diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java
index c0b0117fc7e..ffe70d19dc0 100644
--- a/api/src/com/cloud/network/Network.java
+++ b/api/src/com/cloud/network/Network.java
@@ -137,6 +137,7 @@ public interface Network extends ControlledEntity, StateObject<Network.State>, I
         public static final Provider None = new Provider("None", false);
         // NiciraNvp is not an "External" provider, otherwise we get in trouble with NetworkServiceImpl.providersConfiguredForExternalNetworking 
         public static final Provider NiciraNvp = new Provider("NiciraNvp", false);
+        public static final Provider CiscoVnmc = new Provider("CiscoVnmc", true);
 
         private String name;
         private boolean isExternal;
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index b08e992abd2..37cb59f3758 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -476,6 +476,7 @@ public class ApiConstants {
     public static final String AFFINITY_GROUP_IDS = "affinitygroupids";
     public static final String AFFINITY_GROUP_NAMES = "affinitygroupnames";
     public static final String DEPLOYMENT_PLANNER = "deploymentplanner";
+    public static final String ASA_INSIDE_PORT_PROFILE = "insideportprofile";
 
     public enum HostDetails {
         all, capacity, events, stats, min;
diff --git a/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java b/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
index aeed81d2011..29ce2e3971d 100644
--- a/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
+++ b/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
@@ -43,6 +43,7 @@ public interface ExternalNetworkDeviceManager extends Manager {
         public static final NetworkDevice F5BigIpLoadBalancer = new NetworkDevice("F5BigIpLoadBalancer", Network.Provider.F5BigIp.getName());
         public static final NetworkDevice JuniperSRXFirewall = new NetworkDevice("JuniperSRXFirewall", Network.Provider.JuniperSRX.getName());
         public static final NetworkDevice NiciraNvp = new NetworkDevice("NiciraNvp", Network.Provider.NiciraNvp.getName());
+        public static final NetworkDevice CiscoVnmc = new NetworkDevice("CiscoVnmc", Network.Provider.CiscoVnmc.getName());
 
         public NetworkDevice(String deviceName, String ntwkServiceprovider) {
             _name = deviceName;
diff --git a/client/pom.xml b/client/pom.xml
index 08946b6d905..743cd363005 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -455,6 +455,11 @@
                   file="${basedir}/target/generated-webapp/WEB-INF/web.xml"
                   match="classpath:componentContext.xml"
                   replace="classpath:nonossComponentContext.xml" byline="true" />
+                <exec executable="cp">
+                    <arg value="-r" />
+                    <arg value="${basedir}/../plugins/network-elements/cisco-vnmc/scripts" />
+                    <arg value="${basedir}/target/generated-webapp/WEB-INF/classes/" />
+                </exec>
               </target>
             </configuration>
           </execution>
@@ -639,6 +644,11 @@
           <artifactId>cloud-vmware-base</artifactId>
           <version>${project.version}</version>
         </dependency>
+        <dependency>
+          <groupId>org.apache.cloudstack</groupId>
+          <artifactId>cloud-plugin-network-cisco-vnmc</artifactId>
+          <version>${project.version}</version>
+        </dependency>
       </dependencies>
     </profile>
   </profiles>
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index 798d226ca96..10fcfe3f687 100644
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -577,3 +577,14 @@ deleteAffinityGroup=15
 listAffinityGroups=15
 updateVMAffinityGroup=15
 listAffinityGroupTypes=15
+
+#### Cisco Vnmc commands
+addCiscoVnmcResource=1
+deleteCiscoVnmcResource=1
+listCiscoVnmcResources=1
+
+#### Cisco Asa1000v commands
+addCiscoAsa1000vResource=1
+deleteCiscoAsa1000vResource=1
+listCiscoAsa1000vResources=1
+
diff --git a/client/tomcatconf/nonossComponentContext.xml.in b/client/tomcatconf/nonossComponentContext.xml.in
index 3ede2634285..aac3b893a8a 100644
--- a/client/tomcatconf/nonossComponentContext.xml.in
+++ b/client/tomcatconf/nonossComponentContext.xml.in
@@ -136,6 +136,16 @@
     <property name="name" value="CiscoNexus1000vVSM"/>
   </bean>
   
