danieljimenez · April 26, 2017 15:47
diff --git a/vpc-asa-bgp-setup b/vpc-asa-bgp-setup
 #!/usr/bin/env python
 from __future__ import print_function

 import argparse
 import logging
 import sys
 import xml.etree.ElementTree as ET

 import boto3

 logger = logging.getLogger(__name__)


 def main(arguments):
    parser = argparse.ArgumentParser(
        description=__doc__,
        formatter_class=argparse.RawDescriptionHelpFormatter
    )
    parser.add_argument('--vpn-id', help="vpn id to generate a config for", required=True)
    parser.add_argument('--local-network', help="network ip address of the local network", required=True)
    parser.add_argument('--local-netmask', help="netmask ip address of the local network", required=True)
    parser.add_argument('--remote-network', help="network ip address of the remote network", required=True)
    parser.add_argument('--remote-netmask', help="netmask ip address of the remote network", required=True)
    parser.add_argument('--name', help="cosmetic name of the vpc you're connecting to", required=True)
    parser.add_argument('--interface0', help="interface name you want for tunnel0", required=True)
    parser.add_argument('--interface1', help="interface name you want for tunnel1", required=True)
    parser.add_argument('--outside-interface-name', help="the name of the outside interface on your ASA", required=True)
    args = parser.parse_args(arguments)

    client = boto3.client('ec2')
    connections = client.describe_vpn_connections(
        VpnConnectionIds=[args.vpn_id]
    )
    vpn_connections = connections.get('VpnConnections')
    config = vpn_connections[0].get('CustomerGatewayConfiguration')
    element = ET.fromstring(config)

    xpath = 'ipsec_tunnel[1]/vpn_gateway/tunnel_outside_address/ip_address'
    print("""
 object-group network AmazonVPC
 network {remote_network} {remote_netmask}

 interface Tunnel{interface0_number}
 nameif {name}:0
 ip address {tunnel0_bgp_ip} 255.255.255.252
 tunnel source interface {outside_interface_name}
 tunnel destination {tunnel0_outside_ip}
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile AWS
 !
 interface Tunnel{interface1_number}
 nameif {name}:1
 ip address {tunnel1_bgp_ip} 255.255.255.252
 tunnel source interface {outside_interface_name}
 tunnel destination {tunnel1_outside_ip}
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile AWS
 !
 router bgp {tunnel0_asn}
 address-family ipv4 unicast
  neighbor {tunnel0_bgp_neighbor} remote-as 7224
  neighbor {tunnel0_bgp_neighbor} activate
  neighbor {tunnel1_bgp_neighbor} remote-as 7224
  neighbor {tunnel1_bgp_neighbor} activate
  network {local_network} mask {local_netmask}
  redistribute static
 exit-address-family
 !
 tunnel-group {tunnel0_outside_ip} type ipsec-l2l
 !
 tunnel-group {tunnel0_outside_ip} ipsec-attributes
  ikev1 pre-shared-key {tunnel0_key}
  isakmp keepalive threshold 10 retry 10
 !
 tunnel-group {tunnel1_outside_ip} type ipsec-l2l
 !
 tunnel-group {tunnel1_outside_ip} ipsec-attributes
  ikev1 pre-shared-key {tunnel1_key}
  isakmp keepalive threshold 10 retry 10
 !
    """.format(
        name=args.name,
        outside_interface_name=args.outside_interface_name,
        interface0_number=args.interface0,
        interface1_number=args.interface1,
        local_network=args.local_network,
        local_netmask=args.local_netmask,
        remote_network=args.remote_network,
        remote_netmask=args.remote_netmask,
        tunnel0_asn=find(element, 'ipsec_tunnel[1]/customer_gateway/bgp/asn'),
        tunnel0_outside_ip=find(element, 'ipsec_tunnel[1]/vpn_gateway/tunnel_outside_address/ip_address'),
        tunnel0_bgp_ip=find(element, 'ipsec_tunnel[1]/customer_gateway/tunnel_inside_address/ip_address'),
        tunnel0_bgp_subnet=find(element, 'ipsec_tunnel[1]/customer_gateway/tunnel_inside_address/network_mask'),
        tunnel0_bgp_neighbor=find(element, 'ipsec_tunnel[1]/vpn_gateway/tunnel_inside_address/ip_address'),
        tunnel0_key=find(element, 'ipsec_tunnel[1]/ike/pre_shared_key'),
        tunnel1_outside_ip=find(element, 'ipsec_tunnel[2]/vpn_gateway/tunnel_outside_address/ip_address'),
        tunnel1_bgp_ip=find(element, 'ipsec_tunnel[2]/customer_gateway/tunnel_inside_address/ip_address'),
        tunnel1_bgp_subnet=find(element, 'ipsec_tunnel[2]/customer_gateway/tunnel_inside_address/network_mask'),
        tunnel1_bgp_neighbor=find(element, 'ipsec_tunnel[2]/vpn_gateway/tunnel_inside_address/ip_address'),
        tunnel1_key=find(element, 'ipsec_tunnel[2]/ike/pre_shared_key')
    ).strip())


 def find(element, xpath):
    return next(iter(element.findall(xpath))).text

 if __name__ == '__main__':
    main(sys.argv[1:])
	#!/usr/bin/env python
	from __future__ import print_function

