Cisco Cisco ASA 5555-X Adaptive Security Appliance
About the ASA REST API v1.3.2
Supported ASA Features
Supported ASA Features
21
Multi-context mode
Multi-context mode support is limited to the Generic CLI Command Executer API, Token Authentication API and
monitoring. At this time, the REST API does not support configuring an ASA in multi-context mode, except via the CLI
command executer API.
Notes:
• The REST API Agent can be enabled in multi-context mode. The REST API Agent CLIs are present only in the
System context.
• If token authentication is used, you need to get the authentication token via
https://<asa_admin_context_ip>/api/tokenservices before issuing any REST API commands.
Note that the token received for the admin context can be used to configure/monitor any other context as well.
• Generic CLI Command Executer API can be used to configure any context as
https://<asa_admin_context_ip>/api/cli?context=<context_name>. If the 'context' query parameter is not
present, the request is directed to the admin context.
• If the 'context' query parameter is not present in a monitoring request, the REST API Agent attempts to
determine the target context on its own. For resources that are available only in the System context, such as
the CPU process usage, the request is directed to the System context. The rest of the commands are directed
to the admin context.
Limitations:
REST API commands are available only in the System context. The REST API Agent must be restarted when the ASA is
switched from single- to multiple-context mode, or vice versa.
NTP
/api/devicesetup/ntp/
Limitations:
N/A
NAT
/api/nat
NAT API supports TwiceNAT (also known as Manual NAT) and ObjectNAT (also known as AutoNAT). Each NAT type has
a unique URI. Before and After AutoNAT is fully supported (Routed and Transparent mode).
Attributes for configuring InterfacePAT, DynamicPAT (hide), and PAT Pool are also included in the API.
A single list showing all NAT types (Twice and Auto) in the same list is not supported.
ObjectNAT (AutoNAT)
Limitations:
Creating an in-line network object with a NAT rule is not supported. To create an object NAT for an existing network
object, the source Address should point to a network object to be translated.