Cisco Cisco ASA 5525-X Adaptive Security Appliance - No Payload Encryption
About the ASA REST API v1.2.1
REST Agent in ASA
REST Agent in ASA
11
[no] rest-api-agent
rest-api agent
Will start the REST Agent process in ASA. Prerequisite: HTTP server should be enabled prior to this. If HTTP server was
not enabled warning will be printed in the CLI.
When enabled ‘/api’ URL requests will be redirected from ASA HTTP server to the REST Agent.
no rest-api-agent
Will stop the REST Agent process in ASA.
When disabled, ‘/api’ URL requests will be rejected by ASA http server with 404 status code response.
Additional boot-strapping required for REST Agent
• Enable HTTP server and let clients connect over management interface: ‘http server enable’; ‘http 0.0.0.0
0.0.0.0 <mgmt interface nameif>’
• Set the authentication approach for HTTP: ‘aaa authentication http console LOCAL’
• Create a local user with privilege 15 (for read/write operations): ‘username <user> password <pass> encrypted
privilege 15
• Configure (static) routes
REST Agent debugging
"debug rest-api agent {event | error}" CLI command will enable and show the REST API Agent debug traces on CLI.
When invoked the above command will trigger message from REST Daemon to REST Agent for enabling and forwarding
the debug logs. Subsequently REST API Agent will forward debug logs over TCP to REST API Daemon; and these logs
will be displayed on CLI session. When the CLI session closes or when ‘no debug rest-api agent’ CLI command invoked,
will be displayed on CLI session. When the CLI session closes or when ‘no debug rest-api agent’ CLI command invoked,
REST daemon will inform REST Agent to disable logging for the session.
CLI commands
Debugging REST API modules / agent
CLI:
debug rest-api [agent | cli | client | daemon | process | token-auth] {event, error}
Syntax & Help message:
rest-api
REST API information
- agent
REST API Agent debugging information
- cli
REST API CLI Daemon to REST API Agent communication debugginginformation