Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue: cisco_asa, show vpn-sessiondb detail l2l not parsing #1358

Open
ArxBloemJo opened this issue Apr 20, 2023 · 4 comments
Open

Issue: cisco_asa, show vpn-sessiondb detail l2l not parsing #1358

ArxBloemJo opened this issue Apr 20, 2023 · 4 comments

Comments

@ArxBloemJo
Copy link

ArxBloemJo commented Apr 20, 2023
edited

ISSUE TYPE
  • Template Issue with error and raw data
TEMPLATE USING
Value Filldown,Required SESSION_TYPE (\S+)
Value Filldown CONNECTION (\d+\.\d+\.\d+\.\d+)
Value Filldown INDEX (\d+)
Value Filldown IP_ADDRESS (\d+\.\d+\.\d+\.\d+)
Value Filldown PROTOCOL (.+?)
Value Filldown ENCRYPTION (.+?)
Value Filldown HASHING (.+?)
Value Filldown TOTAL_BYTES_TRANSMITTED (\d+)
Value Filldown TOTAL_BYTES_RECEIVED (\d+)
Value Filldown LOGIN_TIME (\d+:\d+:\d+)
Value Filldown LOGIN_TIME_ZONE (\S+)
Value Filldown LOGIN_WEEKDAY (\w+)
Value Filldown LOGIN_MONTH (\w+)
Value Filldown LOGIN_DAY (\d+)
Value Filldown LOGIN_YEAR (\d+)
Value Filldown DURATION (.+?)
Value Filldown FILTER_NAME (.*?)
Value Filldown TOTAL_IKE_SESSIONS (\d+)
Value Filldown TOTAL_IPSEC_SESSIONS (\d+)
Value CONNECTION_TYPE (\S+)
Value SESSION_ID (\d+)
Value UDP_SRC_PORT (\d+)
Value UDP_DST_PORT (\d+)
Value NEGOTIAION_MODE (\w+)
Value AUTHENTICATION_MODE (\w+)
Value REMOTE_AUTHENTICATION_MODE (\S+|)
Value LOCAL_AUTHENTICATION_MODE (\S+|)
Value ENCRYPTION_METHOD (\S+)
Value HASH_METHOD (\w+)
Value REKEY_INTERVAL (\d+)
Value REKEY_INTERVAL_UNIT (\S+)
Value REKEY_TIME_LEFT (\d+)
Value REKEY_TIME_LEFT_UNIT (\S+)
Value REKEY_DATA_INTERVAL (\d+)
Value REKEY_DATA_INTERVAL_UNIT (\S+)
Value REKEY_DATA_REMAINING (\d+)
Value REKEY_DATA_REMAINING_UNIT (\S+)
Value IDLE_TIMEOUT_INTERVAL (\d+)
Value IDLE_TIMEOUT_INTERVAL_UNIT (\S+)
Value IDLE_TIMEOUT_REMAINING (\d+)
Value IDLE_TIMEOUT_REMAINING_UNIT (\S+)
Value PRF (\S+)
Value DH_GROUP (\d+)
Value IPV6_FILTER_NAME (.*?)
Value LOCAL_ADDRESS_NETWORK (\d+\.\d+\.\d+\.\d+)
Value LOCAL_ADDRESS_MASK (\d+\.\d+\.\d+\.\d+)
Value REMOTE_ADDRESS_NETWORK (\d+\.\d+\.\d+\.\d+)
Value REMOTE_ADDRESS_MASK (\d+\.\d+\.\d+\.\d+)
Value ENCAPSULATION (\w+)
Value PFS_GROUP (\d+)
Value BYTES_TRANSMITTED (\d+)
Value BYTES_RECEIVED (\d+)
Value PACKETS_TRANSMITTED (\d+)
Value PACKETS_RECEIVED (\d+)
Value REVAL_TIMEOUT (\d+)
Value REVAL_TIMOUT_UNIT (\S+)
Value REVAL_TIMEOUT_REMAINING (\d+)
Value REVAL_TIMEOUT_REMAINING_UNIT (\S+)
Value STATUS_QUERY_INTERVAL (\S+)
Value STATUS_QUERY_INTERVAL_UNIT (\S+)
Value EAP_OVER_UDP_TIMER (\d+)
Value EAP_OVER_UDP_TIMER_UNIT (\S+)
Value POSTURE_HOLDTIME_REMAINING (\d+)
Value POSTURE_HOLDTIME_REMAINING_UNIT (\S+)
Value POSTURE_TOKEN (.*?)
Value REDIRECT_URL (.*?)


