Unable to use HTTPS Managment “API” on Cisco ASA 9.12Cisco ASA ACL helphttps url filtering on Cisco ASA 5520Unable to save ASA configSSD status on Cisco ASAASA unable to pass ICMP and RDP through internal interfacesASA / WCCP issue with https service group 70Unable to properly configure ASA 5512 with WAN IPUnable to reach public IPs of servers behind ASA 5512Oxidized Unable to Pull Cisco ASA ConfigCisco ASA rekeying

What's the most polite way to tell a manager "shut up and let me work"?

If a massive object like Jupiter flew past the Earth how close would it need to come to pull people off of the surface?

What should I do about a religious player who refuses to accept the existence of multiple gods in D&D?

California: "For quality assurance, this phone call is being recorded"

Is there a term for this?

Select row of data if next row contains zero

Recording the inputs of a command and producing a list of them later on

The deliberate use of misleading terminology

Is there a rule that prohibits us from using 2 possessives in a row?

Are grass strips more dangerous than tarmac?

Is having a hidden directory under /etc safe?

What does it mean by "d-ism of Leibniz" and "dotage of Newton" in simple English?

How crucial is a waifu game storyline?

Is the world in Game of Thrones spherical or flat?

TV show or movie: Diseased people are exiled to a spaceship

What does War Machine's "Canopy! Canopy!" line mean in "Avengers: Endgame"?

Why is Colorado so different politically from nearby states?

Why would Lupin kill Pettigrew?

How do I truncate a csv file?

How can I offer a test ride while selling a bike?

Explain Ant-Man's "not it" scene from Avengers: Endgame

How much current can Baofeng UV-5R provide on +V pin?

What is the right way to float a home lab?

Coding Challenge Solution - Good Range



Unable to use HTTPS Managment “API” on Cisco ASA 9.12


Cisco ASA ACL helphttps url filtering on Cisco ASA 5520Unable to save ASA configSSD status on Cisco ASAASA unable to pass ICMP and RDP through internal interfacesASA / WCCP issue with https service group 70Unable to properly configure ASA 5512 with WAN IPUnable to reach public IPs of servers behind ASA 5512Oxidized Unable to Pull Cisco ASA ConfigCisco ASA rekeying













2















After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



Example curl that is functional in prior code (9.8 or 9.10):



curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


Now, instead of the output of that command, we are receiving a 400 Bad Request error.



What changed?






cisco cisco-asa api







share|improve this question


























    2















    After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



    Example curl that is functional in prior code (9.8 or 9.10):



    curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


    Now, instead of the output of that command, we are receiving a 400 Bad Request error.



    What changed?






    cisco cisco-asa api







    share|improve this question
























      2












      2








      2








      After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



      Example curl that is functional in prior code (9.8 or 9.10):



      curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


      Now, instead of the output of that command, we are receiving a 400 Bad Request error.



      What changed?






      cisco cisco-asa api







      share|improve this question














      After upgrading a Cisco ASA to code version 9.12(1)3, I am unable to reach the HTTPS management interface, which we use for many automation tools.



      Example curl that is functional in prior code (9.8 or 9.10):



      curl -k -u mah_user https://10.10.10.1/admin/exec/show+version


      Now, instead of the output of that command, we are receiving a 400 Bad Request error.



      What changed?






      cisco cisco-asa api




      cisco cisco-asa api






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 24 at 1:55









      Brett LykinsBrett Lykins

      7,44352964




      7,44352964




















          1 Answer
          1






          active

          oldest

          votes


















          3














          As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



          In the ASA code version 9.12 release notes, it specifies the following:




          Allow non-browser-based HTTPS clients to access the ASA



          You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



          New/Modified commands: http server basic-auth-client




          What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



          In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



          You can either do one of the following:




          1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



            • Example config: http server basic-auth-client mah_user_agent

            • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



          2. Use one of the pre-existing/supported user-agent headers:



            • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


          Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



          It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "496"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f59366%2funable-to-use-https-managment-api-on-cisco-asa-9-12%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            3














            As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



            In the ASA code version 9.12 release notes, it specifies the following:




            Allow non-browser-based HTTPS clients to access the ASA



            You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



            New/Modified commands: http server basic-auth-client




            What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



            In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



            You can either do one of the following:




            1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



              • Example config: http server basic-auth-client mah_user_agent

              • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



            2. Use one of the pre-existing/supported user-agent headers:



              • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


            Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



            It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






            share|improve this answer



























              3














              As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



              In the ASA code version 9.12 release notes, it specifies the following:




              Allow non-browser-based HTTPS clients to access the ASA



              You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



              New/Modified commands: http server basic-auth-client




              What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



              In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



              You can either do one of the following:




              1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



                • Example config: http server basic-auth-client mah_user_agent

                • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



              2. Use one of the pre-existing/supported user-agent headers:



                • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


              Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



              It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






              share|improve this answer

























                3












                3








                3







                As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



                In the ASA code version 9.12 release notes, it specifies the following:




                Allow non-browser-based HTTPS clients to access the ASA



                You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



                New/Modified commands: http server basic-auth-client




                What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



                In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



                You can either do one of the following:




                1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



                  • Example config: http server basic-auth-client mah_user_agent

                  • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



                2. Use one of the pre-existing/supported user-agent headers:



                  • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


                Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



                It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.






                share|improve this answer













                As of ASA code 9.12, you must provide a user-agent header with your HTTP requests to the ASA management interface.



