Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
25
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(7)
TCP Service Reset
TCP Service Reset
This XML example sends a Reset Reply for Denied Inbound/Outbound TCP Packets.
ASA Configuration
service resetinbound | resetoutbount interface interface_name
XML Example
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="Interface" name="externalIf">
<vnsAbsFolder name="TCPOpt" key="TCPOptions">"
<vnsAbsParam key="inbound_reset" name="reset" value="disable"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>
Support for Cisco TrustSec
Creating a Security Object Group
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="SecurityObjectGroup" name="coke_sec_obj">
<vnsAbsParam key="security_group_name" name="sg1" value="mktg"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>
Creating a Security Group ACL
<polUni>
<fvTenant name="tenant1\">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="AccessList" name="FROM-OUTSIDE">