Start
  ^Session\s+Type:\s+${SESSION_TYPE}\s+Detailed\s*$$ -> Connection

Connection
  ^\s*Connection\s*:\s+${CONNECTION}\s*$$
  ^\s*Index\s*:\s+${INDEX}\s+IP\s+Addr\s*:\s+${IP_ADDRESS}\s*$$
  ^\s*Protocol\s*:\s+${PROTOCOL}(?:\s+Encryption\s*:\s+${ENCRYPTION}|)\s*$$
  ^\s*Encryption\s*:\s+${ENCRYPTION}\s+Hashing\s*:\s+${HASHING}\s*$$
  ^\s*Encryption\s*:\s+${ENCRYPTION}\s*$$
  ^\s*Hashing\s*:\s+${HASHING}\s*$$
  ^\s*Bytes\s+Tx\s*:\s+${TOTAL_BYTES_TRANSMITTED}\s+Bytes\s+Rx\s*:\s+${TOTAL_BYTES_RECEIVED}\s*$$
  ^\s*Login\s+Time\s*:\s+${LOGIN_TIME}\s+${LOGIN_TIME_ZONE}\s+${LOGIN_WEEKDAY}\s+${LOGIN_MONTH}\s+${LOGIN_DAY}\s+${LOGIN_YEAR}\s*$$
  ^\s*Duration\s*:\s+${DURATION}\s*$$
  ^\s*Filter\s+Name\s*:\s*${FILTER_NAME}\s*$$
  ^\s*IKE(?:[Vv]\d|)\s+Sessions:\s+${TOTAL_IKE_SESSIONS}\s+IPSec\s+Sessions:\s+${TOTAL_IPSEC_SESSIONS}\s*$$
  ^\s*IKE(?:[Vv]\d|)\s+Tunnels:\s*${TOTAL_IKE_SESSIONS}\s*$$
  ^\s*IP[Ss]ec\s+Tunnels:\s*${TOTAL_IPSEC_SESSIONS}\s*$$
  ^\s*IP[Ss]ecOverNatT\s+Tunnels:\s*${TOTAL_IPSEC_SESSIONS}\s*$$
  ^\s*${CONNECTION_TYPE}:\s*$$ -> Continue
  ^\s*IKE(?:[Vv]\d|): -> IKE
  ^\s*IP[Ss]ec: -> IPSec
  ^\s*NAC: -> NAC
  ^\s*Connection\s*: -> Continue.Record
  ^\s*Connection\s*:\s+${CONNECTION}\s*$$
  ^Session\s+Type -> Continue.Record
  ^Session\s+Type -> Continue.Clearall
  ^Session\s+Type:\s+${SESSION_TYPE}\s+Detailed\s*$$
  ^\s*$$
  ^. -> Error