+  <!--
+    Cisco VNMC support components
+  -->
+  <bean id="ciscoVnmcDaoImpl" class="com.cloud.network.dao.CiscoVnmcDaoImpl" />
+  <bean id="ciscoAsa1000vDaoImpl" class="com.cloud.network.dao.CiscoAsa1000vDaoImpl" />
+  <bean id="networkAsa1000vMapDaoImpl" class="com.cloud.network.dao.NetworkAsa1000vMapDaoImpl" />
+  <bean id="CiscoVNMC" class="com.cloud.network.element.CiscoVnmcElement">
+    <property name="name" value="CiscoVNMC"/>
+  </bean>
+  
   <!--
     BigSwitch support components
   -->  
@@ -324,6 +334,7 @@
           <ref bean="Netscaler"/>
           <ref bean="F5BigIP"/>
           <ref bean="CiscoNexus1000vVSM"/>
+          <ref bean="CiscoVNMC"/>
           <ref bean="NiciraNvp" />
           <ref bean="MidoNetElement" />
           <ref bean="bigSwitchVnsElement"/>
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
index f6f0923c7ae..122ba3b9dba 100644
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
@@ -52,7 +52,9 @@ import com.cloud.hypervisor.HypervisorGuru;
 import com.cloud.hypervisor.HypervisorGuruBase;
 import com.cloud.hypervisor.vmware.manager.VmwareManager;
 import com.cloud.hypervisor.vmware.mo.VirtualEthernetCardType;
+import com.cloud.network.Network.Provider;
 import com.cloud.network.NetworkModel;
+import com.cloud.network.Network.Service;
 import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
@@ -143,13 +145,23 @@ public class VMwareGuru extends HypervisorGuruBase implements HypervisorGuru {
 		    details.put(VmDetailConstants.ROOK_DISK_CONTROLLER, _vmwareMgr.getRootDiskController());
             }
         }
-        
+
+        List<NicProfile> nicProfiles = vm.getNics();
+
+        for(NicProfile nicProfile : nicProfiles) {
+            if(nicProfile.getTrafficType() == TrafficType.Guest) {
+                if(_networkMgr.isProviderSupportServiceInNetwork(nicProfile.getNetworkId(), Service.Firewall, Provider.CiscoVnmc)) {
+                    details.put("ConfigureVServiceInNexus", Boolean.TRUE.toString());
+                }
+                break;
+            }
+        }
+
         to.setDetails(details);
 
         if(vm.getVirtualMachine() instanceof DomainRouterVO) {
-            List<NicProfile> nicProfiles = vm.getNics();
-            NicProfile publicNicProfile = null;
 
+            NicProfile publicNicProfile = null;
             for(NicProfile nicProfile : nicProfiles) {
                 if(nicProfile.getTrafficType() == TrafficType.Public) {
                     publicNicProfile = nicProfile;
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
index b2e37685d17..eb09af0d67e 100755
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
@@ -317,8 +317,7 @@ public class VmwareManagerImpl extends ManagerBase implements VmwareManager, Vmw
         }
 
         s_logger.info("Preparing network on host " + hostMo.getContext().toString() + " for " + privateTrafficLabel);
-            HypervisorHostHelper.prepareNetwork(vSwitchName, "cloud.private", hostMo, vlanId, null, null, 180000, false);
-
+        HypervisorHostHelper.prepareNetwork(vSwitchName, "cloud.private", hostMo, vlanId, null, null, 180000, false);
     }
 
     @Override
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
index f569595b8b0..3dc23ccb060 100755
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
@@ -1329,7 +1329,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
 
             NicTO nicTo = cmd.getNic();
             VirtualDevice nic;
-            Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo);
+            Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo, false);
             if (VmwareHelper.isDvPortGroup(networkInfo.first())) {
                 String dvSwitchUuid;
                 ManagedObjectReference dcMor = hyperHost.getHyperHostDatacenter();
@@ -1571,7 +1571,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
                     vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, true);
         } else {
             networkInfo = HypervisorHostHelper.prepareNetwork(this._publicTrafficInfo.getVirtualSwitchName(), "cloud.public",
-                    vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, vSwitchType, _portsPerDvPortGroup);
+                    vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, vSwitchType, _portsPerDvPortGroup, null, false);
         }
 
         int nicIndex = allocPublicNicIndex(vmMo);
@@ -2304,7 +2304,8 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
             for (NicTO nicTo : sortNicsByDeviceId(nics)) {
                 s_logger.info("Prepare NIC device based on NicTO: " + _gson.toJson(nicTo));
 
