Cisco Cisco ASA 5580 Adaptive Security Appliance Technical Manual
3
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(3)
Interfaces
(PHYSICAL or VIRTUAL) to determine the correct CLIs to send to the ASA for configuration. The
“funcType” field (GoTo or GoThrough) determines whether the interfaces are for a transparent or routed
firewall.
“funcType” field (GoTo or GoThrough) determines whether the interfaces are for a transparent or routed
firewall.
Transparent Bridge Group Virtual Interfaces
This XML example creates the following bridge group and adds bridge group members. The example is
for a hardware ASA; VLANs are dynamically assigned.
for a hardware ASA; VLANs are dynamically assigned.
ASA Configuration
interface GigabitEthernet0/0
no nameif
no security-level
interface GigabitEthernet0/0.987
vlan 987
nameif externalIf
bridge-group 1
security-level 50
interface GigabitEthernet0/1
no nameif
no security-level
interface GigabitEthernet0/1.986
vlan 986
nameif internalIf
bridge-group 1
security-level 100
interface BVI1
ip address 10.10.10.2 255.255.255.0
XML Example
Define a graph and interfaces, then attach them to the tenant.
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsTermNodeCon name = "Input1">
<vnsAbsTermConn name = "C1"/>
</vnsAbsTermNodeCon>
<!-- FW1 Provides FW functionality -->
<vnsAbsNode name = "FW1" funcType="GoThrough">
<vnsRsDefaultScopeToTerm
tDn="uni/tn-tenant1/AbsGraph-WebGraph/AbsTermNodeProv-Output1/outtmnl"/>
<vnsAbsFuncConn name = "external" attNotify="yes">
<vnsRsMConnAtt tDn="uni/infra/mDev-CISCO-ASA-{dp_version}/mFunc-Firewall/mConn-external"
/>
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "internal" attNotify="yes">
<vnsRsMConnAtt tDn="uni/infra/mDev-CISCO-ASA-{dp_version}/mFunc-Firewall/mConn-internal"
/>