From 333e5c6e6a45de1dc657f322b47f98355a6a4528 Mon Sep 17 00:00:00 2001 From: Josh VanDeraa Date: Tue, 17 Mar 2020 22:35:47 -0500 Subject: [PATCH] Adds template for Cisco ASA "show vpn-sessiondb anyconnect" (#625) * Adds template for show vpn-sessiondb anyconnect * Adds presumptive output of a second user output Co-authored-by: Josh VanDeraa --- ..._asa_show_vpn-sessiondb_anyconnect.textfsm | 44 ++++++++++++++++ templates/index | 1 + ...isco_asa_show_vpn-sessiondb_anyconnect.raw | 15 ++++++ ...isco_asa_show_vpn-sessiondb_anyconnect.yml | 27 ++++++++++ ...sco_asa_show_vpn-sessiondb_anyconnect1.raw | 33 ++++++++++++ ...sco_asa_show_vpn-sessiondb_anyconnect1.yml | 52 +++++++++++++++++++ 6 files changed, 172 insertions(+) create mode 100644 templates/cisco_asa_show_vpn-sessiondb_anyconnect.textfsm create mode 100644 tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.raw create mode 100644 tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.yml create mode 100644 tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.raw create mode 100644 tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.yml diff --git a/templates/cisco_asa_show_vpn-sessiondb_anyconnect.textfsm b/templates/cisco_asa_show_vpn-sessiondb_anyconnect.textfsm new file mode 100644 index 0000000000..382891ef56 --- /dev/null +++ b/templates/cisco_asa_show_vpn-sessiondb_anyconnect.textfsm @@ -0,0 +1,44 @@ +Value Required SESSION_TYPE (\S+) +Value USERNAME (\S+) +Value INDEX (\d+) +Value ASSIGNED_IP (\d+\.\d+\.\d+\.\d+) +Value PUBLIC_IP (\d+\.\d+\.\d+\.\d+) +Value PROTOCOL (.+?) +Value LICENSE (.+?) +Value ENCRYPTION (.+?) +Value HASHING (.+?) +Value BYTES_TX (\d+) +Value BYTES_RX (\d+) +Value GROUP_POLICY (\S+) +Value TUNNEL_GROUP (\S+) +Value LOGIN_TIME (\d+:\d+:\d+) +Value LOGIN_TIME_ZONE (\w+) +Value LOGIN_WEEKDAY (\w+) +Value LOGIN_MONTH (\w+) +Value LOGIN_DAY (\d+) +Value LOGIN_YEAR (\d+) +Value DURATION (.+?) +Value INACTIVITY (.+?) +Value VLAN_MAPPING (\S+) +Value VLAN (.+?) +Value AUDT_SESS_ID (.+?) +Value SECURITY_GRP (.+?) + +Start + ^Session\s+Type:\s+${SESSION_TYPE}$$ + ^\s*Username\s*:\s+${USERNAME}\s+Index\s+:\s*${INDEX}$$ + ^\s*Assigned\s+IP\s*:\s+${ASSIGNED_IP}\s+Public\s*IP\s*:\s*${PUBLIC_IP}$$ + ^\s*Protocol\s+:\s+${PROTOCOL}$$ + ^\s*License\s+:\s*${LICENSE}$$ + ^\s*Encryption\s+:\s*${ENCRYPTION}$$ + ^\s*Hashing\s+:\s*${HASHING}$$ + ^\s*Bytes\s+Tx\s+:\s+${BYTES_TX}\s+Bytes\s+Rx\s+:\s+${BYTES_RX}$$ + ^\s*Group\s+Policy\s+:\s+${GROUP_POLICY}\s+Tunnel\s+Group\s+:\s+${TUNNEL_GROUP}$$ + ^\s*Login\s+Time\s+:\s+${LOGIN_TIME}\s+${LOGIN_TIME_ZONE}\s+${LOGIN_WEEKDAY}\s+${LOGIN_MONTH}\s+${LOGIN_DAY}\s+${LOGIN_YEAR}$$ + ^\s*Duration\s+:\s+${DURATION}$$ + ^\s*Inactivity\s+:\s+${INACTIVITY}$$ + ^\s*VLAN\s+Mapping\s+:\s+${VLAN_MAPPING}\s+VLAN\s+:\s+${VLAN}$$ + ^\s*Audt\s+Sess\s+ID\s+:\s+${AUDT_SESS_ID}$$ + ^\s*Security\s+Grp\s+:\s+${SECURITY_GRP}$$ -> Record + ^\s*$$ + ^. -> Error \ No newline at end of file diff --git a/templates/index b/templates/index index 978034e026..74c3469a98 100644 --- a/templates/index +++ b/templates/index @@ -112,6 +112,7 @@ cisco_asa_show_asp_table_vpn-context_detail.textfsm, .*, cisco_asa, sh[[ow]] asp cisco_asa_show_running-config_crypto_ikev1.textfsm, .*, cisco_asa, sh[[ow]] ru[[nning-config]] cr[[ypto]] ikev1 cisco_asa_show_running-config_tunnel-group.textfsm, .*, cisco_asa, sh[[ow]] ru[[nning-config]] tu[[nnel-group]] cisco_asa_show_running-config_crypto_map.textfsm, .*, cisco_asa, sh[[ow]] ru[[nning-config]] cr[[ypto]] m[[ap]] +cisco_asa_show_vpn-sessiondb_anyconnect.textfsm, .*, cisco_asa, sh[[ow]] vpn-[[sessiondb]] a[[nyconnect]] cisco_asa_show_vpn-sessiondb_detail_l2l.textfsm, .*, cisco_asa, sh[[ow]] vpn-[[sessiondb]] d[[etail]] l[[2l]] cisco_asa_show_crypto_ikev1_sa_detail.textfsm, .*, cisco_asa, sh[[ow]] cry[[pto]] ikev1 sa d[[etail]] cisco_asa_show_object-group_network.textfsm, .