Cisco ASA show vpn-sessiondb invalid and not returning data after ASA SW update

[tom0010]

ISSUE TYPE

• Bug Report

  TEMPLATE USING

Value ANYCONNECT_CLIENT_ACTIVE (\d+)
Value ANYCONNECT_CLIENT_CUMULATIVE (\d+)
Value ANYCONNECT_CLIENT_PEAK_CONCURRENT (\d+)
Value ANYCONNECT_CLIENT_INACTIVE (\d+)
Value SSL_TLS_DTLS_ACTIVE (\d+)
Value SSL_TLS_DTLS_CUMULATIVE (\d+)
Value SSL_TLS_DTLS_PEAK_CONCURRENT (\d+)
Value SSL_TLS_DTLS_PEAK_INACTIVE (\d+)
Value CLIENTLESS_VPN_ACTIVE (\d+)
Value CLIENTLESS_VPN_CUMULATIVE (\d+)
Value CLIENTLESS_VPN_PEAK_CONCURRENT (\d+)
Value VPN_BROWSWER_ACTIVE (\d+)
Value VPN_BROWSWER_CUMULATIVE (\d+)
Value VPN_BROWSWER_PEAK_CONCURRENT (\d+)
Value TOTAL_ACTIVE_AND_INACTIVE (\d+)
Value TOTAL_CUMULATIVE (\d+)
Value DEVICE_TOTAL_VPN_CAPACITY (\d+)
Value DEVICE_LOAD_PERCENT (\d+)
Value TUNNELS_SUMMARY_CLIENTLESS_ACTIVE (\d+)
Value TUNNELS_SUMMARY_CLIENTLESS_CUMULATIVE (\d+)
Value TUNNELS_SUMMARY_CLIENTLESS_PEAK_CONCURRENT (\d+)
Value TUNNELS_SUMMARY_ANYCONNECT_PARENT_ACTIVE (\d+)
Value TUNNELS_SUMMARY_ANYCONNECT_PARENT_CUMULATIVE (\d+)
Value TUNNELS_SUMMARY_ANYCONNECT_PARENT_PEAK_CONC (\d+)
Value TUNNELS_SUMMARY_SSLTUNNEL_ACTIVE (\d+)
Value TUNNELS_SUMMARY_SSLTUNNEL_CUMULATIVE (\d+)
Value TUNNELS_SUMMARY_SSLTUNNEL_PEAK_CONCURRENT (\d+)
Value TUNNELS_SUMMARY_DTLSTUNNEL_ACTIVE (\d+)
Value TUNNELS_SUMMARY_DTLSTUNNEL_CUMULATIVE (\d+)
Value TUNNELS_SUMMARY_DTLSTUNNEL_PEAK_CONCURRENT (\d+)
Value TOTALS_ACTIVE (\d+)
Value TOTALS_CUMULATIVE (\d+)

