Cisco Security Tasks

This chapter contains the following sections:

Configure ACL

Summary
Configure an ACL for the Security Context in a PIX ASA.
Description
This task configures an access control list (ACL) for the security context in a private internet exchange (PIX) adaptive security appliance (ASA).
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device
Select Device Select Device NETWORKING_​ASA_​DEVICE
Context Name Security Context Name networking_​security_​context_​name
ACL Name ACL Name gen_​text_​input
Interface Name Interface Name to apply the ACL ASAInterface​Identity
Permit Permit or Deny the traffic
In​Bound Traffic Flow of the traffic
Protocol Specify protocol for the rule ACLDevice​Protocol​Identity Y
Source IP Address/IPv6 Prefix Source IP Address for the ACL[Network Prefix for IPv6] gen_​text_​input
Source Net Mask Source Network Mask for the ACL(Not needed for IPv6) gen_​text_​input
Source Port Range Source Port Range the ACL(Example : 1-200 or 255) gen_​text_​input
Destination IP Address/IPv6 Prefix Destination IP Address for the ACL[Network Prefix for IPv6] gen_​text_​input
Destination Net Mask Destination Network Mask for the ACL(Not needed for IPv6) gen_​text_​input
Destination Port Range Destination Port Range the ACL(Example : 1-200 or 255) gen_​text_​input
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
OUTPUT_​NETWORKING_​DEVICE_​INTERFACE Network device interface on which selected operation performed.​ networking_​device_​interface
OUTPUT_​ASA_​DEVICE_​WITH_​CONTEXT_​IDENTITY ASA Device Identity NETWORKING_​ASA_​DEVICE

Configure Cisco ASA Firewall Mode

Summary
Description
Inputs
Input Description Mappable To Type Mandatory
Device IP Select Device gen_​text_​input Y
HTTP Port The HTTPS port number of the ASA device gen_​text_​input Y
User Name User Name gen_​text_​input
Password Password.​ password
Mode Firewall mode gen_​text_​input
Outputs
No Outputs

Configure Context Interface

Summary
Configure the interfaces in the security context of a PIX ASA.
Description
This task configures the interfaces in the security context of a private internet exchange (PIX) adaptive security appliance (ASA).
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Context Name Security Context Name networking_​security_​context_​name Y
Interface Name Interface Name ASAInterface​Identity Y
Interface Alias The name of the interfaces gen_​text_​input
IP Address/IPv6 Prefix IP Address for the interface[Network Prefix for IPv6] gen_​text_​input
Net Mask Network Mask for the interfaces(Not needed for IPv6) gen_​text_​input
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
OUTPUT_​NETWORKING_​DEVICE_​INTERFACE Network device interface on which selected operation performed.​ networking_​device_​interface
OUTPUT_​ASA_​DEVICE_​WITH_​CONTEXT_​IDENTITY ASA Device Identity NETWORKING_​ASA_​DEVICE
OUTPUT_​ASA_​DEVICE_​CONTEXT_​INTERFACE_​ALIAS ASA Device Identity ASAInterface​Identity

Configure License

Summary
Description
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
License Name License Name gen_​text_​input Y
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​LICENSE_​NAME License Name on which the selected operation was performed gen_​text_​input

Configure Network Object NAT

Summary
Configure an object-based NAT using this task.
Description
This task configures an object-based network address translation (NAT).
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Real Interface Real Interface Network​Named​Interface​Identity
Mapped Interface Mapped Interface Network​Named​Interface​Identity
Mode Mode NAT_​mode_​type Y
Network Object Name Network Object Name gen_​text_​input Y
Real IP Address Real IP Address gen_​text_​input Y
Type Type NAT_​type
Network Object Select the Network Object NATSource​Or​Destination​Identity
Network Object Group Select the Network Object Group ASANetwork​Object​Group​Identity
Host IP Host IP gen_​text_​input
Interface Interface Boolean
PAT PAT Boolean
Protocol Specify protocol for the rule NATDevice​Protocol​Identity
Real Port Real Port gen_​text_​input
Mapped Port Mapped Port gen_​text_​input
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name
OUTPUT_​NAT_​SOURCE_​REAL_​OBJECT_​IDENTITY NAT SOURCE REAL NETWORK OBJECT IDENTITY NATSource​Or​Destination​Identity
OUTPUT_​NAT_​REAL_​INTERFACE_​IDENTITY ASA NAT REAL INTERFACE IDENTITY Network​Named​Interface​Identity
OUTPUT_​NAT_​MAPPED_​INTERFACE_​IDENTITY ASA NAT MAPPED INTERFACE IDENTITY Network​Named​Interface​Identity
OUTPUT_​NAT_​SOURCE_​MODE_​IDENTITY NAT SOURCE MODE NAT_​mode_​type
OUTPUT_​NAT_​SOURCE_​MAPPED_​OBJECT_​IDENTITY NAT SOURCE MAPPED NETWORK OBJECT IDENTITY NATSource​Or​Destination​Identity
OUTPUT_​NAT_​SOURCE_​MAPPED_​OBJECT_​GROUP_​IDENTITY NAT SOURCE MAPPED NETWORK OBJECT GROUP IDENTITY ASANetwork​Object​Group​Identity
OUTPUT_​ASA_​PAT_​REAL_​PORT PAT Real Port gen_​text_​input
OUTPUT_​ASA_​PAT_​MAPPED_​PORT PAT Mapped Port gen_​text_​input

