Cisco Cisco ASA 5585-X Adaptive Security Appliance
About the ASA REST API v1.2.1
NAT
NAT
22
NAT
/api/nat
NAT API supports TwiceNAT (aka Manual NAT) and ObjectNAT (aka AutoNAT). Each NAT type has its unique URI. Before
and After autoNAT is fully supported (Routed and Transparent mode).
and After autoNAT is fully supported (Routed and Transparent mode).
Attributes for configuring InterfacePAT, DynamicPAT (hide), PAT Pool are also included in the API.
Single list showing all NAT types (Twice and Auto) in the same list is not supported.
ObjectNAT (AutoNAT)
Limitations:
Creating an inline network object with NAT rule is not supported. To create an object NAT for an existing network object,
source Address should point to network object to be translated.
TwiceNAT (Manual NAT)
Before NAT and After NAT are separated into two lists and have their own URIs. Moving a Before NAT to an After NAT or
vice-versa is not supported.
Limitations:
N/A
Objects
/api/objects/
Objects are re-usable components for use in your configuration. They can be defined and used in ASA configurations in
the place of inline IP addresses, services, names, and so on. The REST API provides support for the following types of
objects:
objects:
• Extended ACLs. Similarly to access rules, extended ACLs are created, when their first ACE is created, and are
deleted, when their last ACE is deleted.
• Local users and user groups
• Network objects and object groups
• Network services (including predefined network services) and server groups. Predefined service object cannot
be changed or deleted. They can be used to cut and paste as inline services or when creating a service object.
• Regular expressions
• Security object groups
• Time ranges
• User objects
Similarly to ASDM, REST API supports use of inline objects and object groups in access, NAT and service policy rules.