Adding Netbox

roles/ansible-network.cisco_ios/templates/cloud_vpn/providers/csr/initiator/aws_vpn/configure_routing_bgp.j2

@@ -0,0 +1,13 @@
+router bgp {{ cloud_vpn_initiator_bgp_asn }}
+   neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} remote-as {{ cloud_vpn_responder_bgp_asn }}
+   neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} activate
+   neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} timers 10 30 30
+   address-family ipv4 unicast
+      neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} remote-as {{ cloud_vpn_responder_bgp_asn }}
+      neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} timers 10 30 30
+      neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} default-originate
+      neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} activate
+      neighbor {{ cloud_vpn_responder_tunnel_failover_ip }} soft-reconfiguration inbound
+      network 0.0.0.0
+   exit
+exit

roles/ansible-network.cisco_ios/templates/cloud_vpn/providers/csr/initiator/aws_vpn/configure_routing_static.j2

@@ -0,0 +1,2 @@
+ip route {{ cloud_vpn_responder_cidr | ipaddr('network') }} {{ cloud_vpn_responder_cidr | ipaddr('netmask') }} Tunnel1 track 100
+ip route {{ cloud_vpn_responder_cidr | ipaddr('network') }} {{ cloud_vpn_responder_cidr | ipaddr('netmask') }} Tunnel2 track 200

roles/ansible-network.cisco_ios/templates/cloud_vpn/providers/csr/initiator/aws_vpn/configure_vpn.j2

@@ -0,0 +1,115 @@
+crypto isakmp policy 200
+  encryption aes 128
+  authentication pre-share
+  group 2
+  lifetime 28800
+  hash sha
+exit
+
+crypto keyring {{ cloud_vpn_name }}-0
+  local-address {{ cloud_vpn_initiator_outside_interface }}
+  pre-shared-key address {{ cloud_vpn_responder_public_ip }} key {{ cloud_vpn_psk }}
+exit
+
+crypto isakmp profile {{ cloud_vpn_name }}-0
+  local-address {{ cloud_vpn_initiator_outside_interface }}
+  match identity address {{ cloud_vpn_responder_public_ip }}
+  keyring {{ cloud_vpn_name }}-0
+exit
+
+crypto ipsec transform-set {{ cloud_vpn_name }}-0 esp-aes 128 esp-sha-hmac
+  mode tunnel
+exit
+
+crypto ipsec profile {{ cloud_vpn_name }}-0
+  set pfs group2
+  set security-association lifetime seconds 3600
+  set transform-set {{ cloud_vpn_name }}-0
+exit
+
+crypto ipsec df-bit clear
+
+crypto isakmp keepalive 10 10 on-demand
+
+crypto ipsec security-association replay window-size 128
+
+crypto ipsec fragmentation before-encryption
+
+interface Tunnel1
+  ip address {{ cloud_vpn_initiator_tunnel_ip }} 255.255.255.252
+  ip virtual-reassembly
+  tunnel source {{ cloud_vpn_initiator_outside_interface }}
+  tunnel destination {{ cloud_vpn_responder_public_ip }}
+  tunnel mode ipsec ipv4
+  tunnel protection ipsec profile {{ cloud_vpn_name }}-0
+  ! This option causes the router to reduce the Maximum Segment Size of
+  ! TCP packets to prevent packet fragmentation.
+  ip tcp adjust-mss 1379
+  no shutdown
+exit
+
+ip sla 100
+   icmp-echo {{ cloud_vpn_responder_tunnel_ip }} source-interface Tunnel1
+   timeout 5000
+   frequency 5
+exit
+ip sla schedule 100  life forever start-time now
+track 100 ip sla 100 reachability
+
+crypto isakmp policy 201
+  encryption aes 128
+  authentication pre-share
+  group 2
+  lifetime 28800
+  hash sha
+exit
+
+crypto keyring {{ cloud_vpn_name }}-1
+  local-address {{ cloud_vpn_initiator_outside_interface }}
+  pre-shared-key address {{ cloud_vpn_responder_failover_ip }} key {{ cloud_vpn_psk }}
+exit
+
+crypto isakmp profile {{ cloud_vpn_name }}-1
+  local-address {{ cloud_vpn_initiator_outside_interface }}
+  match identity address {{ cloud_vpn_responder_failover_ip }}
+  keyring {{ cloud_vpn_name }}-1
+exit
+
+crypto ipsec transform-set {{ cloud_vpn_name }}-1 esp-aes 128 esp-sha-hmac
+  mode tunnel
+exit
+
+crypto ipsec profile {{ cloud_vpn_name }}-1
+  set pfs group2
+  set security-association lifetime seconds 3600
+  set transform-set {{ cloud_vpn_name }}-1
+exit
+
+crypto ipsec df-bit clear
+
+crypto isakmp keepalive 10 10 on-demand
+
+crypto ipsec security-association replay window-size 128
+
+crypto ipsec fragmentation before-encryption
+
+interface Tunnel2
+  ip address {{ cloud_vpn_initiator_tunnel_failover_ip }} 255.255.255.252
+  ip virtual-reassembly
+  tunnel source {{ cloud_vpn_initiator_outside_interface }}
+  tunnel destination {{ cloud_vpn_responder_failover_ip }}
+  tunnel mode ipsec ipv4
+  tunnel protection ipsec profile {{ cloud_vpn_name }}-1
+  ! This option causes the router to reduce the Maximum Segment Size of
+  ! TCP packets to prevent packet fragmentation.
+  ip tcp adjust-mss 1379
+  no shutdown
+exit
+
+ip sla 200
+   icmp-echo {{ cloud_vpn_responder_tunnel_failover_ip }} source-interface Tunnel2
+   timeout 5000
+   frequency 5
+exit
+ip sla schedule 200  life forever start-time now
+track 200 ip sla 200 reachability

roles/ansible-network.cisco_ios/templates/cloud_vpn/providers/csr/initiator/configure_routing_bgp.j2

