When working with Cisco ASA configurations and with scripting/automation, you know that ASA configuration files are not written with structured data in mind. A great solution to this is to use a Python tool called Template Text Parser, or TTP for short, which is networking/systems focused Python library that allows you to create structured data (JSON or YAML) from semi-structured configuration files or from the output of CLI show commands.
More information about TTP can be found on the link above. If you want a great tutorial on TTP, Kirk Byers has a great series on TTP.
Below is a TTP template that I created to do the following:
- Create structured data for objects and object groups
- Includes network, service, and protocol groups
- Creates structured data for ASA ACLs
The end goal for this template is to migrate configurations from ASA to Palo Alto PANOS, creating set commands for equivalent configurations. However, this template is only focused on creating structured data from ASA firewall rules (ACLs).
One note: ACL lines in ASA configuration files can be made up of likely a few hundred variations or more, particularly if you have logging/debugging on. This template includes most of the more common ACL configuration variations.