andre/scripts-conlxsyslog03
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca4ba7a6e0d60e14e84e115c2f17ce34b2045dc0
scripts-conlxsyslog03/rancid/change_vpn_peer/script.sh
conetadm 5718e70f15 init
2024-11-14 21:11:06 +01:00

111 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
echo ""
if [ "$4" == "a" ];
then
ACTION=a
elif [ "$4" == "d" ];
then
ACTION=d
else
echo "$./script.sh <hostname> <oldpeer> <newpeer> <action>"
echo ""
echo " hostname is firewall name as used in observium"
echo ""
echo " oldpeer|newpeer are IP addresses of remote gateway"
echo ""
echo " action can be a or d"
echo " a applies configuration to firewall"
echo " d just displays configuration"
echo ""
exit
fi
ASA=$1
OLDPEER=$2
NEWPEER=$3
CONF=/home/rancid/var/rancid/network/configs/$ASA
CONFIG="/scripts/rancid/change_vpn_peer/"$ASA"_"$OLDPEER"_"$NEWPEER".txt"
echo "CONFIG file for ASA"
echo $CONF
echo ""
echo "CONFIG file to display/apply"
echo $CONFIG
echo ""
echo "UPDATE Konfigfile via rancid to have the latest config file"
/home/rancid/bin/rancid-run -r $ASA
echo ""
echo "CHECK for old peer IP in config file"
grep "tunnel-group $OLDPEER" $CONF || ( echo "tunnel group not found" && exit ) > /dev/null 2>&1
echo "Old peer found"
echo ""
echo "GET crypto map name for old peer IP"
CMNAME=`grep "crypto map" $CONF | grep "set peer $OLDPEER" | awk '{print $3}'` > /dev/null 2>&1
echo " ~ $CMNAME"
echo ""
echo "GET crypto map entry for old peer IP"
CMENTRY=`grep "crypto map" $CONF | grep "set peer $OLDPEER" | awk '{print $4}'` > /dev/null 2>&1
echo " ~ $CMENTRY"
echo ""
echo "GET old PSK"
PSK=`egrep -A4 "tunnel-group $OLDPEER ipsec-att" $CONF | grep pre` > /dev/null 2>&1
echo " ~ $PSK"
echo ""
echo "GET old GroupPolicy"
GROUP=`egrep -A1 "tunnel-group $OLDPEER general-att" $CONF | grep default-group-policy` > /dev/null 2>&1
echo " ~ $GROUP"
echo ""
echo "WRITE configuration file"
echo "
config t
!Remove old tunnel-group
no tunnel-group $OLDPEER ipsec-attributes
!Re-Configure new tunnel-group
tunnel-group $NEWPEER type ipsec-l2l
tunnel-group $NEWPEER ipsec-attributes
$PSK
exit
tunnel-group $NEWPEER general-attributes
$GROUP
exit
!Remove Old Peer from Crypto map
no crypto map $CMNAME $CMENTRY set peer $OLDPEER
!Create New Peer on Crypto Map
crypto map $CMNAME $CMENTRY set peer $NEWPEER
clear config tunnel-group $OLDPEER
!Save Config
end
wr mem
" > $CONFIG
echo ""
if [ "$ACTION" == "a" ];
then
echo "APPLY configuration file"
/home/rancid/bin/clogin -x $CONFIG $ASA
elif [ "$ACTION" == "d" ];
then
echo "DISPLAY configuration file"
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
cat $CONFIG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
fi
echo ""
echo " ~~~ THE END ~~~"
echo ""
Reference in New Issue View Git Blame Copy Permalink