Configure Sub Interface

Summary
Configure a sub-interface for a PIX ASA.
Description
This task configures a sub-interface in a private internet exchange (PIX) adaptive security appliance (ASA).
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Physical Interface Name Physical Interface Name ASAInterface​Identity Y
Port Number Port Number for the Subinterface gen_​text_​input Y
Vlan ID Vlan Id for this interface gen_​text_​input Y
Enable Interface Enable the interface
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
OUTPUT_​NETWORKING_​DEVICE_​INTERFACE Network device interface on which selected operation performed.​ networking_​device_​interface
OUTPUT_​ASA_​DEVICE_​INTERFACE_​IDENTITY ASA Interface Identity ASAContext​Interface​Identity

Configure Twice NAT

Summary
Description
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Real Interface Real Interface Network​Named​Interface​Identity
Mapped Interface Mapped Interface Network​Named​Interface​Identity
Source Mode Select Source Mode NAT_​mode_​type Y
Source Real Object Type Select Source Real Object Type ASADevice​NATNetwork​Object​Type Y
Source Real Network Object Select Source Real Network Object NATSource​Or​Destination​Identity
Source Real Network Object Group Select Source Real Network Object Group ASANetwork​Object​Group​Identity
Source Mapped Object Type Select Source Mapped Object Type ASADevice​NATNetwork​Object​Type Y
Source Mapped Network Object Select Mapped Network Object NATSource​Or​Destination​Identity
Source Mapped Object Group Select Source Mapped Object Group ASANetwork​Object​Group​Identity
Source Mapped Interface Select this option to Source Mapped Interface
Destination Mode Select Destination Mode NAT_​mode_​type
Destination Real Object Type Select Destination Real Object Type ASADevice​NATNetwork​Object​Type
Destination Real Network Object Select Destination Real Network Object NATSource​Or​Destination​Identity
Destination Real Network Object Group Select Destination Network Object Group ASANetwork​Object​Group​Identity
Destination Mapped Object Type Select Destination Mapped Object Type ASADevice​NATNetwork​Object​Type
Destination Mapped Network Object Select the Mapped Network Object NATSource​Or​Destination​Identity
Destination Mapped Object Group Destination Mapped Object Group ASANetwork​Object​Group​Identity
Destination Mapped Interface Select this option to Destination Mapped Interface
Is PAT ? Select this option to Enable PAT
Description Description gen_​text_​input
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name
OUTPUT_​NAT_​REAL_​INTERFACE_​IDENTITY ASA NAT REAL INTERFACE IDENTITY Network​Named​Interface​Identity
OUTPUT_​NAT_​MAPPED_​INTERFACE_​IDENTITY ASA NAT MAPPED INTERFACE IDENTITY Network​Named​Interface​Identity
OUTPUT_​NAT_​SOURCE_​MODE_​IDENTITY NAT SOURCE MODE NAT_​mode_​type
OUTPUT_​NAT_​SOURCE_​REAL_​OBJECT_​IDENTITY NAT SOURCE REAL NETWORK OBJECT IDENTITY NATSource​Or​Destination​Identity
OUTPUT_​NAT_​SOURCE_​REAL_​OBJECT_​GROUP_​IDENTITY NAT SOURCE REAL NETWORK OBJECT GROUP IDENTITY ASANetwork​Object​Group​Identity
OUTPUT_​NAT_​SOURCE_​MAPPED_​OBJECT_​IDENTITY NAT SOURCE MAPPED NETWORK OBJECT IDENTITY NATSource​Or​Destination​Identity
OUTPUT_​NAT_​SOURCE_​MAPPED_​OBJECT_​GROUP_​IDENTITY NAT SOURCE MAPPED NETWORK OBJECT GROUP IDENTITY ASANetwork​Object​Group​Identity
OUTPUT_​NAT_​DESTINATION_​MODE_​IDENTITY NAT DESTINATION MODE NAT_​mode_​type
OUTPUT_​NAT_​DESTINATION_​REAL_​OBJECT_​IDENTITY NAT DESTINATION REAL NETWORK OBJECT IDENTITY NATSource​Or​Destination​Identity
OUTPUT_​NAT_​DESTINATION_​REAL_​OBJECT_​GROUP_​IDENTITY NAT DESTINATION REAL NETWORK OBJECT GROUP IDENTITY ASANetwork​Object​Group​Identity
OUTPUT_​NAT_​DESTINATION_​MAPPED_​OBJECT_​IDENTITY NAT DESTINATION MAPPED NETWORK OBJECT IDENTITY NATSource​Or​Destination​Identity
OUTPUT_​NAT_​DESTINATION_​MAPPED_​OBJECT_​GROUP_​IDENTITY NAT DESTINATION MAPPED NETWORK OBJECT GROUP IDENTITY ASANetwork​Object​Group​Identity
OUTPUT_​ASA_​SERVICE_​REAL_​OBJECT_​IDENTITY NAT REAL SERVICE OBJECT IDENTITY networking_​device_​service_​object_​name_​identity
OUTPUT_​ASA_​SERVICE_​MAPPED_​OBJECT_​IDENTITY NAT MAPPED SERVICE OBJECT IDENTITY networking_​device_​service_​object_​name_​identity

