Cisco ASA connect failure when device is already in enable mode after login
See original GitHub issueWorks in version 3.1.0 and breaks in version 3.3.0.
If the device is not in enable mode at login then it works correctly and goes into enable mode allowing the script to continue.
If the device drops to enable mode at login (aaa authorization exec LOCAL auto-enable) then we get the below traceback at login using 3.3.0 but not with 3.1.0.
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/paramiko/channel.py", line 699, in recv
out = self.in_buffer.read(nbytes, self.timeout)
File "/usr/local/lib/python3.6/site-packages/paramiko/buffered_pipe.py", line 164, in read
raise PipeTimeout()
paramiko.buffered_pipe.PipeTimeout
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 569, in _read_channel_expect
new_data = self.remote_conn.recv(MAX_BUFFER)
File "/usr/local/lib/python3.6/site-packages/paramiko/channel.py", line 701, in recv
raise socket.timeout()
socket.timeout
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 1680, in enable
pattern=pattern, re_flags=re_flags
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 669, in read_until_prompt_or_pattern
return self._read_channel_expect(combined_pattern, re_flags=re_flags)
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 580, in _read_channel_expect
"Timed-out reading channel, data not available."
netmiko.ssh_exception.NetmikoTimeoutException: Timed-out reading channel, data not available.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "vpn_stats.py", line 313, in <module>
vpnstats()
File "vpn_stats.py", line 308, in vpnstats
vpn_sess_obj.updateVpnSessionStats()
File "vpn_stats.py", line 235, in updateVpnSessionStats
cmd_out = self.__ciscoSessions(fw[X].strip())
File "vpn_stats.py", line 138, in __ciscoSessions
secret=self.password)
File "/usr/local/lib/python3.6/site-packages/netmiko/ssh_dispatcher.py", line 315, in ConnectHandler
return ConnectionClass(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/netmiko/cisco/cisco_asa_ssh.py", line 15, in __init__
return super().__init__(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 346, in __init__
self._open()
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 352, in _open
self._try_session_preparation()
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 788, in _try_session_preparation
self.session_preparation()
File "/usr/local/lib/python3.6/site-packages/netmiko/cisco/cisco_asa_ssh.py", line 35, in session_preparation
self.enable()
File "/usr/local/lib/python3.6/site-packages/netmiko/cisco/cisco_asa_ssh.py", line 28, in enable
cmd=cmd, pattern=pattern, enable_pattern=enable_pattern, re_flags=re_flags
File "/usr/local/lib/python3.6/site-packages/netmiko/cisco_base_connection.py", line 25, in enable
cmd=cmd, pattern=pattern, enable_pattern=enable_pattern, re_flags=re_flags
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 1690, in enable
raise ValueError(msg)
ValueError: Failed to enter enable mode. Please ensure you pass the 'secret' argument to ConnectHandler.
Issue Analytics
- State:
- Created 3 years ago
- Comments:18 (7 by maintainers)
Top Results From Across the Web
ASA Connection Problems to the Cisco Adaptive Security ...
This document provides the troubleshooting methodology necessary to examine issues faced when you access/configure the Cisco Adaptive Security ...
Read more >Solved: ASA 5545 TACACS+ login issue - Cisco Community
Solved: Hi Guys, I was trying to configure an ASA 5545 and adding it to Tacacs+. I've got the error message " Command...
Read more >Troubleshoot ASA Smart License on FXOS Firepower ... - Cisco
This document describes the Adaptive Security Appliance (ASA) Smart License feature on Firepower eXtensible Operating System (FXOS) appliances.
Read more >Troubleshoot Common L2L and Remote Access IPsec VPN ...
VPN Clients are Unable to Connect with ASA/PIX. Problem. Solution. Problem. Solution. VPN Client Drops Connection Frequently on First Attempt or "Security ...
Read more >AnyConnect VPN Client Troubleshooting Guide - Cisco
Error : Anyconnect not enabled on VPN server while trying to connect ... In order to enable logging on the ASA for auth,...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@ktbyers that appears to have fixed it. @ghmj2417 and @tbiens can you guys confirm as well?
I am going to merge that PR and then we can adjust/fix it, if there are still issues outstanding.