cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
299
Views
0
Helpful
0
Replies
Highlighted
Beginner

Bug: ASA REST-API converts 'any' and 'any6' to 'any4' on POST

Hey,

I'm playing a lot with the ASA REST-API at the moment, and just noticed some strange behaviour I would consider a bug provided I did not miss anything.

My test system is an ASAv running on ESXi without a dedicated license.

I have a simple example rule, which looks as follows in ASA CLI notation and in JSON when pulled via REST from the ASA style:

access-list TEST line 24 extended deny ip any any

{

  "permit": false,

  "sourceAddress": {

    "kind": "AnyIPAddress",

    "value": "any6"

  },

  "destinationAddress": {

    "kind": "AnyIPAddress",

    "value": "any"

  },

  "sourceService": {

    "kind": "NetworkProtocol",

    "value": "ip"

  },

  "destinationService": {

    "kind": "NetworkProtocol",

    "value": "ip"

  },

  "active": true,

  "remarks": [],

  "ruleLogging": {

    "logStatus": "Default",

    "logInterval": 300

  }

},

(removed selfLink, objectID etc for shorter display)

I did then take exactly that JSON the ASA gave me and send it back via POST as a new rule of the same ACL.

I expected the ASA to reject the rule with HTTP 400 - DUPLICATE, as it usually does, but it takes the rule, because it converts the "any6" and "any" to "any4". The result looks like this:

access-list TEST line 25 extended deny ip any4 any4

{

  "permit": false,

  "sourceAddress": {

    "kind": "AnyIPAddress",

    "value": "any4"

  },

  "destinationAddress": {

    "kind": "AnyIPAddress",

    "value": "any4"

  },

  "sourceService": {

    "kind": "NetworkProtocol",

    "value": "ip"

  },

  "destinationService": {

    "kind": "NetworkProtocol",

    "value": "ip"

  },

  "active": true,

  "remarks": [],

  "ruleLogging": {

    "logStatus": "Default",

    "logInterval": 300

  }

}

Can anybody please advise on this?

Edit: Software versions used:

Cisco Adaptive Security Appliance Software Version 9.6(2)

Device Manager Version 7.6(2)

REST API Agent Version 1.3.2

Everyone's tags (4)