Introduction The version used for this lab is Cisco FMC 6.4.0, and Cisco FTD used is 6.3.0. To access the Cisco FMC REST API, you need to ensure it is enabled. You can test it by going to https:///api/api-explorer if you can see the swagger like documentation then the REST API is enabled, you can … Continue reading [python]Cisco FMC REST API example – GET Server version and add device to Cisco FMC
Problem I made a template to push object network configuration to Cisco ASA, this is how the template looks like: conf_attr is the keyword to store the payload I sent to Cisco ASA via Nornir/netmiko, the problem with this template is only one command is sent per session. In order to commands to be sent … Continue reading [python]Grow commands from a template with jinja2
Introduction Thank you Kirill Pletnev for letting me know about ttp module. ttp - Template Text Parser - is an easier to use parser than TextFSM, user does not need to know regex, the regex has already been defined, but how comprehensive is the regex is yet for me to discover. You can refer to … Continue reading [python]Usage example of ttp
Introduction Netmiko has support of textfsm, however it does not have every template to help the matching, to learn how to use textfsm is useful in this situation which you can create your own template without overly rely on module's limited template. TextFSM is created by google, it provides easier and more structured way of … Continue reading [python]Use TextFSM to easily get objects you need from unstructured data.
Introduction On previous few posts, the ACL was push to the cisco asa with Nornir, but there was limitation that is only one source ip, one destination ip and one service are allowed, if there is more than one in any of these then only one rule is pushed. But there will be a number … Continue reading [python]Improve on ACL template.
I am using Cisco ASAv asa992-smp-k8.bin Generate RSA from Centos ssh-keygen -t rsa -b 2048 I rename this asymmetric keys as cisco_id_rsa. Then I get the contents of cisco_id_rsa.pub. Exclude the ssh-rsa and the username@hostname, only get the key and copy and paste to the cisco asa. See the screenshot on the highlighted portion. On … Continue reading [cisco]Public key authentication on Cisco ASA
For this lab I am using Firepower Threat Defence version 6.3 (FTD) and Firepower Management Center 6.3 (FMC). The FTD is a next generation firewall that does IPS/IDS, URL filtering and traditional firewall, the FTD itself can be managed individually with its own FTD manager, however it can also be managed with FMC. The IPS/IDS … Continue reading [cisco]Cisco Firepower lab setup
Tufin securetrack is monitoring the device groups from Panorama, in the dashboard you saw the status is device connected, however when you go to Settings > administration > status, the device group is amber and the status is Error:Unable to get configuration. Usually is because the Palo Alto Firewall is disconnected from Panorama. Login to … Continue reading [Tufin]Error:Unable to get configuration
this is for new setup.
The iPad native vpn client supports ikev2. I have searched many documents in the internet and most of them are example for site-to-site, very few useful documentation about remote access vpn with ipsec using ikev2 perhaps for remote access ssl vpn is more convenient and popular. So here's the sample config. The config use certificate … Continue reading Config example for ipsec vpn with iPad native vpn client