Comments (8)
@ITZAbacq thanks for raising the issue, I'll triage the issue from my end and update you more on this asap!
from cisco.asa.
Hello!
I want to use this ACl too, but not working..
ACL - access-list OUTSIDE extended permit object-group SomeObjectGroupService object-group ObjectGroupNetworkSource object-group ObjectGroupNetworkDestination
Cisco ASAv version: Cisco Adaptive Security Appliance Software Version 9.16(4)19
OS - CentOS Stream release 8
ansible [core 2.12.7]
config file = /home/andrey/ansible/ansible.cfg
configured module search path = ['/home/andrey/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.8/site-packages/ansible
ansible collection location = /home/andrey/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.8.13 (default, Jun 24 2022, 15:27:57) [GCC 8.5.0 20210514 (Red Hat 8.5.0-13)]
jinja version = 3.1.2
libyaml = True
ansible-galaxy collection list | grep asa
cisco.asa 4.0.1
error:
fatal: [ASAv]: FAILED! => {
"changed": false,
"module_stderr": "up $\r\n\r\naccess-list ACL-NAME extended permit object-group ObjectGroupNetworkSource object-group ObjectGroupNetworkDestination\r\n\r\nERROR: % Invalid input detected at '^' marker.\r\n\rASAv(config)# ",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
config:
- name: SomeObjectGroupService
services_object:
- protocol: tcp-udp
destination_port:
eq: 53
- name: "add access-list inside"
cisco.asa.asa_acls:
config:
acls:
- name: ACL-INSIDE
acl_type: extended
aces:
- line: 2
remark: Access to AD SRVs
- grant: permit
destination:
service_object_group: SomeObjectGroupService
object_group: ObjectGroupNetworkDestination
source:
object_group: ObjectGroupNetworkSource
Thanks!
from cisco.asa.
@Starican
To be honest, I moved on from the modules to using only http-api with yaml and jinja2.
from cisco.asa.
@ITZAbacq
There I can read about it? Need examples :) Do You use cisco asa rest-api, correct?
Thanks!
from cisco.asa.
No, I'm using http-api. Rest-API is not available for asav.
https://www.cisco.com/c/en/us/td/docs/security/asa/misc/http-interface/asa-http-interface.html
That's all you need to know about.
Basically it's CLI via https. Easy-mode.
from cisco.asa.
@ITZAbacq
ASAv have rest-api. I test it.
Thanks for URL. Reading...
test.asa# sh run rest-api
!
rest-api image flash:/asa-restapi-7161-lfbff-k8.SPA
rest-api agent
test.asa#sh ver
Cisco Adaptive Security Appliance Software Version 9.16(4)19
SSP Operating System Version 2.10(1.253)
Device Manager Version 7.18(1)152
REST API Agent Version 7.16.1.75
Compiled on Wed 19-Apr-23 19:27 GMT by builders
System image file is "disk0:/asa9-16-4-19-smp-k8.bin"
Config file at boot was "startup-config"
test.asa up 63 days 19 hours
Hardware: ASAv, 4096 MB RAM, CPU Clarkdale 3399 MHz,
Internal ATA Compact Flash, 1024MB
from cisco.asa.
Yeah but it's not officially supported for my devices. I could install it but I don't want to, as the http-api is far more easy. No need of an agent, so easier updates and it's just CLI-commands, which makes it for me far easier than rest.
from cisco.asa.
Hi!
I have good news :)
I have acl line - access-list OUTSIDE extended permit object-group OGService object-group OGNetworkSource object-group OGNetworkDestination
Then I parse this line with ansible I got this (It's not correct - I understood it):
{
"destination": {
"object_group": "OGNetworkSource",
"service_object_group": "OGNetworkDestination"
},
"grant": "permit",
"source": {
"netmask": "OGervice",
"object_group": "OGService"
}
},
and I changed config in ansible playbook (It's didn't logical correct, BUT it's working!!! I get ACL on devices without errors) -
- grant: permit
line: 1
destination:
service_object_group: OGNetworkDestination
object_group: OGNetworkSource
source:
object_group: OGService
from cisco.asa.
Related Issues (20)
- [cisco.asa.asa_ogs] module execution fails on ASA configuration with port range of type <str> (in module coded as <int>) HOT 2
- [cisco.asa.asa_ogs] Incorrect service object groups created (2 instead of 1) HOT 3
- cisco.asa.asa_ogs - unable to create service-objects - invalid input error HOT 7
- [cisco.asa.asa_ogs] Sorting objects groups lead to problems HOT 9
- cisco.asa.asa_command module not working with backup command HOT 10
- ASAv lab not allowing show command abbreviation "sh access-list"
- acls module returning "Unsupported parameters" error HOT 6
- Collection CI related actions needed HOT 1
- asa_config module not switching context in loop HOT 6
- TypeError: 'NoneType' object is not subscriptable with asa_facts
- Show vpn-sessiondb summary returns show version output
- Consider using true/false for all booleans in docs
- cisco.asa 4.0.0 is not completable with ansible.netcommon version 5.0.0
- Not pulling sh running-config using the given cisco.asa module
- The collection bindep is hardcoding python version
- Permission escalating failed when execute command against Cisco firewall HOT 4
- Can't parse object groups if interface has a descrption
- Add Fallback to "terminal length 0" Command for Disabling Terminal Page Limit
- cisco.asa.asa_acls gathered facts
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cisco.asa.