	import argparse
	import logging
	import sys
	import xml.etree.ElementTree as ET

	import boto3

	logger = logging.getLogger(__name__)


	def main(arguments):
	parser = argparse.ArgumentParser(
	description=__doc__,
	formatter_class=argparse.RawDescriptionHelpFormatter
	)
	parser.add_argument('--vpn-id', help="vpn id to generate a config for", required=True)
	parser.add_argument('--local-network', help="network ip address of the local network", required=True)
	parser.add_argument('--local-netmask', help="netmask ip address of the local network", required=True)
	parser.add_argument('--remote-network', help="network ip address of the remote network", required=True)
	parser.add_argument('--remote-netmask', help="netmask ip address of the remote network", required=True)
	parser.add_argument('--name', help="cosmetic name of the vpc you're connecting to", required=True)
	parser.add_argument('--interface0', help="interface name you want for tunnel0", required=True)
	parser.add_argument('--interface1', help="interface name you want for tunnel1", required=True)
	parser.add_argument('--outside-interface-name', help="the name of the outside interface on your ASA", required=True)
	args = parser.parse_args(arguments)

	client = boto3.client('ec2')
	connections = client.describe_vpn_connections(
	VpnConnectionIds=[args.vpn_id]
	)
	vpn_connections = connections.get('VpnConnections')
	config = vpn_connections[0].get('CustomerGatewayConfiguration')
	element = ET.fromstring(config)

	xpath = 'ipsec_tunnel[1]/vpn_gateway/tunnel_outside_address/ip_address'
	print("""
	object-group network AmazonVPC
	network {remote_network} {remote_netmask}

	interface Tunnel{interface0_number}
	nameif {name}:0
	ip address {tunnel0_bgp_ip} 255.255.255.252
	tunnel source interface {outside_interface_name}
	tunnel destination {tunnel0_outside_ip}
	tunnel mode ipsec ipv4
	tunnel protection ipsec profile AWS
	!
	interface Tunnel{interface1_number}
	nameif {name}:1
	ip address {tunnel1_bgp_ip} 255.255.255.252
	tunnel source interface {outside_interface_name}
	tunnel destination {tunnel1_outside_ip}
	tunnel mode ipsec ipv4
	tunnel protection ipsec profile AWS
	!
	router bgp {tunnel0_asn}
	address-family ipv4 unicast
	neighbor {tunnel0_bgp_neighbor} remote-as 7224
	neighbor {tunnel0_bgp_neighbor} activate
	neighbor {tunnel1_bgp_neighbor} remote-as 7224
	neighbor {tunnel1_bgp_neighbor} activate
	network {local_network} mask {local_netmask}
	redistribute static
	exit-address-family
	!
	tunnel-group {tunnel0_outside_ip} type ipsec-l2l
	!
	tunnel-group {tunnel0_outside_ip} ipsec-attributes
	ikev1 pre-shared-key {tunnel0_key}
	isakmp keepalive threshold 10 retry 10
	!
	tunnel-group {tunnel1_outside_ip} type ipsec-l2l
	!
	tunnel-group {tunnel1_outside_ip} ipsec-attributes
	ikev1 pre-shared-key {tunnel1_key}
	isakmp keepalive threshold 10 retry 10
	!
	""".format(
	name=args.name,
	outside_interface_name=args.outside_interface_name,
	interface0_number=args.interface0,
	interface1_number=args.interface1,
	local_network=args.local_network,
	local_netmask=args.local_netmask,
	remote_network=args.remote_network,
	remote_netmask=args.remote_netmask,
	tunnel0_asn=find(element, 'ipsec_tunnel[1]/customer_gateway/bgp/asn'),
	tunnel0_outside_ip=find(element, 'ipsec_tunnel[1]/vpn_gateway/tunnel_outside_address/ip_address'),
	tunnel0_bgp_ip=find(element, 'ipsec_tunnel[1]/customer_gateway/tunnel_inside_address/ip_address'),
	tunnel0_bgp_subnet=find(element, 'ipsec_tunnel[1]/customer_gateway/tunnel_inside_address/network_mask'),
	tunnel0_bgp_neighbor=find(element, 'ipsec_tunnel[1]/vpn_gateway/tunnel_inside_address/ip_address'),
	tunnel0_key=find(element, 'ipsec_tunnel[1]/ike/pre_shared_key'),
	tunnel1_outside_ip=find(element, 'ipsec_tunnel[2]/vpn_gateway/tunnel_outside_address/ip_address'),
	tunnel1_bgp_ip=find(element, 'ipsec_tunnel[2]/customer_gateway/tunnel_inside_address/ip_address'),
	tunnel1_bgp_subnet=find(element, 'ipsec_tunnel[2]/customer_gateway/tunnel_inside_address/network_mask'),
	tunnel1_bgp_neighbor=find(element, 'ipsec_tunnel[2]/vpn_gateway/tunnel_inside_address/ip_address'),
	tunnel1_key=find(element, 'ipsec_tunnel[2]/ike/pre_shared_key')
	).strip())


	def find(element, xpath):
	return next(iter(element.findall(xpath))).text

	if __name__ == '__main__':
	main(sys.argv[1:])
No results found