Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
25
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(5)
Support for Cisco TrustSec
Support for Cisco TrustSec
Creating a Security Object Group
ASA Configuration
test_SecurityObjCreate = '''\
object-group security coke_sec_obj
security-group name mktg
'''
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="SecurityObjectGroup" name="coke_sec_obj">
<vnsAbsParam key="security_group_name" name="sg1" value="mktg"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>
Creating a Security Group ACL
ASA Configuration 1
access-list FROM_OUTSIDE extended permit icmp object-group-security coke-sec-obj any any
XLM Example 1
<polUni>
<fvTenant name="tenant1\">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="AccessList" name="FROM-OUTSIDE">
<vnsAbsFolder key="AccessControlEntry" name="ACE1">
<vnsAbsParam key="action" name="action1" value="permit"/>
<vnsAbsParam key="order" name="order1" value="1"/>
<vnsAbsFolder key="protocol" name="prot1">
<vnsAbsParam key="name_number" name="NN" value="icmp"/>
</vnsAbsFolder>
<vnsAbsFolder key="source_security_group" name="security_group_name">
<vnsAbsParam key="security_group_name" name="security_group_name" value="coke-sec-obj"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>