Cisco Cisco ASA 5580 Adaptive Security Appliance Technical Manual

The following is a sample XML for accessing the ASA. For a multi-context ASA, access information 
directly under vnsLDevVip is that of the admin context in the ASA; the one in the vnsCDev folder is that 
of the target user context. Again, admin context can be used as the target user context. 

Only one context from a given multi-context ASA is allowed here.

<polUni>

    <fvTenant

        dn="uni/tn-tenant1"

        name="tenant1">

        <vnsLDevVip name="Firewall" devtype="PHYSICAL">

            <vnsRsMDevAtt tDn="uni/infra/mDev-CISCO-ASA-1.2"/>

            <!---Admin context access information ---/>

            <vnsCMgmt name="devMgmt" host="172.23.204.205"  port="443"/>

            <vnsCCred name="username" value="admin"/>

            <vnsCCredSecret name="password" value="somepassword"/>

            <vnsCDev name="ASA">

            <!---User context access information ---/>

                <vnsCMgmt name="devMgmt" host="172.23.204.123" port="443" />

                <vnsCCred name="username" value="admin" />

                <vnsCCredSecret name="password" value="otherpassword" />

            </vnsCDev>

        </vnsLDevVip>

    </fvTenant>

</polUni>

Interfaces are typically set up as part of the overall infrastructure on the APIC using a service graph. The 
graphs are associated with contracts, concrete devices, logical devices, and logical interfaces. The graphs 
also require the interface IP addresses to be in an appropriate range previously defined for the associated 
tenant. The graph setups show the various interface types. For an ASAv, interfaces are defined on the 
ASA itself using the physical interfaces; for the hardware ASAs, interfaces are defined using VLANs. 
The XML files to define the interfaces are the same, and the device package uses the “devtype” field