@@ -0,0 +1,13 @@
+router bgp {{ cloud_vpn_initiator_bgp_asn }}
+   neighbor {{ cloud_vpn_responder_tunnel_ip }} remote-as {{ cloud_vpn_responder_bgp_asn }}
+   neighbor {{ cloud_vpn_responder_tunnel_ip }} activate
+   neighbor {{ cloud_vpn_responder_tunnel_ip }} timers 10 30 30
+   address-family ipv4 unicast
+      neighbor {{ cloud_vpn_responder_tunnel_ip }} remote-as {{ cloud_vpn_responder_bgp_asn }}
+      neighbor {{ cloud_vpn_responder_tunnel_ip }} timers 10 30 30
+      neighbor {{ cloud_vpn_responder_tunnel_ip }} default-originate
+      neighbor {{ cloud_vpn_responder_tunnel_ip }} activate
+      neighbor {{ cloud_vpn_responder_tunnel_ip }} soft-reconfiguration inbound
+      network 0.0.0.0
+   exit
+exit

roles/ansible-network.cisco_ios/templates/cloud_vpn/providers/csr/initiator/configure_routing_static.j2

@@ -0,0 +1 @@
+ip route {{ cloud_vpn_responder_cidr | ipaddr('network') }} {{ cloud_vpn_responder_cidr | ipaddr('netmask') }} Tunnel1 track 100

roles/ansible-network.cisco_ios/templates/cloud_vpn/providers/csr/initiator/configure_vpn.j2

@@ -0,0 +1,57 @@
+crypto isakmp policy 200
+  encryption aes 128
+  authentication pre-share
+  group 2
+  lifetime 28800
+  hash sha
+exit
+
+crypto keyring {{ cloud_vpn_name }}
+  local-address {{ cloud_vpn_initiator_outside_interface }}
+  pre-shared-key address {{ cloud_vpn_responder_public_ip }} key {{ cloud_vpn_psk }}
+exit
+
+crypto isakmp profile {{ cloud_vpn_name }}
+  local-address {{ cloud_vpn_initiator_outside_interface }}
+  match identity address {{ cloud_vpn_responder_public_ip }}
+  keyring {{ cloud_vpn_name }}
+exit
+
+crypto ipsec transform-set {{ cloud_vpn_name }} esp-aes 128 esp-sha-hmac
+  mode tunnel
+exit
+
+crypto ipsec profile {{ cloud_vpn_name }}
+  set pfs group2
+  set security-association lifetime seconds 3600
+  set transform-set {{ cloud_vpn_name }}
+exit
+
+crypto ipsec df-bit clear
+
+crypto isakmp keepalive 10 10 on-demand
+
+crypto ipsec security-association replay window-size 128
+
+crypto ipsec fragmentation before-encryption
+
+interface Tunnel1
+  ip address {{ cloud_vpn_initiator_tunnel_ip }} 255.255.255.252
+  ip virtual-reassembly
+  tunnel source {{ cloud_vpn_initiator_outside_interface }}
+  tunnel destination {{ cloud_vpn_responder_public_ip }}
+  tunnel mode ipsec ipv4
+  tunnel protection ipsec profile {{ cloud_vpn_name }}
+  ! This option causes the router to reduce the Maximum Segment Size of
+  ! TCP packets to prevent packet fragmentation.
+  ip tcp adjust-mss 1379
+  no shutdown
+exit
+
+ip sla 100
+   icmp-echo {{ cloud_vpn_responder_tunnel_ip }} source-interface Tunnel1
+   timeout 5000
+   frequency 5
+exit
+ip sla schedule 100  life forever start-time now
+track 100 ip sla 100 reachability

roles/ansible-network.cisco_ios/templates/configure_user.j2

@@ -0,0 +1,30 @@
+{% for user in users %}
+
+{% if user.state is defined and user.state == 'absent' %}
+no username {{ user.name }}
+ip ssh pubkey-chain
+no username {{ user.name }}
+
+{% else %}
+{% if user.password is not defined %}
+username {{ user.name }} nopassword
+{% elif user.password %}
+username {{ user.name }} secret {{ user.password }}
+{% endif %}
+
+{% if user.privilege is defined %}
+username {{ user.name }} privilege {{ user.privilege|string }}
+{% endif %}
+
+{% if user.view is defined %}
+username {{ user.name }} view {{ user.view }}
+{% endif %}
+
+{% if user.sshkey is defined %}
+ip ssh pubkey-chain
+username {{ user.name }}
+key-hash {{ user.sshkey }}
+{% endif %}
+
+{% endif %}
+{% endfor %}