Vendor
Product
ASA
OS Versions:
^3.227.0+2023.1.33
Method
Category
Network Services
Project Type
Workflow Project
View Repository
Workflow
Cisco ASA Device - Example Use Cases - Managed by CLI in IAG
Overview
The integration of Itential and Cisco ASA enables network teams to utilize its CLI to build automations that can include common tasks for managing ACL rules and performing software upgrades. This is a library of related automations that can be used as modular components in your own larger, end-to-end workflows.
Workflows
| Name | Overview |
|---|---|
| Add ACL Rule - ASA - IAG | Workflow to add a new ACL Rule to a Cisco ASA device using IAG. |
| Delete ACL Rule - ASA - IAG | Workflow to delete an ACL from a Cisco ASA Device using IAG. |
| Software Upgrade - ASA - IAG | Workflow to perform a software upgrade on a Cisco ASA device. |
For further technical details on how to install and use this Workflow Project, please click the Technical Documentation tab.
Table of Contents
Getting Started
This section is helpful for deployments as it provides you with pertinent information on prerequisites and properties.
Helpful Background Information
Workflows often include logic that varies from business to business. As a result, we often find that our Workflow Projects are more useful as modular components that can be incorporated into a larger process. In addition, they often can add value as a learning tool on how we integrate with other systems and how we do things within the Itential Automation Platform.
While these can be utilized, you may find more value in using them as a starting point to build around.
Prerequisites
Itential Workflow Projects are built and tested on particular versions of IAP. In addition, Workflow Projects are often dependent on external systems and as such, these Workflow Projects will have dependencies on these other systems. This version of Cisco - ASA - IAG has been tested with:
- IAP 2023.2
External Dependencies
| Name | OS Version | API Version |
|---|---|---|
| Itential Automation Gateway (IAG) | ^3.227.0+2023.1.33 |
Adapters
| Name | Version | Configuration Notes |
|---|---|---|
| adapter-automation_gateway | 4.29.0-2023.1.12.0 |
How to Install
To install the Workflow Project:
- Verify you are running a supported version of the Itential Automation Platform (IAP) as listed above in the Supported IAP Versions section in order to install the Example Project.
- Import the Example Project in Admin Essentials.
Testing
Cypress is generally used to test all Itential Example Projects. While Cypress is an opensource tool, at Itential we have internal libraries that have been built around Cypress to allow us to test with a deployed IAP.
When certifying our Example Projects for a release of IAP we run these tests against the particular version of IAP and create a release branch in GitLab. If you do not see the Example Project available in your version of IAP please contact Itential.
While Itential tests this Example Project and its capabilities, it is often the case the customer environments offer their own unique circumstances. Therefore, it is our recommendation that you deploy this Example Project into a development/testing environment in which you can test the Example Project.
Using this Workflow Project
Workflow Projects contain 1 or more workflows. Each of these workflows have different inputs and outputs.
Add ACL Rule - ASA - IAG
Workflow to add a new ACL Rule to a Cisco ASA device using IAG.
Capabilities include:
- Creates a new ACL Rule on a Cisco ASA device.
Entry Point IAP Component
The primary IAP component to run Add ACL Rule - ASA - IAG is listed below:
| IAP Component Name | IAP Component Type | Add ACL Rule - ASA - IAG | Workflow |
|---|
Inputs
The following table lists the inputs for Add ACL Rule - ASA - IAG:
| Name | Type | Required | Description | Example Value |
|---|---|---|---|---|
| aclIdentifier | string | yes | Name of the ACL | example_acl |
| aclRuleLineNumber | number | yes | Line number for ACL rule. | 1 |
| aclRuleAction | string | yes | Action for ACL Rule. | permit |
| aclRuleSource | string | yes | Source IP address for ACL Rule | 192.168.1.0 |
| aclRuleSourceNetmask | string | yes | Subnet mask for source IP in dotted-decimal format. | 255.255.255.0 |
| aclRuleDestination | string | yes | Destination IP address for ACL Rule | 10.0.0.0 |
| aclRuleDestinationNetmask | string | yes | Subnet mask for destination IP in dotted-decimal format. | 255.255.255.0 |
| deviceName | string | yes | Name of the device as it appears in Automation Gateway. | test_asa |
| protocol | string | yes | Protocol for the ACL Rule. | ip |
Outputs
There are no outputs for Add ACL Rule - ASA - IAG.