IKE
  ^\s*(Session|Tunnel)\s+ID\s*:\s+(?:\d+\.|)${SESSION_ID}\s*$$
  ^\s*UDP\s+Src\s+Port\s*:\s+${UDP_SRC_PORT}\s+UDP\s+Dst\s+Port\s*:\s+${UDP_DST_PORT}\s*$$
  ^\s*Rem\s+Auth\s+Mode\s*:\s*${REMOTE_AUTHENTICATION_MODE}\s*$$
  ^\s*Loc\s+Auth\s+Mode\s*:\s*${LOCAL_AUTHENTICATION_MODE}\s*$$
  ^\s*IKE\s+Neg\s+Mode\s*:\s+${NEGOTIAION_MODE}\s+Auth\s+Mode\s*:\s+${AUTHENTICATION_MODE}\s*$$
  ^\s*Encryption\s*:\s+${ENCRYPTION_METHOD}\s+Hashing\s*:\s+${HASH_METHOD}\s*$$
  ^\s*Encapsulation\s+:\s*${ENCAPSULATION}\s*$$
  ^\s*Rekey\s+Int\s+\([Tt]\):\s+${REKEY_INTERVAL}\s+${REKEY_INTERVAL_UNIT}\s+Rekey\s+Left\([Tt]\):\s+${REKEY_TIME_LEFT}\s+${REKEY_TIME_LEFT_UNIT}\s*$$
  ^\s*Rekey\s+Int\s+\([Dd]\):\s+${REKEY_DATA_INTERVAL}\s+${REKEY_DATA_INTERVAL_UNIT}\s+Rekey\s+Left\([Dd]+\):\s+${REKEY_DATA_REMAINING}\s+${REKEY_DATA_REMAINING_UNIT}\s*$$
  ^\s*(?:PRF\s*:\s+${PRF}\s+|)D\/H\s+Group\s*:\s+${DH_GROUP}\s*$$
  ^\s*Filter\s+Name\s+:\s*${FILTER_NAME}\s*$$
  ^\s*IPv6\s+Filter\s+:\s*${IPV6_FILTER_NAME}\s*$$
  ^\s*\S+:\s*$$ -> Continue.Record
  ^\s*${CONNECTION_TYPE}:\s*$$ -> Continue
  ^\s*IKE(?:[Vv]\d|): -> IKE
  ^\s*IP[Ss]ec(?:OverNatT|): -> IPSec
  ^\s*NAC: -> NAC
  ^\s*Connection\s*: -> Continue.Record
  ^\s*Connection\s*:\s+${CONNECTION}\s*$$ -> Connection
  ^Session\s+Type -> Continue.Record
  ^Session\s+Type -> Continue.Clearall
  ^Session\s+Type:\s+${SESSION_TYPE}\s+Detailed\s*$$ -> Connection
  ^\s*$$
  ^. -> Error

IPSec
  ^\s*(Session|Tunnel)\s+ID\s*:\s+(?:\d+\.|)${SESSION_ID}\s*$$
  ^\s*Local\s+Addr\s*:\s+${LOCAL_ADDRESS_NETWORK}\/${LOCAL_ADDRESS_MASK}
  ^\s*Remote\s+Addr\s*:\s+${REMOTE_ADDRESS_NETWORK}\/${REMOTE_ADDRESS_MASK}
  ^\s*Encryption\s*:\s+${ENCRYPTION_METHOD}\s+Hashing\s*:\s+${HASH_METHOD}\s*$$
  ^\s*Encapsulation\s*:\s+${ENCAPSULATION}(?:\s+PFS\s+Group\s*:\s+${PFS_GROUP}|)\s*$$
  ^\s*Rekey\s+Int\s+\([Tt]\):\s+${REKEY_INTERVAL}\s+${REKEY_INTERVAL_UNIT}\s+Rekey\s+Left\([Tt]\):\s+${REKEY_TIME_LEFT}\s+${REKEY_TIME_LEFT_UNIT}\s*$$
  ^\s*Rekey\s+Int\s+\([Dd]\):\s+${REKEY_DATA_INTERVAL}\s+${REKEY_DATA_INTERVAL_UNIT}\s+Rekey\s+Left\([Dd]+\):\s+${REKEY_DATA_REMAINING}\s+${REKEY_DATA_REMAINING_UNIT}\s*$$
  ^\s*Idle\s+Time\s+Out\s*:\s+${IDLE_TIMEOUT_INTERVAL}\s+${IDLE_TIMEOUT_INTERVAL_UNIT}\s+Idle\s+TO\s+Left\s*:\s+${IDLE_TIMEOUT_REMAINING}\s+${IDLE_TIMEOUT_REMAINING_UNIT}\s*$$             
  ^\s*Bytes\s+Tx\s*:\s+${BYTES_TRANSMITTED}\s+Bytes\s+Rx\s*:\s+${BYTES_RECEIVED}\s*$$
  ^\s*Pkts\s+Tx\s*:\s+${PACKETS_TRANSMITTED}\s+Pkts\s+Rx\s*:\s+${PACKETS_RECEIVED}\s*$$
  ^\s*\S+:\s*$$ -> Continue.Record
  ^\s*${CONNECTION_TYPE}:\s*$$ -> Continue
  ^\s*IKE(?:[Vv]\d|): -> IKE
  ^\s*IP[Ss]ec(?:OverNatT|): -> IPSec
  ^\s*NAC: -> NAC
  ^\s*Connection\s*: -> Continue.Record
  ^\s*Connection\s*:\s+${CONNECTION}\s*$$ -> Connection
  ^Session\s+Type -> Continue.Record
  ^Session\s+Type -> Continue.Clearall
  ^Session\s+Type:\s+${SESSION_TYPE}\s+Detailed\s*$$ -> Connection
  ^\s*$$
  ^. -> Error

