Like in my previous post in the new development version 2.2. from Ansible are new IOS and ASA core modules.
Here an example of the asa_config and asa_acl module to create and object-group in the first step and create the inside create access-list:
- name: Cisco ASA access-list config connection: local hosts: firewall gather_facts: false vars: cli: username: "{{ username }}" password: "{{ password }}" host: "{{ device_ip }}" authorize: yes auth_pass: cisco tasks: - name: create object group asa_config: lines: - network-object host 10.1.0.1 - network-object host 10.1.0.2 - network-object host 10.1.0.3 parents: ['object-group network dummy-group'] provider: "{{ cli }}" # register: result - name: configure access-list asa_acl: lines: - access-list acl_inside extended permit tcp object-group dummy-group any eq www - access-list acl_inside extended permit udp object-group dummy-group any eq domain - access-list acl_inside extended deny ip any any before: clear configure access-list acl_inside match: strict replace: block provider: "{{ cli }}" # register: result - debug: var=result
Here output when you run the playbook the first time:
ansible-playbook cisco/asa_access-list_config.yml -i cisco/hosts PLAY [Cisco ASA access-list config] ******************************************** TASK [create object group] ***************************************************** changed: [fw1] TASK [configure access-list] *************************************************** changed: [fw1] TASK [debug] ******************************************************************* ok: [fw1] => { "result": "VARIABLE IS NOT DEFINED!" } PLAY RECAP ********************************************************************* fw1 : ok=3 changed=2 unreachable=0 failed=0
Here the output then you run the playbook a second time, you see nothing is changed:
ansible-playbook cisco/asa_access-list_config.yml -i cisco/hosts PLAY [Cisco ASA access-list config] ******************************************** TASK [create object group] ***************************************************** ok: [fw1] TASK [configure access-list] *************************************************** ok: [fw1] TASK [debug] ******************************************************************* ok: [fw1] => { "result": "VARIABLE IS NOT DEFINED!" } PLAY RECAP ********************************************************************* fw1 : ok=3 changed=0 unreachable=0 failed=0
Read my new post about an Ansible Playbook for Cisco ASAv Firewall Topology