Query Output
There are no query output examples for Add ACL Rule - ASA - IAG.
Example Inputs and Outputs
Example 1
Input:
{
"aclIdentifier": "example_acl",
"aclRuleLineNumber": 1,
"aclRuleAction": "permit",
"aclRuleSource": "192.168.1.0",
"aclRuleSourceNetmask": "255.255.255.0",
"aclRuleDestination": "10.0.0.0",
"aclRuleDestinationNetmask": "255.255.255.0",
"deviceName": "asa_test",
"protocol": "ip"
} Output:
{} API Links
No API Links provided.
Delete ACL Rule - ASA - IAG
Workflow to delete an ACL from a Cisco ASA Device using IAG.
Capabilities include:
- Deletes an ACL on a Cisco ASA device
Entry Point IAP Component
The primary IAP component to run Delete ACL Rule - ASA - IAG is listed below:
| IAP Component Name | IAP Component Type | Delete ACL Rule - ASA - IAG | Workflow |
|---|
Inputs
The following table lists the inputs for Delete ACL Rule - ASA - IAG:
| Name | Type | Required | Description | Example Value |
|---|---|---|---|---|
| aclIdentifier | string | yes | Name of the ACL to delete | example_acl |
| deviceName | string | yes | Name of the device as it appears in Automation Gateway | asa_device |
Outputs
There are no outputs for Delete ACL Rule - ASA - IAG.
Query Output
There are no query output examples for Delete ACL Rule - ASA - IAG.
Example Inputs and Outputs
Example 1
Input:
{
"aclIdentifier": "examle_acl",
"deviceName": "asa_device"
} Output:
{} API Links
No API Links provided.
Software Upgrade - ASA - IAG
Workflow to perform a software upgrade on a Cisco ASA device.
Capabilities include:
- Verify current software version and check if the image file used for upgrade is on the device
- Run pre-check commands
- Change the boot system image
- Reload the device
- Verify the new ASA image is now active on the device after reload
- Run post-check commands
- Optionally show the difference between the pre-check and post-check results
Entry Point IAP Component
The primary IAP component to run Software Upgrade - ASA - IAG is listed below:
| IAP Component Name | IAP Component Type | Software Upgrade - ASA - IAG | Workflow |
|---|
Inputs
The following table lists the inputs for Software Upgrade - ASA - IAG:
| Name | Type | Required | Description | Example Value |
|---|---|---|---|---|
| suppressSuccessMessage | boolean | yes | Set to false if want to approve config changes before pushing to device | false |
| suppressFailureMessage | boolean | yes | Set to false if want to view failure messages before procceeding | false |
| deviceName | string | yes | Name of the device in IAG to upgrade | asa_device |
| targetVersion | string | yes | Name of image file used to upgrade | asa9-14-4-smp-k8.bin |
| disk | string | yes | Storage location of images on device | boot: |
| currentVersion | string | yes | Name of current image file | asa9123-7-smp-k8.bin |
Outputs
There are no outputs for Software Upgrade - ASA - IAG.
Query Output
There are no query output examples for Software Upgrade - ASA - IAG.
Example Inputs and Outputs
Example 1
Input:
{
"suppressSuccessMessage": false,
"suppressFailureMessage": false,
"deviceName": "asa_device",
"targetVersion": "asa9-14-4-smp-k8.bin",
"disk": "boot:",
"currentVersion": "asa9123-7-smp-k8.bin"
} Output:
{} API Links
No API Links provided.
Additional Information
Support
Please use your Itential Customer Success account if you need support when using this Workflow Project.