Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
225 lines (170 sloc) 7.27 KB

Cisco ASA Ansible Module Docs

Manage Cisco ASA devices with Ansible using the ASA REST API


Requirements


Modules


cisco_asa_ikev1_policy

Creates deletes or edits ikev1 policies.

  • Synopsis
  • Options
  • Examples

Synopsis

Creates deletes or edits ikev1 policies.

Options

Parameter required default choices comments
username yes Username for device
hash no
  • md5
  • sha
Hash Algorithm
encryption no
  • des
  • 3des
  • aes-128
  • aes-192
  • aes-256
Encryption Algorithm
state yes
  • present
  • absent
State of the object
group no
  • 1
  • 2
  • 5
Diffie-Hellman group
priority yes
  • 1-65535
The priority number of the ikev1 policy.
authentication no
  • pre-share
  • rsa-sig
Authentication method
host yes Typically set to {# inventory_hostname #}
lifetime yes
  • 120-2147483647
SA Lifetime (seconds)
password yes Password for the device
validate_certs no
  • no
  • yes
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Examples


# Create an IKEv1 policy
- cisco_ikev1_policy:
    host={{ inventory_hostname }}
    username=api_user
    password=APIpass123
    state=present
    validate_certs=no
    priority=100
    authentication=pre-share
    encryption=aes-256
    hash=sha
    group=5
    lifetime=28800


# Remove an IKEv1 policy
- cisco_ikev1_policy:
    host={{ inventory_hostname }}
    username=api_user
    password=APIpass123
    policy=12
    state=absent
    validate_certs=no


cisco_asa_network_object

Creates deletes or edits network objects.

  • Synopsis
  • Options
  • Examples

Synopsis

Configures network objects

Options

Parameter required default choices comments
category no
  • ipv4_address
  • ipv6_address
  • ipv4_subnet
  • ipv6_subnet
  • ipv4_range
  • ipv6_range
  • ipv4_fqdn
  • ipv6_fqdn
The type of object you are creating. Use slash notation for subnets, i.e. 192.168.0.0/24. Use - for ranges, i.e. 192.168.0.1-192.168.0.10.
username yes Username for device
description no Description of the object
state yes
  • present
  • absent
State of the object
value no The data to enter into the network object
host yes Typically set to {# inventory_hostname #}
password yes Password for the device
validate_certs no
  • no
  • yes
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.
name yes Name of the network object

Examples


# Create a network object for a web server
- cisco_asa_network_object:
    host={{ inventory_hostname }}
    username=api_user
    password=APIpass123
    name=tsrv-web-1
    state=present
    category=ipv4_address
    description='Test web server'
    value='10.12.30.10'
    validate_certs=no

# Remove test webserver
- cisco_asa_network_object:
    host={{ inventory_hostname }}
    username=api_user
    password=APIpass123
    name=tsrv-web-2
    state=absent
    validate_certs=no


cisco_asa_network_objectgroup

Creates deletes or edits network object-groups.

  • Synopsis
  • Options
  • Examples

Synopsis

Configures network object-groups

Options

Parameter required default choices comments
category no
  • ipv4_address
  • ipv6_address
  • ipv4_subnet
  • ipv6_subnet
  • ipv4_range
  • ipv6_range
  • ipv4_fqdn
  • ipv6_fqdn
  • object
  • object_group
The type of object you are creating. Use slash notation for networks, i.e. 192.168.0.0/24. Use - for ranges, i.e. 192.168.0.1-192.168.0.10.
username yes Username for device
name yes Name of the network object
entry_state no
  • present
  • absent
State of the entire object-group
value no The data to enter into the network object
state yes
  • present
  • absent
State of the entire object-group
members no NOT YET IMPLEMENTED Variable containing all the objects within the network object-group
host yes Typically set to {# inventory_hostname #}
password yes Password for the device
validate_certs no
  • no
  • yes
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.
description no Description of the object

Examples


# Create a network object for a web server
- cisco_asa_network_object:
    host={{ inventory_hostname }}
    username=api_user
    password=APIpass123
    name=tsrv-web-1
    state=present
    category=IPv4Address
    description='Test web server'
    value='10.12.30.10'
    validate_certs=no

# Remove test webserver
- cisco_asa_network_object:
    host={{ inventory_hostname }}
    username=api_user
    password=APIpass123
    name=tsrv-web-2
    state=absent
    validate_certs=no


cisco_asa_write_mem

Saves the configuration.

  • Synopsis
  • Options
  • Examples

Synopsis

Issues the write mem command on the unit

Options

Parameter required default choices comments
username yes Username for device
host yes Typically set to {# inventory_hostname #}
password yes Password for the device
validate_certs no
  • no
  • yes
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Examples


# Save the running configuration
- cisco_asa_write_mem:
    host={{ inventory_hostname }}
    username=api_user
    password=APIpass123
    validate_certs=no




Documentation generated with Ansible Webdocs.