Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
10
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(1)
Access Lists and Associated Access Groups
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="AccessList" name="ACL1">
<vnsAbsFolder key="AccessControlEntry" name="ACE1">
<vnsAbsParam key="action" name="action1" value="permit"/>
<vnsAbsParam key="order" name="order1" value="1"/>
<vnsAbsFolder key="protocol" name="protocol1">
<vnsAbsParam key="name_number" name="pNN1" value="tcp"/>
</vnsAbsFolder>
<vnsAbsFolder key="destination_service" name="d1">
<vnsAbsParam key="operator" name="dop1" value="eq"/>
<vnsAbsParam key="low_port" name="dlp1" value="ssh"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="AccessControlEntry" name="ACE2">
<vnsAbsParam key="action" name="action2" value="permit"/>
<vnsAbsParam key="order" name="order2" value="2"/>
<vnsAbsFolder key="protocol" name="protocol2">
<vnsAbsParam key="name_number" name="pNN2" value="tcp"/>
</vnsAbsFolder>
<vnsAbsFolder key="destination_service" name="d2">
<vnsAbsParam key="operator" name="dop2" value="eq"/>
<vnsAbsParam key="low_port" name="dlp2" value="https"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="AccessList" name="ACL2">
<vnsAbsFolder key="AccessControlEntry" name="ACE1">
<vnsAbsParam key="action" name="action1" value="deny"/>
<vnsAbsParam key="order" name="order1" value="1"/>
</vnsAbsFolder>
<vnsAbsFolder key="AccessControlEntry" name="ACE2">
<vnsAbsParam key="action" name="action2" value="permit"/>
<vnsAbsParam key="order" name="order2" value="2"/>
<vnsAbsFolder key="protocol" name="protocol2">
<vnsAbsParam key="name_number" name="pNN2" value="icmp"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Interface" name="internalIf">
<vnsAbsFolder name="IntAccessGroup" key="AccessGroup">
<vnsAbsCfgRel key="outbound_access_list_name" name="iACG"
targetName="ACL1"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Interface" name="externalIf">
<vnsAbsFolder name="ExtAccessGroup" key="AccessGroup">
<vnsAbsCfgRel key="inbound_access_list_name" name="oACG"
targetName="ACL2"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>