-                Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo);
+                boolean configureVServiceInNexus = (nicTo.getType() == TrafficType.Guest) && (vmSpec.getDetails().containsKey("ConfigureVServiceInNexus"));
+                Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo, configureVServiceInNexus);
                 if (VmwareHelper.isDvPortGroup(networkInfo.first())) {
                     String dvSwitchUuid;
                     ManagedObjectReference dcMor = hyperHost.getHyperHostDatacenter();
@@ -2504,7 +2505,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
         return defaultVlan;
     }
 
-    private Pair<ManagedObjectReference, String> prepareNetworkFromNicInfo(HostMO hostMo, NicTO nicTo) throws Exception {
+    private Pair<ManagedObjectReference, String> prepareNetworkFromNicInfo(HostMO hostMo, NicTO nicTo, boolean configureVServiceInNexus) throws Exception {
         Pair<String, String> switchName;
         TrafficType trafficType;
         VirtualSwitchType switchType;
@@ -2534,7 +2535,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
         }
         else {
             networkInfo = HypervisorHostHelper.prepareNetwork(switchName.first(), namePrefix, hostMo, getVlanInfo(nicTo, switchName.second()),
-                    nicTo.getNetworkRateMbps(), nicTo.getNetworkRateMulticastMbps(), _ops_timeout, switchType, _portsPerDvPortGroup);
+                    nicTo.getNetworkRateMbps(), nicTo.getNetworkRateMulticastMbps(), _ops_timeout, switchType, _portsPerDvPortGroup, nicTo.getGateway(), configureVServiceInNexus);
         }
 
         return networkInfo;
@@ -3024,7 +3025,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
             NicTO[] nics = vm.getNics();
             for (NicTO nic : nics) {
                 // prepare network on the host
-                prepareNetworkFromNicInfo(new HostMO(getServiceContext(), _morHyperHost), nic);
+                prepareNetworkFromNicInfo(new HostMO(getServiceContext(), _morHyperHost), nic, false);
             }
 
