[python]Grow commands from a template with jinja2

Problem I made a template to push object network configuration to Cisco ASA, this is how the template looks like: conf_attr is the keyword to store the payload I sent to Cisco ASA via Nornir/netmiko, the problem with this template is only one command is sent per session. In order to commands to be sent … Continue reading [python]Grow commands from a template with jinja2 →

[python] asa library

I created an asa library which contains functions require to perform some asa operations, this is not a complete set, there are some sets which I have not tested yet, the below functions are all tested and working.

[python]Configuring cisco asa

Introduction I am testing some functions for sending configuration over to cisco asa with netmiko. Netmiko support sending commands and sending commands as a set. In order to deliver the command as a set Jinja2 template engine is used to fill up the variables of the template. The purpose of this post is to record … Continue reading [python]Configuring cisco asa →

[python]Match most of the Cisco ASA access list patterns with regular expression

Regular expression reference Purchase the course by Sujith George The Complete Regular Expressions Course:Beginner to Advanced from Udemy Study this code from git hub, this code gives a good idea on how you should match access-list, from this course I realize the regex module can convert the matched data to dictionary. Read this documentation about … Continue reading [python]Match most of the Cisco ASA access list patterns with regular expression →

[python]Detect changes in configuration of ASA

Three python scripts were written for doing specific tasks. conn_asa.py - this script is responsible for generating two outputs hostname and md_now (md is short for message digest) statechange.py - this script writes the hash generated from conn_asa.py into database. compare_change.py - this script compares the hash stored in db with the current hash generated … Continue reading [python]Detect changes in configuration of ASA →

Config example for ipsec vpn with iPad native vpn client

The iPad native vpn client supports ikev2. I have searched many documents in the internet and most of them are example for site-to-site, very few useful documentation about remote access vpn with ipsec using ikev2 perhaps for remote access ssl vpn is more convenient and popular. So here's the sample config. The config use certificate … Continue reading Config example for ipsec vpn with iPad native vpn client →

Cisco ASA: Setting up anyconnect vpn with SSL and IPsec

Introduction This post demonstrates how to set up anyconnect vpn for your mobile devices. In this post I am using an android mobile phone and downloaded anyconnect ICS+. Cisco ASA software version 9.1(4), ASDM version 7.1, with anyconnect essential license and anyconnect for mobile license. This demonstration will configure IPsec and SSL remote access VPN, … Continue reading Cisco ASA: Setting up anyconnect vpn with SSL and IPsec →

Cisco ASA: Firewall rule testing before deployment

Introduction You want to segregate the network between users and servers network. Both the users and servers network is using the same subnet 192.168.20.0/24, to reduce the changes while implementing firewall and to test the firewall before it is deployed in between users and servers you have decided to do the following: 1. Use transparent … Continue reading Cisco ASA: Firewall rule testing before deployment →

Cisco ASA: Packet Capture

Packet capture with access list You can use access-list to group the interesting traffic, then use the capture command. If you use ASA version 9, remember do not use the keyword any when creating access-list. This keyword supports both ipv4 and ipv6, you will receive this error when you try to use the capture command. … Continue reading Cisco ASA: Packet Capture →

Cisco Systems: TACACS+ authentication

TACACS+ brief introduction 1. Utilizes TCP 49. 2. Encrypts the entire packet. 3. Separates authentication, authorization and accounting. Setting up Cisco ACS The task here is to create a user group, user account and setup the network configuration to get it started. Click on Network Configuration, under AAA Clients click Add Entry The AAA Client … Continue reading Cisco Systems: TACACS+ authentication →