*, cisco_asa, sh[[ow]] (?:ru[[nning-config]] object-[[group]]|ob[[ject-group]]) n[[etwork]] diff --git a/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.raw b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.raw new file mode 100644 index 0000000000..46d95729a0 --- /dev/null +++ b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.raw @@ -0,0 +1,15 @@ +Session Type: AnyConnect +Username : USER Index : 1018 +Assigned IP : 10.254.254.22 Public IP : 1.2.3.4 +Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel +License : AnyConnect Premium +Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES128 +Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1 +Bytes Tx : 17186425 Bytes Rx : 7094561 +Group Policy : RAVPN Tunnel Group : RAVPN +Login Time : 14:28:09 CDT Tue Mar 17 2020 +Duration : 2h:21m:21s +Inactivity : 0h:00m:00s +VLAN Mapping : N/A VLAN : none +Audt Sess ID : ac1063fe003fa0005e715555 +Security Grp : none \ No newline at end of file diff --git a/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.yml b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.yml new file mode 100644 index 0000000000..1476aa6c9f --- /dev/null +++ b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect.yml @@ -0,0 +1,27 @@ +--- +parsed_sample: + - session_type: "AnyConnect" + username: "USER" + index: "1018" + assigned_ip: "10.254.254.22" + public_ip: "1.2.3.4" + protocol: "AnyConnect-Parent SSL-Tunnel DTLS-Tunnel" + license: "AnyConnect Premium" + encryption: "AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES128" + hashing: "AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1" + bytes_tx: "17186425" + bytes_rx: "7094561" + group_policy: "RAVPN" + tunnel_group: "RAVPN" + login_time: "14:28:09" + login_time_zone: "CDT" + login_weekday: "Tue" + login_month: "Mar" + login_day: "17" + login_year: "2020" + duration: "2h:21m:21s" + inactivity: "0h:00m:00s" + vlan_mapping: "N/A" + vlan: "none" + audt_sess_id: "ac1063fe003fa0005e715555" + security_grp: "none" diff --git a/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.raw b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.raw new file mode 100644 index 0000000000..cfc57ea2ae --- /dev/null +++ b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.raw @@ -0,0 +1,33 @@ +Session Type: AnyConnect + +Username : USER Index : 1018 +Assigned IP : 10.254.254.22 Public IP : 1.2.3.4 +Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel +License : AnyConnect Premium +Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES128 +Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1 +Bytes Tx : 17186425 Bytes Rx : 7094561 +Group Policy : RAVPN Tunnel Group : RAVPN +Login Time : 14:28:09 CDT Tue Mar 17 2020 +Duration : 2h:21m:21s +Inactivity : 0h:00m:00s +VLAN Mapping : N/A VLAN : none +Audt Sess ID : ac1063fe003fa0005e715555 +Security Grp : none + +Session Type: AnyConnect + +Username : lee Index : 1 +Assigned IP : 192.168.246.1 Public IP : 10.139.1.2 +Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel +License : AnyConnect Premium +Encryption : RC4 AES128 +Hashing : SHA1 +Bytes Tx : 11079 Bytes Rx : 4942 +Group Policy : EngPolicy Tunnel Group : EngGroup +Login Time : 15:25:13 EST Fri Jan 28 2011 +Duration : 0h:00m:15s +Inactivity : 0h:00m:00s +VLAN Mapping : N/A VLAN : none +Audt Sess ID : a31867c632efaeaad +Security Grp : none diff --git a/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.yml b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.yml new file mode 100644 index 0000000000..d00bf4134a --- /dev/null +++ b/tests/cisco_asa/show_vpn-sessiondb_anyconnect/cisco_asa_show_vpn-sessiondb_anyconnect1.yml @@ -0,0 +1,52 @@ +--- +parsed_sample: + - session_type: "AnyConnect" + username: "USER" + index: "1018" + assigned_ip: "10.254.254.22" + public_ip: "1.2.3.4" + protocol: "AnyConnect-Parent SSL-Tunnel DTLS-Tunnel" + license: "AnyConnect Premium" + encryption: "AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES128" + hashing: "AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1" + bytes_tx: "17186425" + bytes_rx: "7094561" + group_policy: "RAVPN" + tunnel_group: "RAVPN" + login_time: "14:28:09" + login_time_zone: "CDT" + login_weekday: "Tue" + login_month: "Mar" + login_day: "17" + login_year: "2020" + duration: "2h:21m:21s" + inactivity: "0h:00m:00s" + vlan_mapping: "N/A" + vlan: "none" + audt_sess_id: "ac1063fe003fa0005e715555" + security_grp: "none" + - session_type: "AnyConnect" + username: "lee" + index: "1" + assigned_ip: "192.168.246.1" + public_ip: "10.139.1.2" + protocol: "AnyConnect-Parent SSL-Tunnel DTLS-Tunnel" + license: "AnyConnect Premium" + encryption: "RC4 AES128" + hashing: "SHA1" + bytes_tx: "11079" + bytes_rx: "4942" + group_policy: "EngPolicy" + tunnel_group: "EngGroup" + login_time: "15:25:13" + login_time_zone: "EST" + login_weekday: "Fri" + login_month: "Jan" + login_day: "28" + login_year: "2011" + duration: "0h:00m:15s" + inactivity: "0h:00m:00s" + vlan_mapping: "N/A" + vlan: "none" + audt_sess_id: "a31867c632efaeaad" + security_grp: "none"