#!/usr/bin/perl # convert VPN user and group attributes from Cisco VPN 3k Concentrator to PIX/ASA use strict; use warnings; if ($#ARGV != 0) { print("Config file not specified\n"); print("usage: $0 \n"); die("exiting now!\n"); }; open (CONFIG, "$ARGV[0]") or die("Cannot open config file $ARGV[0]\n"); my %conf; # read through config file while () { #cycle until [user ...] field next if !($_ =~ m/\[user [0-9]+\.[0-9]+]/); # read [user ...] field and determine user number and value my @line = split (/\./, $_); $line[0] =~ s/\[user //; my $user = $line[0]; my $key = $line[1]; $user =~ s/\.\]\r\n$//; $key =~ s/\]\r\n$//; my $second_line = ; my @s_line = split (/=/, $second_line); my $val = $s_line[1]; $val =~ s/\r\n$//; if ($val =~ m/^$/) { $val = "EMPTY"; }; $conf{$user}{$key} = $val; } close (CONFIG); my %meaning = ( 1 => "Name", 2 => "Password", 8 => "IP", 9 => "Mask", 11 => "Filter", 22 => "default route", 25 => "Group", 27 => "Maximum connect time", 28 => "Idle Timeout", 4098 => "Simultaneous Logins", 4099 => "Minumum Password Length", 4100 => "allow alphabetic-only passwords", 4101 => "primary DNS", 4102 => "secondary DNS", 4103 => "primary WINS", 4104 => "secondary WINS", 4105 => "SEP Card Assignment", 4106 => "SEP Priority", 4107 => "Tunneling Protocols", 4108 => "IPSec SA", 4109 => "Authentication", 4112 => "Password Storage", 4113 => "use client specified address", 4123 => "Split Tunnel Network List", 4124 => "DNS name", 4126 => "Tunnel type", 4127 => "Mode Config", 4129 => "Group Lock", 4129 => "IPSec over UDP", 4130 => "UDP port", ); # get all previously seen attributes foreach my $ke ( sort keys %conf ) { foreach my $val ( sort keys %{ $conf{$ke} } ) { $meaning{$val} = "UNKNOWN" if !(exists $meaning{$val}); } } # print used attributes (heading output) foreach my $val ( sort keys %meaning) { print "$val:$meaning{$val};"; } print "\n"; # print each user/group with its configured values, ";" separated foreach my $ke ( sort keys %conf ) { foreach my $val ( sort keys %meaning) { if (exists $conf{$ke}{$val}) { print "$conf{$ke}{$val};"; } else { print "n/a;" } } print "\n"; } # generate and print out ASA user configuration #foreach my $ke ( sort keys %conf ) { # # # only Users have a Group value assigned # if (exists $conf{$ke}{"25"}) { # # print "username $conf{$ke}{1} password $conf{$ke}{2}\n"; # print "username $conf{$ke}{1} attributes\n"; # print "\tvpn-group-policy $conf{$ke}{25}\n"; # print "\tvpn-framed-ip-address $conf{$ke}{8} $conf{$ke}{9}\n"; # print "\tvpn-simultaneous-logins $conf{$ke}{4098}\n" if exists ($conf{$ke}{4098}); # print "\tvpn-idle-timeout $conf{$ke}{28}\n" if exists ($conf{$ke}{28}); # print "\tvpn-session-timeout $conf{$ke}{27}\n" if exists ($conf{$ke}{27}); # print "\tvpn-group-lock value $conf{$ke}{25}\n"; # print "\tvpn-group-lock value $conf{$ke}{25}\n" if exists ($conf{$ke}{4129}); # print "\tpassword-storage enable\n" if ( exists ($conf{$ke}{4112}) ) and ($conf{$ke}{4112} == "1"); # # print "!\n"; # } #}