Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 02-18-2010, 05:16 AM
1969 1969 is offline
Registered User
 
Join Date: Feb 2010
Location: Australia
Posts: 4
Telnet via Firewall

I am wanting to create a script to telnet to a Cisco router, via a SOCK5 firewall I have configured in my global options (called it "myFirewall").

The issue I am having is that I cannot understand if I have the syntax wrong, or if telnet via a proxy is not supported in a script.

The following works (not via firewall):-

szFirewall = "/FIREWALL=myFireWall "
szProtocol = "/telnet "
szHost = "192.168.200.222 "
szConnectString = szProtocol & szHost
crt.Session.Connect (szConnectString)

The following DOES NOT work (via firewall):-

szFirewall = "/FIREWALL=myFireWall "
szProtocol = "/telnet "
szHost = "192.168.200.222 "
szConnectString = szFirewall & szProtocol & szHost
crt.Session.Connect (szConnectString)

I receive an error "Invalid command line option /FIREWALL=myFireWall"

I'm using SecureCRT 5.2.1

Any help would be VERY MUCH appreciated !!

Craig
Melbourne, Australia
Reply With Quote
  #2  
Old 02-18-2010, 08:22 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Craig,

I am sorry to hear that you are having difficulty with your script. It appears as though you are using SecureCRT 6.5.x syntax with 5.2.1. This will not work as you have already seen.

You will have to define the firewall for the Default Session to use it with an ad hoc session like your example.

You can define a firewall for the Default Session in the Global Options dialog in the General / Default Session category.

After you have edited the default settings, you would need to use the following syntax in your script:
/FIREWALL /Telnet <hostname>
As a note, you cannot define a specific firewall on the command-line in SecureCRT 5.2.x. You can, however, define a specific firewall on the command-line in SecureCRT 6.5.x.

Does editing the Default Session help you accomplish your scripting goal?
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #3  
Old 02-18-2010, 03:19 PM
1969 1969 is offline
Registered User
 
Join Date: Feb 2010
Location: Australia
Posts: 4
That has certainly helped somewhat....

I had done as suggested:-
[a] Adjusted the General / Default Session properties, to specify the firewall
[b] Changed the session option to be "/FIREWALL"

What now appears to occur, is that ALL sessions go via the firewall specified in [a], regardless of whether I use the session switch /FIREWALL.

Is there something I am doing wrong here, or is it a limitiation of SecureCRT 5.2.1 ?

Craig
Melbourne, Australia
Reply With Quote
  #4  
Old 02-18-2010, 03:44 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Craig,

It sounds like when you made the change, you selected yes to make the change to all existing sessions, or you use Quick Connect for all sessions.

If you undo the firewall in the Default Session and apply that to all sessions, and make the change again, but this time choose not to apply the change to all sessions, do you see the results you want?
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #5  
Old 02-18-2010, 04:21 PM
1969 1969 is offline
Registered User
 
Join Date: Feb 2010
Location: Australia
Posts: 4
Hi Todd,

I can confirm I did not apply the changes to all sessions, as I have a few hundred saved sessions, with varying firewall configurations.

Perhaps I should clarify, the configuration to use a specific firewall works fine in the stored sessions I have, however it is in the script that I want to be able to use (or not use) a firewall.

It seems once I edit the "Default Session Setup", it applies to allow future connections I make via the crt.Session.Connect (Connect) script command. What I had hoped to be able to achieve, was that only specified connections go via a configured firewall.

Am I facing a feature limitation in 5.2.1 ?

Craig
Melbourne, Australia


FYI:-
The script I have created leverages some other examples posted here, and the basic requirements I have built into the script are:-

- Use external file routers.txt as input for which Cisco devices to connected to
- routers.txt format is CiscoDeviceIP:FirewallToUse:Username:Password
- The script connects to each device, and if prompted for username it enters it
- If only prompted for a password (ie. no TACACS), it bypasses username and just enters password
- It automatically determines what the prompt ends with (be it > or #)
- It extracts from the screen the hostname of the devcie as it appears on the prompt
- It opens a log file based on the configured hostname of the device
- It runs a series of hard coded commands, and writes results to seperate logfile per device (based on the detected hostname of device)
Reply With Quote
  #6  
Old 02-19-2010, 08:14 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Craig,

Thanks for the clarification. To clarify further, all ad hoc sessions, Quick Connect sessions and sessions created in the future use the Default Session. This includes any ad hoc sessions in scripts. In SecureCRT 5.2.1 it is not possible to define multiple firewalls to be used with different ad hoc sessions. The /FIREWALL option uses the firewall defined in the Default Session.

One way to work around this limitation would be to define sessions for each device, and connection strings for each device using the "/S" option in a file. This would allow you to read the connection strings into the script.

Does this help you accomplish your scripting goal?

If not, then the other option would be to upgrade to SecureCRT 6.5.1.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #7  
Old 02-21-2010, 06:49 PM
1969 1969 is offline
Registered User
 
Join Date: Feb 2010
Location: Australia
Posts: 4
I did some testing, and found that setting a firewall in the default session, did allow me to connect via the firewall in my script, however it was an "all" or "none" situation.

In other words, whether I specified "/FIREWALL" or not, the script would connect using the parameters configured in the default session.

Does this seem correct, or have I missed something ?

Thanks,
Craig
Melbourne, Australia
Reply With Quote
  #8  
Old 02-22-2010, 12:11 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi Craig,

Thanks for the update. You are not missing anything. This was a limitation of SecureCRT 5.2.x.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 03:18 AM.