Is it possible to determine the static nats on an ASA 5550 or 5540 running 8.2(x) programmatically? I don't see it as an available SNMP oid but perhaps I am missing it.
Asked
Active
Viewed 290 times
-1
-
2what exactly do you want programatically? The list of NAT entries? Is screen-scraping an option? – Mike Pennington Jul 22 '12 at 01:07
-
I would like the output of "show run static". Screen scraping is less preferred but if that's the only way to get the info.... – Starsky Jul 23 '12 at 02:33
-
What system are you feeding this into? – SpacemanSpiff Jul 23 '12 at 03:16
-
A homegrown IPAM to handle our large number of NATs. – Starsky Jul 25 '12 at 02:09
1 Answers
0
There is probably a more graceful way, but you could write an expect script to login to your ASA and then run the command sh run static, capture the output and then send it somewhere for processing.
I haven't got a full script that will do exactly what you need, as I only use expect to roll out configuration changes across the ASAs I manage. However, the following will login to an ASAs and get to the enable (#) prompt, then dump the config to a tftp server and exit. That does get your config onto a server where you can then process the file(s) using grep.
spawn ssh {user}@{asa-hostname-or-ip-address}
expect -timeout 10
expect "assword:"
send "{password}\r"
expect ">"
send "en\r"
expect "assword:"
send "{password}\r"
expect "#"
# save the running config to the location configured under tftp-server
send "write net\r"
expect "#"
# logout of the ASA
send "exit\r"
Replace {username}, {asa-hostname-or-ip-address}, and {password} above as appropriate.
Someone who is more experienced in expect than me might be able to extract the output of the sh run static command using $expect_out(buffer) and then process it, but the above should get you some of the way.
If doing this on a bunch of ASAs you can put the above into a bash script that pulls in an array of asa hostnames, usernames and passwords, then loop using do.
dunxd
- 9,632
- 22
- 81
- 118