- Purple, 4500 points or more
I have an ASA and I've asked about this before. I have time ranges to keep people from being able to get anywhere after a certain time. Apparently, the time-range will go into effect correctly, but even if the traffic is denied in the acl after the time-range goes inactive, it will still keep the sessions up.
Is there a way that I can force all connections to be dropped (other than scheduling reloads) in the ASA, and make SURE that the time-ranges are taking effect when they should?
Expect uses the TCL language with additional commands. If you are more familiar with PERL then it too has an expect module or a Telnet::Cisco module although they can both be a bit more bother to get up and running.
Basically with Expect you can tell your script what prompt or feedback you are "expecting" from the device and then based on the response you get back you can tell your script what to send to the device. Attached is a link to a very basic expect script for logging into a router -
should give you an idea of how it works. The interact part at the end allows you to then enter commands etc. on the cli but there is nothing stopping you from changing that to log in and then automatically issue commands.
Net::Telnet::Cisco is a module written in PERL specifically for logging into Cisco devices so certain parts of what you would have to code yourself have been included.
If you are familiar with TCL use Expect, if PERL you may want look at the module i mentioned.
A search on the Internet usually turns up some scripts for automating simple tasks on Cisco router/switches and they could easily be modified for the ASA device.