adding test file with some acl tests

src/unit_tests/ImporterTest/test_data/asa8.3-acl.test

@@ -0,0 +1,194 @@
+: Saved
+:
+ASA Version 8.3(2) 
+!
+hostname asa5505
+
+
+interface Vlan1
+  nameif inside
+  security-level 100
+  ip address 192.168.1.1 255.255.255.0 
+exit
+
+interface Vlan2
+  nameif outside
+  security-level 0
+  ip address dhcp setroute 
+exit
+
+interface Ethernet0/0
+  description Switch port 0/0
+exit
+
+
+no logging buffered
+no logging console
+no logging timestamp
+no logging on
+
+
+timeout xlate 0:0:0 
+timeout conn 0:0:0 
+timeout udp 0:0:0 
+timeout sunrpc 0:0:0 
+timeout h323 0:0:0 
+timeout sip 0:0:0 
+timeout sip_media 0:0:0 
+timeout half-closed 0:0:0 
+timeout uauth 0:0:0 
+
+
+clear config ssh
+aaa authentication ssh console LOCAL
+
+clear config snmp-server
+no snmp-server enable traps
+
+clear config ntp
+
+
+no service resetinbound
+no service resetoutside
+no sysopt connection timewait
+no sysopt nodnsalias inbound
+no sysopt nodnsalias outbound
+
+
+class-map inspection_default
+  match default-inspection-traffic
+
+policy-map global_policy
+  class inspection_default
+
+service-policy global_policy global
+
+
+
+clear xlate
+clear config nat
+clear config access-list
+clear config icmp
+clear config telnet
+clear config object-group
+clear config object
+
+
+object service http.0
+  service tcp destination eq 80
+exit
+
+object service https.0
+  service tcp destination eq 443
+exit
+
+object network server-1.0
+  host 192.168.1.100
+exit
+
+object network Internal_net.0
+  subnet 192.168.1.0 255.255.255.0
+exit
+
+object-group service id5102X14531.srv.tcp.0 tcp
+  port-object eq 80
+  port-object eq 443
+exit
+
+object service ip2 
+ service eigrp 
+
+object-group protocol pg1
+ protocol-object 111
+ protocol-object ah
+ protocol-object ip
+ protocol-object eigrp
+
+
+!################
+! 
+
+! remark
+access-list inside_in  remark 0 (global)
+
+! protocols, including named object and object group
+!
+access-list inside_in  permit   ah 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   eigrp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   esp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   gre 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   icmp 192.168.1.0 255.255.255.0 any
+!  access-list inside_in  permit   icmp6 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   igmp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   igrp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   ip 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   ipinip 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   ipsec 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   nos 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   object ip2 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   object-group pg1 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   ospf 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   pcp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   pim 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   pptp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   snp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   tcp 192.168.1.0 255.255.255.0 any
+access-list inside_in  permit   udp 192.168.1.0 255.255.255.0 any
+
+! named object reference in source
+access-list inside_in permit ip object Internal_net.0 any 
+access-list inside_in  remark 3 (global)
+
+! logging
+access-list inside_in deny   ip any any log 0 interval 300
+
+
+! more complex tests: named objects, object groups, inline address and
+! port definitions in both source and destination
+
+access-list inside_in permit tcp object server-1.0 object-group id5102X14531.srv.tcp.0 any
+access-list inside_in permit tcp object server-1.0 eq 80 any
+access-list inside_in permit tcp object server-1.0 gt 1010 any
+access-list inside_in permit tcp object server-1.0 lt 1024 any
+access-list inside_in permit tcp object server-1.0 range 1010 1020 any
+access-list inside_in permit tcp object server-1.0 neq 88 any
+
+access-list inside_in permit tcp 192.168.2.0 255.255.255.192 object-group id5102X14531.srv.tcp.0  any
+access-list inside_in permit tcp 192.168.2.0 255.255.255.192 eq 80 any
+access-list inside_in permit tcp 192.168.2.0 255.255.255.192 gt 1010 any
+access-list inside_in permit tcp 192.168.2.0 255.255.255.192 lt 1024 any
+access-list inside_in permit tcp 192.168.2.0 255.255.255.192 range 1010 1020 any
+access-list inside_in permit tcp 192.168.2.0 255.255.255.192 neq 88 any
+
+
+access-list inside_out permit tcp any object server-1.0 object-group id5102X14531.srv.tcp.0 
+access-list inside_out permit tcp any object server-1.0 eq 80
+access-list inside_out permit tcp any object server-1.0 gt 1010
+access-list inside_out permit tcp any object server-1.0 lt 1024
+access-list inside_out permit tcp any object server-1.0 range 1010 1020
+access-list inside_out permit tcp any object server-1.0 neq 88
+
+access-list inside_out permit tcp any 192.168.2.0 255.255.255.192 object-group id5102X14531.srv.tcp.0 
+access-list inside_out permit tcp any 192.168.2.0 255.255.255.192 eq 80
+access-list inside_out permit tcp any 192.168.2.0 255.255.255.192 gt 1010
+access-list inside_out permit tcp any 192.168.2.0 255.255.255.192 lt 1024
+access-list inside_out permit tcp any 192.168.2.0 255.255.255.192 range 1010 1020
+access-list inside_out permit tcp any 192.168.2.0 255.255.255.192 neq 88
+
+
+! access-group statements
+
+access-group inside_in in interface inside
+access-group inside_out out interface inside
+access-group outside_in in interface outside
+access-group outside_out out interface outside
+
+
+! 
+! Rule  0 (NAT)
+nat (inside,outside) source dynamic Internal_net.0 interface description "0 (NAT)"
+! 
+! Rule  1 (NAT)
+nat (outside,inside) source static any any destination static interface server-1.0 service http.0 http.0 description "1 (NAT)"
+nat (outside,inside) source static any any destination static interface server-1.0 service https.0 https.0 description "1 (NAT)"
+