NAC
  ^\s*Reval\s+Int\s+\(\w\)\s*:\s+${REVAL_TIMEOUT}\s+${REVAL_TIMOUT_UNIT}\s+Reval\s+Left\s*\(\w\)\s*:\s+${REVAL_TIMEOUT_REMAINING}\s+${REVAL_TIMEOUT_REMAINING_UNIT}\s*$$
  ^\s*SQ\s+Int\s+\(\w\)\s*:\s+${STATUS_QUERY_INTERVAL}\s+${STATUS_QUERY_INTERVAL_UNIT}\s+EoU\s+Age\(\w\)\s*:\s+${EAP_OVER_UDP_TIMER}\s+${EAP_OVER_UDP_TIMER_UNIT}\s*$$
  ^\s*Hold\s+Left\s+\(\w\)\s*:\s+${POSTURE_HOLDTIME_REMAINING}\s+${POSTURE_HOLDTIME_REMAINING_UNIT}\s+Posture\s+Token\s*:\s*${POSTURE_TOKEN}\s*$$
  ^\s*Redirect\s+URL\s*:\s*${REDIRECT_URL}\s*$$
  ^\s*\S+:\s*$$ -> Continue.Record
  ^\s*${CONNECTION_TYPE}:\s*$$ -> Continue
  ^\s*IKE(?:[Vv]\d|): -> IKE
  ^\s*IP[Ss]ec(?:OverNatT|): -> IPSec
  ^\s*NAC: -> NAC
  ^\s*Connection\s*: -> Continue.Record
  ^\s*Connection\s*:\s+${CONNECTION}\s*$$ -> Connection
  ^Session\s+Type -> Continue.Record
  ^Session\s+Type -> Continue.Clearall
  ^Session\s+Type:\s+${SESSION_TYPE}\s+Detailed\s*$$ -> Connection
  ^\s*$$
  ^. -> Error
SAMPLE COMMAND OUTPUT
Connection   : DefaultL2LGroup
Index        : 195354                 IP Addr      : 145.224.99.131
Protocol     : IKEv2 IPsecOverNatT
Encryption   : IKEv2: (1)AES256  IPsecOverNatT: (1)AES256
Hashing      : IKEv2: (1)SHA256  IPsecOverNatT: (1)SHA256
Bytes Tx     : 100158242              Bytes Rx     : 104530574
Login Time   : 00:13:25 CEST Thu Apr 20 2023
Duration     : 15h:26m:01s

IKEv2 Tunnels: 1
IPsecOverNatT Tunnels: 1

IKEv2:
  Tunnel ID    : 195354.1
  UDP Src Port : 43022                  UDP Dst Port : 4500
  Rem Auth Mode: preSharedKeys
  Loc Auth Mode: preSharedKeys
  Encryption   : AES256                 Hashing      : SHA256
  Rekey Int (T): 86400 Seconds          Rekey Left(T): 30854 Seconds
  PRF          : SHA256                 D/H Group    : 14
  Filter Name  :

