myITmicroblog

After suggestions I received I decided to rewrite my last script and use some functions. I know the code is not very long or complex so using functions seems to be unnecessary. From the other side you should improve your code, so I decided to try. The main 3 functions I added: Open file:     #function definition - open file def openfile(p1,p2): f = open(p1, p2) return f   Read file:     #function definition - read file def readfile(filen,objecttype,objectstart,objectend,linelenght,tabletmp): for line in filen: eol = len(line)-1 if line[objectstart:objectend] == objecttype: onn = line[linelenght:eol] tabletmp.append([onn]) if debugmode == "on": print line[objectstart:objectend] + ' ->' + objecttype + ' ' + onn return tabletmp     Remove duplicates:     #function definition - remove duplicates def removeduplicates(tab1,tab2): for i in tab1: if debugmode == "on": # print (str(tab1) +" i\n") print i[0]+

My next Python project can help you find non-used objects in your ASA configuration. I saw it’s very common to update ASA’s configuration, add network objects, modify ACLs but no one remember about objects which are not used anymore. The only one time when people review the config is migration from one vendor to another one. My script can help you in keeping config clean from non-used objects. This is a config I will work with: [hzw@zeus oof]$ cat acl2.txt object network 172.16.0.0_16 subnet 172.16.0.0 255.255.0.0 object network 192.168.1.0_24 subnet 192.168.1.0 255.255.254.0 object network 192.168.1.0_23 subnet 192.168.1.0 255.255.254.0 object network 172.16.250.5 host 172.16.250.5 object network 172.16.250.0_24 subnet 172.16.250.0 255.255.255.0 object network 172.16.250.5_ host 172.16.250.5 object network 172.16.250.110 host 172.16.250.110 object network 10.10.0.100_h host 10.10.0.100 object-group network TEST1 network-object object 172.16.250.5 network-object ob

Recently I worked on one problem related with asymmetric VPN traffic. It was caused by misconfiguration of encryption domain. We fixed the problem and I would like to document the scenario. My previous post is about my first python script which helped to find issues, more details here . This is a scenario I will work with: [rA]g0/1-------g0/2[asaC]g0/1-----------g0/1[asaD]g0/2-------g0/1[rB] | VPN TUNNEL | ======================== 10.1.0.2 - 10.1.0.1[ ]10.0.0.1 10.0.0.2[ ]10.2.0.1 - 10.2.0.2 LAN1: LAN2: 10.1.1.0/24 10.2.1.0/24 10.1.2.0/24 10.2.2.0/24         Traffic from 10.1.1.0/24 and 10.1.2.0/24 should go through VPN tunnel set up between two ASAs: ‘asaC’ and ‘asaD’ This is an access list I created. They were implemented in the same way (order too!). As y

I decided to learn Python a bit but I prefer real problems not 'courses' way of learning as I'm too fast bored. Hopefully I worked on one issue where VPN (site-to-site) worked very unstable. Sometimes everything was fine, sometimes some hosts couldn't pass through. I discovered that the problem is related with overlapping encryption domains. There were some 'host' and 'network' entries which were added over the time when the project went from development to production phase. The only one problem was the old entries were not removed. Once all overlapping entries were removed everything works fine. I tried to find a way how to check configuration for all remaining tunnels but not to spend too much time on it. So I thought about Python then... This is the configuration part which I want to work on: object network 172.16.0.0_16 subnet 172.16.0.0 255.255.0.0 object network 192.168.1.0_24 subnet 192.168.1.0 255.255.254.0 object network 192.168.1.0_23 s