Create Network Object

Summary
Create a network object.
Description
This task creates a network object.
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Network Object Name Network Object Name gen_​text_​input Y
IP Address IP Address gen_​text_​input Y
Description Description gen_​text_​input
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name
OUTPUT_​NETWORK_​OBJECT_​IDENTITY Network Object Identity NATSource​Or​Destination​Identity
OUTPUT_​NETWORK_​OBJECT Network Object gen_​text_​input
OUTPUT_​NETWORK_​OBJECT_​MEMBER Network Object Host/Range/Network gen_​text_​input

Create Network Object Group

Summary
Description
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Network Object Group Name Network Object Group Name gen_​text_​input Y
Description Description gen_​text_​input
Host Provide Host gen_​text_​input
Network Address Network Address gen_​text_​input
Network Object Select Network Object NATSource​Or​Destination​Identity
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
ASA_​NETWORK_​OBJECT_​GROUP_​NAME Network Object Group Name gen_​text_​input
ASA_​NETWORK_​OBJECT_​GROUP_​HOST Network Object Group Host gen_​text_​input
ASA_​NETWORK_​OBJECT_​GROUP_​IP Network Object Group IP Address gen_​text_​input
ASA_​NETWORK_​OBJECT_​NAME Network Object Name ASANetwork​Object​Identity
ASA_​NETWORK_​OBJECT_​GROUP_​IDENTITY Network Object Group Identity ASANetwork​Object​Group​Identity

Create Security Context

Summary
Create a Security Context for a PIX ASA.
Description
This task creates a security context in a private internet exchange (PIX) adaptive security appliance (ASA).
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Context Name Security Context Name gen_​text_​input Y
Context Description Security Context Description gen_​text_​input Y
File Name Security Context configuration file Name gen_​text_​input
Out​Side Interface Name Out​Side Interface name to apply the Context ASAInterface​Identity Y
Inside Interfaces Inside Interfaces to apply the Context ASAInside​Interface​Identity Y
Out​Side Interface Name Out​Side Interface name to apply the Context ASAContext​Interface​Identity
Inside Interfaces Inside Interfaces to apply the Context ASAContext​Interface​Identity
Management Interface Management Interface name to apply the Context ASAContext​Interface​Identity
Mode Firewall mode gen_​text_​input
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name
OUTPUT_​SECURITY_​CONTEXT_​NAME_​DESC Security Context Description gen_​text_​input
OUTPUT_​SECURITY_​CONTEXT_​CONFIG_​FILE_​NAME Security Context configuration file Name gen_​text_​input
OUTPUT_​SECURITY_​CONTEXT_​OUTSIDE_​INTERFACES Out​Side Interface name to apply the Context gen_​text_​input
OUTPUT_​SECURITY_​CONTEXT_​OUTSIDE_​INTERFACES_​IDENTITY Out​Side Interface Identity to apply the Context ASAInterface​Identity
OUTPUT_​SECURITY_​CONTEXT_​INSIDE_​INTERFACES Inside Interfaces to apply the Context gen_​text_​input
OUTPUT_​SECURITY_​CONTEXT_​INSIDE_​INTERFACES_​IDENTITY Inside Interfaces Identity to apply the Context ASAInterface​Identity
OUTPUT_​SECURITY_​CONTEXT_​MGMT_​INTERFACES Management Interface name to apply the Context ASAInterface​Identity
OUTPUT_​SECURITY_​CONTEXT_​OUTSIDE_​INTERFACES_​ALIAS Out​Side Interface alias name to apply the Context ASAInterface​Identity
OUTPUT_​SECURITY_​CONTEXT_​INSIDE_​INTERFACES_​ALIAS Inside Interfaces alias to apply the Context ASAInterface​Identity
OUTPUT_​SECURITY_​CONTEXT_​MGMT_​INTERFACES_​ALIAS Management Interface alias name to apply the Context ASAInterface​Identity
OUTPUT_​SECURITY_​CONTEXT_​FIREWALL_​MODE Firewall mode gen_​text_​input
OUTPUT_​ASA_​DEVICE_​WITH_​CONTEXT_​IDENTITY ASA Device Identity NETWORKING_​ASA_​DEVICE

