Cisco Cisco ASA 5555-X Adaptive Security Appliance

About the ASA REST API v1.2.1
REST Agent in ASA

Description/Rationale/Overview:
The REST API Agent could not be successfully started after multiple attempts.
Syslog Number and Format:
%ASA-3-342004: Failed to automatically restart the REST API Agent after 5 unsuccessful attempts. Use the 'no rest-api

agent' and 'rest-api agent' commands to manually restart the Agent.
Explanation:
The REST API Agent has failed to start after many attempts.

Recommendation/Action:
Administrator should refer should to syslog %ASA-3-342002 (if logged) to better understand the reason behind the

failure. The administrator should attempt to disable ("no rest-api agent") and then enable the REST API Agent again

using "rest-api agent".

Out-of-band changes handling

When processing the REST API request if out-of-band configuration change was observed, configuration will be

reloaded in to REST API Agent before further handling the request.

Typical request flow

The following is the flow for any REST PUT/POST/DELETE API request:

• REST Client establishes SSL connection to ASA.

• REST Client sends API request with basic authentication header to ASA.

• ASA HTTP server authenticates client’s request.

• ASA HTTP server opens the connection to REST Agent using TCP channel, and writes the HTTP request to the

REST Agent.

• ASA HTTP server waits for REST Agent process’s response.

• REST Agent processes API request, picks the session/user info and invokes CLI commands request to LINA

listening on localhost port in ASA. REST Agent includes the session/user info in the request.

• Lina admin handler processes the CLI commands and collects the results output.

• Lina sends the response for the CLI commands request to REST Agent.

• REST Agent prepares the response for REST API request and sends to the ASA http server.

• ASA HTTP server forwards the response to the client. Server doesn’t do any processing on the response

received from REST Agent process.