Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cisco ASA fails to enter enable mode
See original GitHub issueRunning into this issue as well when trying to pass the enable secret password to a Cisco ASA firewall. It’s odd because I have the exact same script working fine when running from a mapped network drive, but when the exact same script is run from a local C: drive, it fails. It is connecting to a number of Cisco ASA firewalls. The first Cisco ASA is able to connect to, enter enable mode, changeto admin context, run its commands, and then when it moves to the second ASA, it errors out when trying to set the enable secret password. But again, this works fine when I run the script from a mapped network drive.
This is Python 3.72: C:\Scripts\VPN>python Python 3.7.2 (tags/v3.7.2:9a3ffc0492, Dec 23 2018, 23:09:28) [MSC v.1916 64 bit (AMD64)] on win32 Type “help”, “copyright”, “credits” or “license” for more information. vpn-health-check.log
Output and Error shown below: Code further down below that.
VPN Status Update
Obtaining memory values…
Obtaining Cisco VPN health information…
Connecting to device 172.18.246.4
DEA-DATFVDMZ1/act#
CPU utilization for 5 seconds = 25%; 1 minute: 27%; 5 minutes: 26%
13:47:49.152 EST Fri Mar 1 2019
5 min cpu util: 26%
Connecting to device 172.31.246.4 Traceback (most recent call last): File “dev_vpn-health-check.py”, line 108, in <module> ssh = ConnectHandler(**a_device, global_delay_factor=4) File “C:\Users\hb33693\AppData\Local\Programs\Python\Python37\lib\site-packages\netmiko\ssh_dispatcher.py”, line 218, in ConnectHandler return ConnectionClass(*args, **kwargs) File “C:\Users\hb33693\AppData\Local\Programs\Python\Python37\lib\site-packages\netmiko\base_connection.py”, line 271, in init self._try_session_preparation() File “C:\Users\hb33693\AppData\Local\Programs\Python\Python37\lib\site-packages\netmiko\base_connection.py”, line 650, in _try_session_preparation self.session_preparation() File “C:\Users\hb33693\AppData\Local\Programs\Python\Python37\lib\site-packages\netmiko\cisco\cisco_asa_ssh.py”, line 16, in session_preparation self.enable() File “C:\Users\hb33693\AppData\Local\Programs\Python\Python37\lib\site-packages\netmiko\cisco_base_connection.py”, line 18, in enable return super(CiscoBaseConnection, self).enable(cmd=cmd, pattern=pattern, re_flags=re_flags) File “C:\Users\hb33693\AppData\Local\Programs\Python\Python37\lib\site-packages\netmiko\base_connection.py”, line 1299, in enable raise ValueError(msg) ValueError: Failed to enter enable mode. Please ensure you pass the ‘secret’ argument to ConnectHandler.
I have tried default global_delay_factor of 1, 2, and 4 - no change - 4 shown as this was the last attempt I tried. I will try higher values as well.
Code below:
values = {'172.18.246.4': {'cpu': '0'},
'172.31.246.4': {'cpu': '0'},
'172.21.27.1': {'cpu': '0', 'a_conns': 0, 'i_conns': 0},
'172.29.27.1': {'cpu': '0', 'a_conns': 0, 'i_conns': 0},
}
# External DMZ1 Firewall Easton: dea-datfvdmz1 172.18.246.4
deadatfvdmz1 = {'device_type': 'cisco_asa',
'host': '172.18.246.4',
'username': user,
'password': password,
'secret': enable_secret,
}
# External DMZ1 Firewall Tuller: dtu-s01fvdmz1 172.31.246.4
dtus01fvdmz1 = {'device_type': 'cisco_asa',
'host': '172.31.246.4',
'username': user,
'password': password,
'secret': enable_secret,
}
external_ASAs = [deadatfvdmz1, dtus01fvdmz1]
internal_ASAs = [deadatfvdmz3, dtus01fvdmz3]
netmiko_exceptions = (netmiko.ssh_exception.NetMikoAuthenticationException,
netmiko.ssh_exception.NetMikoTimeoutException)
total_a_conns = 0
start_time = datetime.now()
for a_device in external_ASAs:
try:
print("~"*79)
print(f"Connecting to device {a_device['host']}")
ssh = ConnectHandler(**a_device, global_delay_factor=4)
cts_output = ssh.send_command("changeto system")
cpu_output = ssh.send_command("show cpu")
clock_output = ssh.send_command("show clock")
output = cts_output + "\n" + cpu_output + "\n" + clock_output
print(output)
regex = re.compile(r'([1]?[0-9]?[0-9]\%)$')
match = regex.search(cpu_output)
if match:
print("5 min cpu util: " + str(match.group()))
values[a_device['host']]['cpu'] = str(match.group())
except netmiko_exceptions as e:
print("Exception with device " + a_device + " " + e)
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The prompt config on our Cisco ASA has been permanently configured, and so now, the issue doesn’t occur anymore with the script. Thanks for the tip of using the ‘session_log’: ‘dmz1_output.txt’, in the code, that could prove helpful for future troubleshooting. Thank you very much for your assistance! Really love this library!! David
Noticed that the issue has re-presented itself, the prompt is again disappearing, so when it does, the script does hang, then will crash, like before. I will go ahead and add the session_log parameter to try and get additional info.