Cisco Cisco ASA 5512-X Adaptive Security Appliance - No Payload Encryption Manual Técnica
2
XML Examples for the Cisco Application Centric Infrastructure Security Device Package
Interfaces
•
•
Interfaces
Interfaces are typically set up as part of the overall infrastructure on the APIC using a service graph. The
graphs are associated with contracts, concrete devices, logical devices, and logical interfaces. The graphs
also require the interface IP addresses to be in an appropriate range previously defined for the associated
tenant. The graph setups show the various interface types. For an ASAv, interfaces are defined on the
ASA itself using the physical interfaces; for the hardware ASAs, interfaces are defined using VLANs.
The XML files to define the interfaces are the same, and the device package uses the “devtype” field
(PHYSICAL or VIRTUAL) to determine the correct CLIs to send to the ASA for configuration. The
“funcType” field (GoTo or GoThrough) determines whether the interfaces are for a transparent or routed
firewall.
graphs are associated with contracts, concrete devices, logical devices, and logical interfaces. The graphs
also require the interface IP addresses to be in an appropriate range previously defined for the associated
tenant. The graph setups show the various interface types. For an ASAv, interfaces are defined on the
ASA itself using the physical interfaces; for the hardware ASAs, interfaces are defined using VLANs.
The XML files to define the interfaces are the same, and the device package uses the “devtype” field
(PHYSICAL or VIRTUAL) to determine the correct CLIs to send to the ASA for configuration. The
“funcType” field (GoTo or GoThrough) determines whether the interfaces are for a transparent or routed
firewall.
Transparent Bridge Group Virtual Interfaces
This XML example creates the following bridge group and adds bridge group members. The example is
for a hardware ASA; VLANs are dynamically assigned.
for a hardware ASA; VLANs are dynamically assigned.
ASA Configuration
interface GigabitEthernet0/0
no nameif
no security-level
interface GigabitEthernet0/0.987
vlan 987
nameif externalIf
bridge-group 1
security-level 50
interface GigabitEthernet0/1
no nameif
no security-level
interface GigabitEthernet0/1.986
vlan 986
nameif internalIf
bridge-group 1
security-level 100
interface BVI1
ip address 10.10.10.2 255.255.255.0
XML Example
Define a graph and interfaces, then attach them to the tenant.
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsTermNodeCon name = "Input1">