Skip to content

Commit

Permalink
feat(neutron-understack): add Cisco ASA interfaces
Browse files Browse the repository at this point in the history 
Support managing the interfaces on the Cisco ASAs so that we can connect
different networks to the specific firewall.
  • Loading branch information
@cardoe
cardoe committed Dec 19, 2024
1 parent 90cffb4 commit 28387e5
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 0 deletions.
53 changes: 53 additions & 0 deletions python/neutron-understack/neutron_understack/cisco_asa.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,3 +106,56 @@ def delete_nat(self, inside_ip_addr: str) -> bool:
]

return self._make_request("delete_nat", cmds)

def create_inside_interface(
self,
asa_phys_inf: str,
asa_inside_inf: str,
vlan: int,
gateway_ip: str,
standby_ip: str,
netmask: str,
) -> bool:
cmds = [
f"interface {asa_phys_inf}.{vlan}",
f"vlan {vlan}",
f"nameif {asa_inside_inf}",
f"ip address {gateway_ip} {netmask} standby {standby_ip}",
]
return self._make_request("create_inside_interface", cmds)

def delete_inside_interface(self, asa_phys_inf: str, vlan: int) -> bool:
cmds = [
f"no interface {asa_phys_inf}.{vlan}",
]
return self._make_request("delete_inside_interface", cmds)

def create_interface_access_list(self, asa_inside_inf: str) -> bool:
cmds = [
f"access-list {asa_inside_inf} permit ip any any",
f"access-group {asa_inside_inf} in interface {asa_inside_inf}",
]
return self._make_request("create_interface_access_list", cmds)

def delete_interface_access_list(self, asa_inside_inf: str) -> bool:
cmds = [
f"no access-list {asa_inside_inf} permit ip any any",
]
return self._make_request("delete_interface_access_list", cmds)

def create_default_pat(
self, outside_ip_addr: str, asa_outside_inf: str, asa_inside_inf: str
) -> bool:
cmds = [
f"object network OBJ-{outside_ip_addr}",
# next entry spans two lines NO COMMA so its one command
f"nat ({asa_inside_inf},{asa_outside_inf}) after-auto source "
f"dynamic any OBJ-{outside_ip_addr}",
]
return self._make_request("create_default_pat", cmds)

def delete_default_pat(self, outside_ip_addr: str) -> bool:
cmds = [
f"no object network OBJ-{outside_ip_addr}",
]
return self._make_request("delete_default_pat", cmds)
10 changes: 10 additions & 0 deletions python/neutron-understack/neutron_understack/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,16 @@
help="ASA interface for outside connections",
default="OUTSIDE",
),
cfg.StrOpt(
"outside_physical",
help="Physical Interface for outside connections",
default="GigabitEthernet1/1",
),
cfg.StrOpt(
"inside_physical",
help="Physical Interface for inside connections",
default="GigabitEthernet1/2",
),
]


Expand Down

0 comments on commit 28387e5

Please sign in to comment.