IPsecOverNatT:
  Tunnel ID    : 195354.2
  Local Addr   : 10.3.148.0/255.255.252.0/0/0
  Remote Addr  : 10.250.0.0/255.255.0.0/0/0
  Encryption   : AES256                 Hashing      : SHA256
  Encapsulation: Tunnel                 PFS Group    : 14
  Rekey Int (T): 28800 Seconds          Rekey Left(T): 26325 Seconds
  Rekey Int (D): 4608000 K-Bytes        Rekey Left(D): 4605988 K-Bytes
  Idle Time Out: 30 Minutes             Idle TO Left : 29 Minutes
  Bytes Tx     : 100159543              Bytes Rx     : 104531656
  Pkts Tx      : 239110                 Pkts Rx      : 242980
SUMMARY
EXPECTED RESULTS

Currently parsed data

ACTUAL RESULTS
Traceback (most recent call last):
  File "c:\Users\JoeriBloemen\OneDrive - Arxus.cloud\Arxus\LocalCoding\ASA\Billing_netw\asa_billing.py", line 184, in <module>
    main()
  File "c:\Users\JoeriBloemen\OneDrive - Arxus.cloud\Arxus\LocalCoding\ASA\Billing_netw\asa_billing.py", line 70, in main
    print(device.get_s2s_rules("Imens01"))
  File "c:\Users\JoeriBloemen\OneDrive - Arxus.cloud\Arxus\LocalCoding\ASA\Billing_netw\arx_asa_test.py", line 55, in get_s2s_rules
    parsedout = parse_output(
  File "C:\Users\JoeriBloemen\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\ntc_templates\parse.py", line 57, in parse_output
    cli_table.ParseCmd(data, attrs)
  File "C:\Users\JoeriBloemen\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\textfsm\clitable.py", line 282, in ParseCmd
    self.table = self._ParseCmdItem(self.raw, template_file=template_files[0])
  File "C:\Users\JoeriBloemen\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\textfsm\clitable.py", line 315, in _ParseCmdItem
    for record in fsm.ParseText(cmd_input):
  File "C:\Users\JoeriBloemen\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\textfsm\parser.py", line 897, in ParseText
    self._CheckLine(line)
  File "C:\Users\JoeriBloemen\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\textfsm\parser.py", line 946, in _CheckLine
    if self._Operations(rule, line):
  File "C:\Users\JoeriBloemen\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\textfsm\parser.py", line 1026, in _Operations
    raise TextFSMError('State Error raised. Rule Line: %s. Input Line: %s'
textfsm.parser.TextFSMError: State Error raised. Rule Line: 146. Input Line:   Encryption   : AES-GCM-256            Hashing      : none
PS C:\Users\JoeriBloemen\OneDrive - Arxus.cloud\Arxus\LocalCoding>
@ArxBloemJo
Copy link
Author

Connection : DefaultL2LGroup

Strings are not supported in the template. It's show a string because this is a dynamic cryptomap and connection peer is not a static ip

@jvanderaa
Copy link
Contributor

There are a couple of things. First there is missing the connection type section at the top. Was this command executed with something more than just show vpn-sessiondb detail l2l?

@ArxBloemJo
Copy link
Author

Oops i did not paste the whole output of the command (issue edited). Yes i use only the show vpn-sessiondb detail l2l command. I tested it locally if i change the template value CONNECTION:
Currently
"""Value Filldown CONNECTION (\d+.\d+.\d+.\d+)"""
TO
"""Value Filldown CONNECTION (.+?)"""

So it can accept everything on that value then i works and no error is raised.

@mjbear
Copy link
Contributor

mjbear commented Aug 17, 2023

@ArxBloemJo @jvanderaa

Could use \S+ so that CONNECTION capture group doesn't inadvertently match white space.

The example above doesn't include Session Type which is required so this output won't parse as is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jvanderaa @mjbear @ArxBloemJo