[python]Napalm-asa only supports Cisco ASA with REST API

File "C:\Users\cyruslab\PycharmProjects\netautoapi\lib\site-packages\napalm_asa\asa.py", line 73, in get_auth_token
    raise ConnectionException(py23_compat.text_type(e))
napalm.base.exceptions.ConnectionException: HTTPSConnectionPool(host='', port=22): Max retries exceeded with url: /api/tokenservices (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1076)')))

I am using the napalm-asa asa driver, however this driver can only be used if the Cisco ASA installs the REST API package, hence for cisco ASA that does not have REST API, Napalm cannot be used. Instead use netmiko, netmiko is using ssh and has methods to let you send commands.

It is not recommended to use a python wrapper to call REST APIs, requests module can do REST API calling easier, more direct and less complex in additional you can build your own logics while calling the APIs hence easier to control and troubleshoot for you.

This is the code which I use to test, but it will not work since my ASAv has no REST API.

from napalm import get_network_driver
from pyvault2.vault.hvault2 import get_kv2_secret
from pprint import pprint

driver = get_network_driver("asa")
vault_data = get_kv2_secret(mount_path="cisco_asa", path="fw02", find="data")
device_config = {
    "hostname": vault_data["ip"],
    "username": vault_data["username"],
    "password": vault_data["password"]

with driver(**device_config) as fw02:
    intf = fw02.get_facts()

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s