Cisco ASA REST API – Part III: Checking if prefix is directly connected
First published: 03/Jan/2017
Last update: 03/Jan/2017
It’s time to do some programming and really use REST API for something good. The first script will be used to check if specified prefix is directly connected to any of firewall interfaces. Script requires two arguiments: checked IP address and IP address of firewall. The execution of script will be as below
$ ./IfDirectlyConnected.pl Usage: IfDirectlyConnected.pl [Checked IP Address] [Firewall Management IP]
At this demo script require IP addresses to be used and is not checking if arguments are IP addresses, just simply validating if two it’s executed with two arguments.
Please take a moment to look back to my post Cisco ASA REST API – Lab topology and programming language where I explained the topology of simulated network and presented IP addresses assigned to each device. Routing is configured and all subnets are reachable.
We will test te script on asav-1
firewall. The expected results are as follow:
$ ./IfDirectlyConnected.pl 10.0.12.5 172.16.1.51 Checking address 10.0.12.5 on firewall 172.16.1.51 RESULT: Destination route is directly connected $ ./IfDirectlyConnected.pl 10.0.24.5 172.16.1.51 Checking address 10.0.24.5 on firewall 172.16.1.51 RESULT: Route in routing table but not directly connected $ ./IfDirectlyConnected.pl 10.0.99.5 172.16.1.51 Checking address 10.0.99.5 on firewall 172.16.1.51 RESULT: Subnet not in routing table
Script is available on my GitHub