Cisco Cisco ASA 5580 Adaptive Security Appliance 技术手册
4
XML Examples for the Cisco Application Centric Infrastructure Security Device Package
Interfaces
<vnsRsAbsConnectionConns
tDn="uni/tn-tenant1/AbsGraph-WebGraph/AbsTermNodeProv-Output1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>
Routed Firewall Interfaces
This XML example creates the following routed interfaces. The example is for a hardware ASA; VLANs
are dynamically assigned.
are dynamically assigned.
ASA Configuration
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
interface GigabitEthernet0/0.655
vlan 655
nameif externalIf
security-level 50
ip address 10.10.10.10 255.255.255.0
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
interface GigabitEthernet0/1.968
vlan 968
nameif internalIf
security-level 100
ip address 10.10.10.10 255.255.255.0
XML Example
Define a graph, then attach it to the tenant.
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsTermNodeCon name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<!-- FW1 Provides FW functionality -->
<vnsAbsNode name = "FW1">
<vnsRsDefaultScopeToTerm tDn="uni/tn-tenant1/AbsGraph-WebGraph/AbsTermNodeProv-Output1/outtmnl"/>
<vnsAbsFuncConn name = "external">
<vnsRsMConnAtt tDn="uni/infra/mDev-CISCO-ASA-1.0.1.43/mFunc-Firewall/mConn-external" />
</vnsAbsFuncConn>