                In the ASA code version 9.12 release notes, it specifies the following:




                Allow non-browser-based HTTPS clients to access the ASA



                You can allow non-browser-based HTTPS clients to access HTTPS services on the ASA. By default, ASDM, CSM, and REST API are allowed.



                New/Modified commands: http server basic-auth-client




                What they do not explicitly spell out in this output, is that the ASA management "API" was not previously a supported way to access the ASA. It was intended to be used by the ASDM or their own REST API wrapper.



                In opening it up for "the rest of us" and making it supported behavior (which they needed to do because there is no ASA REST API java applet on the ASA code running on Firepower hardware), they added some new restrictions.



                You can either do one of the following:




                1. Add user-agent headers with a value you specify in http server basic-auth-client <my-user-agent-goes-here>



                  • Example config: http server basic-auth-client mah_user_agent

                  • Example curl: curl -k -u mah_user -A mah_user_agent https://10.10.10.1/admin/exec/show+version



                2. Use one of the pre-existing/supported user-agent headers:



                  • Example curl: curl -k -u mah_user -A ASDM https://10.10.10.1/admin/exec/show+version


                Either one of these will work for you, although I prefer the second as it needs no config changes on the ASA to function.



                It is also worth noting, that in my testing you can also send the user-agent: ASDM header with all prior versions of ASA code as well, they just don't care what you send or set for that value.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered May 24 at 1:55









                Brett LykinsBrett Lykins

                7,44352964




                7,44352964



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Network Engineering Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f59366%2funable-to-use-https-managment-api-on-cisco-asa-9-12%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Get product attribute by attribute group code in magento 2get product attribute by product attribute group in magento 2Magento 2 Log Bundle Product Data in List Page?How to get all product attribute of a attribute group of Default attribute set?Magento 2.1 Create a filter in the product grid by new attributeMagento 2 : Get Product Attribute values By GroupMagento 2 How to get all existing values for one attributeMagento 2 get custom attribute of a single product inside a pluginMagento 2.3 How to get all the Multi Source Inventory (MSI) locations collection in custom module?Magento2: how to develop rest API to get new productsGet product attribute by attribute group code ( [attribute_group_code] ) in magento 2

                    Image
                    Is it safe to keep the GPU on 100% utilization for a very long time? What happens when the drag force exceeds the weight of an object falling into earth? shebang or not shebang The unknown and unexplained in science fiction Are wands in any sort of book going to be too much like Harry Potter? How do I minimise waste on a flight? Concatenate all values of the same XML element using XPath/XQuery Did any early RISC OS precursor run on the BBC Micro? Single supply non-inverting amplifier using op amp Employee is self-centered and affects the team negatively Why always 4...dxc6 and not 4...bxc6 in the Ruy Lopez Exchange? TikZ/PGF draw algorithm Learning how to read schematics, questions about fractional voltage in schematic How can I test a shell script in a "safe environment" to avoid harm to my computer? A♭ major 9th chord in Bach is unexpectedly dissonant/jazzy What detail can Hubble see on Mars? Drug Testing and Prescribed Medications Justific
                    Read more

                    Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

                    Image
                    Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
                    Read more

                    Magento 2.3: How do i solve this, Not registered handle, on custom form?How can i rewrite TierPrice Block in Magento2magento 2 captcha not rendering if I override layout xmlmain.CRITICAL: Plugin class doesn't existMagento 2 : Problem while adding custom button order view page?Magento 2.2.5: Overriding Admin Controller sales/orderMagento 2.2.5: Add, Update and Delete existing products Custom OptionsMagento 2.3 : File Upload issue in UI Component FormMagento2 Not registered handleHow to configured Form Builder Js in my custom magento 2.3.0 module?Magento 2.3. How to create image upload field in an admin form

                    Image
                    2000s (or earlier) cyberpunk novel: dystopia, mega storm, omnipresent noise How important is it for multiple POVs to run chronologically? PhD: When to quit and move on? Motorcyle Chain needs to be cleaned every time you lube it? Why do most airliners have underwing engines, while business jets have rear-mounted engines? How to supply water to a coastal desert town with no rain and no freshwater aquifers? How come a desk dictionary be abridged? What's the big deal about the Nazgûl losing their horses? Is this standard Japanese employment negotiations, or am I missing something? Should I increase my 401(k) contributions, or increase my mortgage payments Is there a way to change the aspect ratio of a DNG file? Why is there paternal, for fatherly, fraternal, for brotherly, but no similar word for sons? What can a novel do that film and TV cannot? Is conquering your neighbors to fight a greater enemy a valid strategy? /api/sitecore is not working in CD server
                    Read more