Create Service Object

Summary
Create a service object.
Description
This task creates a service object.
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Service Object Name Service Object Name gen_​text_​input Y
Description Description gen_​text_​input
Protocol Specify protocol for the rule NATDevice​Protocol​Identity
Source Operator Source Operator ASADevice​Source​Operator​Identity
Source Port Source Port gen_​text_​input
Destination Operator Destination Operator ASADevice​Destination​Operator​Identity
Destination Port Destination Port gen_​text_​input
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name
OUTPUT_​ASA_​SERVICE_​OBJECT_​NAME_​IDENTITY Service Object Name on which selected operation performed.​ networking_​device_​service_​object_​name_​identity

Delete Network Object

Summary
Delete a network object.
Description
This task deletes a network object.
Inputs
Input Description Mappable To Type Mandatory
Network Object Select the Network Object NATSource​Or​Destination​Identity Y
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name
OUTPUT_​NETWORK_​OBJECT_​IDENTITY Network Object Identity NATSource​Or​Destination​Identity
OUTPUT_​NETWORK_​OBJECT Network Object gen_​text_​input

Delete Network Object Group

Summary
Description
Inputs
Input Description Mappable To Type Mandatory
Network Object Group Name Network Object Group Name ASANetwork​Object​Group​Identity Y
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
ASA_​NETWORK_​OBJECT_​GROUP_​NAME Network Object Group Name gen_​text_​input
ASA_​NETWORK_​OBJECT_​GROUP_​IDENTITY Network Object Group Identity ASANetwork​Object​Group​Identity

Delete Service Object

Summary
Delete a service object.
Description
This task deletes a service object.
Inputs
Input Description Mappable To Type Mandatory
Service Object Name Service Object Name networking_​device_​service_​object_​name_​identity Y
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name
OUTPUT_​ASA_​SERVICE_​OBJECT_​NAME_​IDENTITY Service Object Name on which selected operation performed.​ networking_​device_​service_​object_​name_​identity

Deploy ASAv OVF

Summary
Description
Inputs
Input Description Mappable To Type Mandatory
Select v​DC Select v​DC on which to perform the action v​DC Y
ASAv OVF OVF URL Y
ASAv Policy Asav Policy Y
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE_​NAME Network device name on which selected operation is performed.​ networking_​device_​name
OUTPUT_​VM_​ID ID of the VM on which the selected operation was performed vm

Remove Security Context

Summary
Remove the Security Context of a PIX ASA.
Description
This task removes the security context of a private internet exchange (PIX) adaptive security appliance (ASA).
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Context Name Security Context Name networking_​security_​context_​name Y
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
No Outputs

TrustSec Refresh

Summary
Description
Inputs
Input Description Mappable To Type Mandatory
Select Device Select Device networking_​device Y
Copy Running configuration to Startup configuration Select this option to copy running configuration to startup configuration
Outputs
Output Description Type
DATACENTER Name of the Datacenter on which the selected operation was performed datacenter​Name
DEVICE_​IP IP address of the device on which the selected operation was performed gen_​text_​input
OUTPUT_​NETWORKING_​DEVICE Network device on which selected operation performed.​ networking_​device
OUTPUT_​SECURITY_​CONTEXT_​NAME Security Context name on which selected operation performed.​ networking_​security_​context_​name