cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Firewalls

320
Views
0
Helpful
5
Replies
Beginner

Cisco ASA REST-API INTERNAL-SERVER-ERROR (All REST-API 1.3.2 versions) (ASA 9.8.x & 9.7.x) Context and no Context

I have been trying to do something with REST-API on Cisco ASA for more then a year, but for some reason I am only able to get the response 500 INTERNAL-SERVER-ERROR.

 

This is on Multi-Context system as well as an Single Context.

 

Config is done as written in the documentation of the ASA REST-API client.

 

Am I missing something?? Or is this a bug, that doesn't get fixed??

 

Attached debug logs doesn't tell me anything is realy wrong but a crash of Java.

 

Don't tell me to create a TAC case. So far Cisco TAC hasn't been very helpful for the cases I opened, still need to create a TAC case for a cisco VPN bug that is still there which nobody notices apparently.

Everyone's tags (1)
5 REPLIES
Highlighted
Advisor

Re: Cisco ASA REST-API INTERNAL-SERVER-ERROR (All REST-API 1.3.2 versions) (ASA 9.8.x & 9.7.x) Context and no Context

Are you seeing these java errors when you browse to the API [https://asa-managment-ip/api] ?

Beginner

Re: Cisco ASA REST-API INTERNAL-SERVER-ERROR (All REST-API 1.3.2 versions) (ASA 9.8.x & 9.7.x) Context and no Context

{"commonMessages":[{"level":"Error","code":"METHOD-NOT-ALLOWED"}],"entryMessages":[]}

 

No 500 error when directly going to /api

 

 

[ra agent event]: 2018-08-16 13:25:21,307 DEBUG [startup] Enter Filter.beforeHandle() for uri:http://192.168.0.1/api

[ra agent event]: 2018-08-16 13:25:21,308 DEBUG [startup] The request URI, canonicalized URI, URLDecoded URI respectively are:http://192.168.0.1/api, http://192.168.0.1/api, http://192.168.0.1/api

[ra agent event]: 2018-08-16 13:25:21,309 DEBUG [startup] Exit Filter.beforeHandle() with CONTINUE status for uri:http://192.168.0.1/api

[ra agent event]: 2018-08-16 13:25:21,329 DEBUG [bulk] Inside RestletObject postData :  {"commonMessages":[{"level":"Error","code":"METHOD-NOT-ALLOWED"}],"entryMessages":[]}

Advisor

Re: Cisco ASA REST-API INTERNAL-SERVER-ERROR (All REST-API 1.3.2 versions) (ASA 9.8.x & 9.7.x) Context and no Context

In what application are you getting the Java errors?
Beginner

Re: Cisco ASA REST-API INTERNAL-SERVER-ERROR (All REST-API 1.3.2 versions) (ASA 9.8.x & 9.7.x) Context and no Context

Direct URL

RESTCLient firefox add-on

https://firewall ip/doc/

 

Doesn't matter which restapi url I use always internal-server-error.

 

So if somebody gives me working samples (URL/Python) to try please do so, because everything I try doens't work.

Beginner

Re: Cisco ASA REST-API INTERNAL-SERVER-ERROR (All REST-API 1.3.2 versions) (ASA 9.8.x & 9.7.x) Context and no Context

Do you have AAA running on the ASA? I'm seeing the same behavior you are and this was the response from Cisco because we use Command Authorization:

Command Authorization

If command authorization is configured to use an external AAA server (for example, aaa authorization command < TACACS+_server >), then a user named enable_1 must exist on that server with full command privileges.

 

From: https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html#pgfId-61953

CreatePlease to create content
Ask the Expert- Endpoint Security