Cisco Cisco ASA 5505 Adaptive Security Appliance
About the ASA REST API v1.2.2
Supported ASA Features
Supported ASA Features
21
Limitations:
N/A
NAT
/api/nat
NAT API supports TwiceNAT (also known as Manual NAT) and ObjectNAT (also known as AutoNAT). Each NAT type has
a unique URI. Before and After AutoNAT is fully supported (Routed and Transparent mode).
Attributes for configuring InterfacePAT, DynamicPAT (hide), and PAT Pool are also included in the API.
A single list showing all NAT types (Twice and Auto) in the same list is not supported.
ObjectNAT (AutoNAT)
Limitations:
Creating an in-line network object with a NAT rule is not supported. To create an object NAT for an existing network
object, the source Address should point to a network object to be translated.
TwiceNAT (Manual NAT)
Before NAT and After NAT are separated into two lists and have their own URIs. Moving a Before NAT rule to an After
NAT rule, or vice-versa is not supported.
Limitations:
N/A
Objects
/api/objects/
Objects are re-usable configuration components. They can be defined and used in ASA configurations in the place of in-
line IP addresses, services, names, and so on. The REST API provides support for the following types of objects:
line IP addresses, services, names, and so on. The REST API provides support for the following types of objects:
• Extended ACLs. Similar to access rules, extended ACLs are created when their first ACE is created, and are
deleted when their last ACE is removed.
• Local users and user groups.
• Network objects and object groups.
• Network services (including predefined network services) and server groups. Predefined service objects cannot
be changed or deleted. They can be used to cut and paste in-line services, or when creating a service object.
• Regular expressions.
• Security object groups.
• Time ranges.
• User objects.