Start
  ^\s*\-+\s*$$
  ^\s*VPN\s+Session\s+Summary\s*$$
  ^\s*Active\s+:\s+Cumulative\s+:\s+Peak\s+Concur\s+:\s+Inactive\s*$$
  ^\s*AnyConnect\s+Client\s+:\s+${ANYCONNECT_CLIENT_ACTIVE}\s+:\s+${ANYCONNECT_CLIENT_CUMULATIVE}\s+:\s+${ANYCONNECT_CLIENT_PEAK_CONCURRENT}\s+:\s+${ANYCONNECT_CLIENT_INACTIVE}\s*$$
  ^\s*SSL/TLS/DTLS\s+:\s+${SSL_TLS_DTLS_ACTIVE}\s+:\s+${SSL_TLS_DTLS_CUMULATIVE}\s+:\s+${SSL_TLS_DTLS_PEAK_CONCURRENT}\s+:\s+${SSL_TLS_DTLS_PEAK_INACTIVE}\s*$$
  ^\s*Clientless\s+VPN\s+:\s+${CLIENTLESS_VPN_ACTIVE}\s+:\s+${CLIENTLESS_VPN_CUMULATIVE}\s+:\s+${CLIENTLESS_VPN_PEAK_CONCURRENT}\s*$$
  ^\s*Browser\s+:\s+${VPN_BROWSWER_ACTIVE}\s+:\s+${VPN_BROWSWER_CUMULATIVE}\s+:\s+${VPN_BROWSWER_PEAK_CONCURRENT}\s*$$
  ^\s*Total\s+Active\s+and\s+Inactive\s+:\s+${TOTAL_ACTIVE_AND_INACTIVE}\s+Total\s+Cumulative\s+:\s+${TOTAL_CUMULATIVE}\s*$$
  ^\s*Device\s+Total\s+VPN\s+Capacity\s+:\s+${DEVICE_TOTAL_VPN_CAPACITY}
  ^\s*Device\s+Load\s+:\s+${DEVICE_LOAD_PERCENT}%\s*$$
  ^\s*Tunnels\s+Summary\s*
  ^\s*Active\s+:\s+Cumulative\s+:\s+Peak\s+Concurrent\s*$$
  ^\s*Clientless\s+:\s+${TUNNELS_SUMMARY_CLIENTLESS_ACTIVE}\s+:\s+${TUNNELS_SUMMARY_CLIENTLESS_CUMULATIVE}\s+:\s+${TUNNELS_SUMMARY_CLIENTLESS_PEAK_CONCURRENT}
  ^\s*AnyConnect\-Parent\s+:\s+${TUNNELS_SUMMARY_ANYCONNECT_PARENT_ACTIVE}\s+:\s+${TUNNELS_SUMMARY_ANYCONNECT_PARENT_CUMULATIVE}\s+:\s+${TUNNELS_SUMMARY_ANYCONNECT_PARENT_PEAK_CONC}\s*$$
  ^\s*SSL\-Tunnel\s+:\s+${TUNNELS_SUMMARY_SSLTUNNEL_ACTIVE}\s+:\s+${TUNNELS_SUMMARY_SSLTUNNEL_CUMULATIVE}\s+:\s+${TUNNELS_SUMMARY_SSLTUNNEL_PEAK_CONCURRENT}\s*$$
  ^\s*DTLS\-Tunnel\s+:\s+${TUNNELS_SUMMARY_DTLSTUNNEL_ACTIVE}\s+:\s+${TUNNELS_SUMMARY_DTLSTUNNEL_CUMULATIVE}\s+:\s+${TUNNELS_SUMMARY_DTLSTUNNEL_PEAK_CONCURRENT}\s*$$
  ^\s*Totals\s+:\s+${TOTALS_ACTIVE}\s+:\s+${TOTALS_CUMULATIVE}\s*$$ -> Record
  ^\s*$$
  ^. -> Error

SAMPLE COMMAND OUTPUT

hostname1/pri/act# show vpn-sessiondb 
---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
                               Active : Cumulative : Peak Concur : Inactive
                             ----------------------------------------------
Site-to-Site VPN             :     99 :    3506999 :          99
  IKEv2 IPsec                :      9 :       3999 :           9
  IKEv1 IPsec                :     99 :    3502999 :          99
---------------------------------------------------------------------------
Total Active and Inactive    :     99             Total Cumulative : 3506999
Device Total VPN Capacity    :    750
Device Load                  :     2%
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
                               Active : Cumulative : Peak Concurrent   
                             ----------------------------------------------
IKEv1                        :     99 :    3502999 :              99
IKEv2                        :      9 :       3999 :               9
IPsec                        :     99 :       9302 :              99
IPsecOverNatT                :      9 :       1999 :               9
---------------------------------------------------------------------------
Totals                       :     99 :    351999
---------------------------------------------------------------------------

SUMMARY

Template errors out: TextFSMError: State Error raised. Rule Line: 53. Input Line: Site-to-Site VPN : 99 : 3505999 : 99

Think this is related to a SW update on the ASA and it's now returning different data than it did before. In general I think the template just needs updating.

STEPS TO REPRODUCE

Execute show vpn-sessiondb on an ASA running ASA SW 9.10(1)40

EXPECTED RESULTS

Data to be returned as it did before.

ACTUAL RESULTS

Template errors out: TextFSMError: State Error raised. Rule Line: 53. Input Line: Site-to-Site VPN : 99 : 3505999 : 99

[tom0010]

Looks like the SW update also broke cisco_asa_show_vpn-sessiondb_detail_l2l.textfsm:

textfsm.parser.TextFSMError: State Error raised. Rule Line: 96. Input Line: IPsecOverNatT Tunnels: 1

[diepes]

@tom0010 looking at your "SAMPLE COMMAND OUTPUT" there seem to be missing data under "VPN Session Summary", no values for "INACTIVE" column.

[FragmentedPacket]

Closed via #845