Cisco Cisco ASA 5580 Adaptive Security Appliance Technical Manual
11
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(6)
Access Lists Using Dynamically Created EPG Network Objects
Access Lists Using Dynamically Created EPG Network Objects
This XML example creates an access list that dynamically updates the object group membership in the
ACL, where the object group corresponds to an End Point Group (EPG).
ACL, where the object group corresponds to an End Point Group (EPG).
Note
You must create the necessary AccessControlEntry in APIC.
ASA Configuration
access-list EPG_ACL extended permit ip object-group __$EPG$_web object-group __$EPG$_app
access-group EPG_ACL in interface externalIf
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="AccessList" name="EPG_ACL">
<vnsAbsFolder key="AccessControlEntry" name="EPG_ACE">
<vnsAbsParam key="action" name="action1" value="permit"/>
<vnsAbsParam key="order" name="order1" value="1"/>
<vnsAbsFolder key="source_address" name="saddr1">
<vnsAbsParam key="epg_name" name="webEPG"
value="tenantname-profilename-web"/>
</vnsAbsFolder>
<vnsAbsFolder key="destination_address" name="daddr1">
<vnsAbsParam key="epg_name" name="appEPG"
value="tenantname-profilename-app"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Interface" name="externalIf">
<vnsAbsFolder name="access-group-EPG" key="AccessGroup">
<vnsAbsCfgRel name="name" key="inbound_access_list_name"
targetName="EPG_ACL"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>