches this specifier.

NodeSpec

True

status

Only include IPSec sessions for which status matches this specifier.

IpsecSessionStatusSpec

True

Invocation

[5]:
result = bf.q.ipsecSessionStatus().answer().frame()

Return Value

Name

Description

Type

Node

IPSec initiator

str

Node_Interface

Initiator Interface

Interface

Node_IP

Initiator IP

str

Remote_Node

IPSec responder

str

Remote_Node_Interface

Responder Interface

Interface

Remote_Node_IP

Responder IP

str

Tunnel_Interfaces

Tunnel interfaces pair used in peering session

str

Status

IPSec session status

str

Print the first 5 rows of the returned Dataframe

[6]:
result.head(5)
[6]:
Node Node_Interface Node_IP Remote_Node Remote_Node_Interface Remote_Node_IP Tunnel_Interfaces Status
0 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-06b348adabd13452d tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] 3.19.24.131 Tunnel1 -> vpn-vpn-01c45673532d3e33e-1 IPSEC_SESSION_ESTABLISHED
1 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-06b348adabd13452d tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2] 52.14.53.162 Tunnel2 -> vpn-vpn-01c45673532d3e33e-2 IPSEC_SESSION_ESTABLISHED
2 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-0888a76c8a371246d tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1] 34.209.88.227 Tunnel3 -> vpn-vpn-0dc7abdb974ff8a69-1 IPSEC_SESSION_ESTABLISHED
3 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-0888a76c8a371246d tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] 44.227.244.7 Tunnel4 -> vpn-vpn-0dc7abdb974ff8a69-2 IPSEC_SESSION_ESTABLISHED
4 tgw-06b348adabd13452d tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] 3.19.24.131 exitgw exitgw[GigabitEthernet3] 147.75.69.27 vpn-vpn-01c45673532d3e33e-1 -> Tunnel1 IPSEC_SESSION_ESTABLISHED

Print the first row of the returned Dataframe

[7]:
result.iloc[0]
[7]:
Node                                                                      exitgw
Node_Interface                                          exitgw[GigabitEthernet3]
Node_IP                                                             147.75.69.27
Remote_Node                                                tgw-06b348adabd13452d
Remote_Node_Interface    tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]
Remote_Node_IP                                                       3.19.24.131
Tunnel_Interfaces                         Tunnel1 -> vpn-vpn-01c45673532d3e33e-1
Status                                                 IPSEC_SESSION_ESTABLISHED
Name: 0, dtype: object

IPSec Edges

Returns IPSec tunnels.

Lists all IPSec tunnels in the network.

Inputs

Name

Description

Type

Optional

Default Value

nodes

Include tunnels whose first node matches this name or regex.

NodeSpec

True

.*

remoteNodes

Include tunnels whose second node matches this name or regex.

NodeSpec

True

.*

Invocation

[10]:
result = bf.q.ipsecEdges().answer().frame()

Return Value

Name

Description

Type

Source_Interface

Source interface used in the IPsec session

Interface

Tunnel_Interface

Tunnel interface (if any) used in the IPsec session

Interface

Remote_Source_Interface

Remote source interface used in the IPsec session

Interface

Remote_Tunnel_Interface

Remote tunnel interface (if any) used in the IPsec session

Interface

Print the first 5 rows of the returned Dataframe

[11]:
result.head(5)
[11]:
Source_Interface Tunnel_Interface Remote_Source_Interface Remote_Tunnel_Interface
0 tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-1] exitgw[GigabitEthernet3] exitgw[Tunnel1]
1 tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1] tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-1] exitgw[GigabitEthernet3] exitgw[Tunnel3]
2 tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2] tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-2] exitgw[GigabitEthernet3] exitgw[Tunnel2]
3 exitgw[GigabitEthernet3] exitgw[Tunnel4] tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2]
4 tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2] exitgw[GigabitEthernet3] exitgw[Tunnel4]

Print the first row of the returned Dataframe

[12]:
result.iloc[0]
[12]:
Source_Interface           tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]
Tunnel_Interface                tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-1]
Remote_Source_Interface                                   exitgw[GigabitEthernet3]
Remote_Tunnel_Interface                                            exitgw[Tunnel1]
Name: 0, dtype: object