Saturday, 13 July 2019

Ansible playbook to sanity check on cisco firewall ASA


Health check commands: 


---
- hosts: sw
  connection: network_cli
  tasks:
   - name: show commands
     asa_commands:
                commands:
                          -  show version
                          -  show uptime
                          -  show memory
                          - show asadrops
            delegate_to: localhost
            register: managedhost_output
   - name: print           
             debug:
             msg: "{{ managedhost_output.stdout }}"

- No comments:

Ansible playbook for Network Object Creation on cisco firewall ASA




---
- hosts: asa
  tasks:
   - name: configure network object
      asa_og:
              name: ansible
              group_type: network-object
              state: present
              desciption: ansible testing
              host_ip:
                - 192.168.10.10
               group_object:
               - internal router


- No comments:

Ansible playbook for Service Object Creation on cisco firewall ASA




---
- hosts: asa
  tasks:
  - name: asa_config module
    asa_config:
             provider:
             authorize: yes
             host: 192.22.110.96
             username: cisco
             password: cisco123
             auth_pass:      cisco123 
  - name: Add service-object
   asa_og:
     name: ansible_test_2
             host: 8.8.8.8
     group_type: service-object
     state: present
             protocol: tcp
     description: 'HTTP'

- No comments:

Ansible playbook for Access list Creation on cisco firewall ASA ( Web Policy Restriction )




---
- hosts: asa
  connection: cli
  vars:
            cli:
    host: 192.168.1.1
    username: cisco
    password: cisco123
    transport: cli
    authorize: yes
    auth_pass: cisco
  tasks:
   - name: restricting google
     - asa_acl:
         lines:
                          - access-list ACL-OUTSIDE extended deny tcp any host 8.8.8.8 eq 80
                          context: cisco
                          provider: "{{ cli }}"

- No comments:

Ansible playbook for VLAN Creation on cisco switch




---
- hosts: sw
  connection: network_cli
  tasks:
   - name: creating vlan
     ios_vlan:
               authorize: yes
               provider:
                username: cisco
                        password: cisco123
                        host: 172.22.110.201
               vlan_id: 20
               name: testvlan1
               state: present










- No comments:

Ansible playbook for User Creation on cisco switch



---
- hosts: sw
  connection: network_cli
  tasks:
   - name: creating user
     ios_config:
               provider:
                username: cisco
                        password: cisco123
                        host:  172.22.110.201
               lines:
        - username srini privilege 1 password secret456
        - line console 0
        - login local
        - end      
- No comments:

Ansible playbook for Banner Creation on cisco switch




---
- hosts: sw
  connection: network_cli
  tasks:
   - name: install banner
     ios_banner:
        banner: motd
        text: |
        unauthorized access is prohibited
        state: present     

- No comments:
Subscribe to: Comments (Atom)

Git

1 git add ↳ It lets you add changes from the working directory into the staging area 2 git commit ↳ It lets you save a snapshot of currently...