             String secStoreUrl = mgr.getSecondaryStorageStoreUrl(Long.parseLong(_dcId));
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
new file mode 100644
index 00000000000..1ac6bd8d8c9
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -0,0 +1,42 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>cloud-plugin-network-cisco-vnmc</artifactId>
+  <name>Apache CloudStack Plugin - Cisco VNMC</name>
+  <parent>
+    <groupId>org.apache.cloudstack</groupId>
+    <artifactId>cloudstack-plugins</artifactId>
+    <version>4.2.0-SNAPSHOT</version>
+    <relativePath>../../pom.xml</relativePath>
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.cloudstack</groupId>
+      <artifactId>cloud-plugin-hypervisor-vmware</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cloudstack</groupId>
+      <artifactId>cloud-vmware-base</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml
new file mode 100644
index 00000000000..b0249db741b
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml
@@ -0,0 +1,34 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <fwResourceBinding
+      assignedToDn="%fwdn%"
+      dn="%binddn%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
+
+<!--
+    assignedToDn="fw/inst-1007"
+    dn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD/binding"
+-->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
new file mode 100755
index 00000000000..e3113ae22c7
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
@@ -0,0 +1,37 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos 
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%espdn%">
+      <policyVirtualNetworkEdgeProfile
+        connTimeoutRef=""
+        descr="%descr%"
+        dn="%espdn%"
+        egressAclPsetRef="%egresspolicysetname%"
+        ingressAclPsetRef="%ingresspolicysetname%"
+        inspectRef=""
+        name="%name%"
+        natPsetRef="%natpolicysetname%"
+        status="modified"
+        vpnRef=""/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml
new file mode 100644
index 00000000000..e866f51e366
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml
@@ -0,0 +1,34 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%dhcpdn%">
+      <policyDhcpPolicyAssoc
+        dn="%dhcpdn%"
+        interfaceName="%insideintf%"
+        policyRef=""
+        status="created"
+        type="server"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
+
+<!--dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile/dhcp-Edge_Inside"-->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml
new file mode 100644
index 00000000000..930e4ec77a2
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml
@@ -0,0 +1,32 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%dhcpdn%">
+      <policyDhcpPolicyAssoc
+        dn="%dhcpdn%"
+        interfaceName="%insideintf%"
+        policyRef="%dhcpserverpolicyname%"
+        status="modified"
+        type="server"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
new file mode 100644
index 00000000000..6d67c31c5d6
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
@@ -0,0 +1,35 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%espdn%">
+      <policyVirtualNetworkEdgeProfile
+        connTimeoutRef=""
+        descr="%descr%"
+        dn="%espdn%"
+        inspectRef=""
+        name="%name%"
+        natPsetRef="%natpolicysetname%"
+        status="modified"
+        vpnRef=""/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
new file mode 100644
index 00000000000..8884a1b9686
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <policyEdgeDeviceServiceProfile
+      addrTranslationTimeout="10800"
+      dn="%dn%"
+      ipAudit=""
+      name="%name%"
+      routing="%routepolicyname%"
+      status="modified"
+      vpn=""/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
new file mode 100755
index 00000000000..c534c327194
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
@@ -0,0 +1,38 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+
+  <inConfigs>
+    <pair key="%aclpolicyrefdn%">
+      <policyPolicyNameRef
+        dn="%aclpolicyrefdn%"
+        order="%order%"
+        policyName="%aclpolicyname%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclpolicyrefdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-Ingress-ACL-Policy-Set-vlan-123/polref-aaa"
+    aclpolicyname="aaa"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
new file mode 100755
index 00000000000..b475d2ca564
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
@@ -0,0 +1,36 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%aclpolicysetdn%">
+      <policyPolicySet
+        descr="%descr%"
+        dn="%aclpolicysetdn%"
+        name="%aclpolicysetname%"
+        status="created"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclpolicysetdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo"
+    aclpolicysetname="foo"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml
new file mode 100755
index 00000000000..e71cd429858
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml
@@ -0,0 +1,35 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfig>
+      <policyRuleBasedPolicy
+        descr=""
+        dn="%aclpolicydn%"
+        name="%aclpolicyname%"
+        status="created"/>
+    </inConfig>
+</configConfMo>
+
+<!--
+    aclpolicydn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy"
+    aclpolicyname="test_policy"
+--!>
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml
new file mode 100755
index 00000000000..5b6aaa3f59b
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml
@@ -0,0 +1,82 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    ip="public ip at destination"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml
new file mode 100755
index 00000000000..1a1d9cbf3e2
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml
@@ -0,0 +1,156 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%startport%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%endport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue="TCP" or "UDP"
+    ip="public ip at destination"
+    startport="start port at destination"
+    endport="end port at destination"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml
new file mode 100644
index 00000000000..5bb4abcd8e1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml
@@ -0,0 +1,72 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%dhcpserverdn%">
+      <policyDhcpServerPolicy
+        descr="%dhcpserverdescr%"
+        dn="%dhcpserverdn%"
+        dnsDomainRef=""
+        leaseTime="1036799"
+        name="%dhcpservername%"
+        pingTimeout="50"
+        status="created"/>
+    </pair>
+
+    <pair key="%iprangedn%">
+      <policyIPAddressRange
+        dn="%iprangedn%"
+        endip="%endip%"
+        name="iprange"
+        startip="%startip%"
+        status="created"
+        subnet="%subnet%"/>
+    </pair>
+
+    <pair key="%dnsservicedn%">
+      <commDns
+        descr=""
+        dn="%dnsservicedn%"
+        domain="%domain%"
+        name="%dnsservicename%"
+        status="created"/>
+    </pair>
+
+    <pair key="%nameserverdn%">
+      <commDnsProvider
+        descr=""
+        dn="%nameserverdn%"
+        hostip="%nameserverip%"
+        order="100"
+        status="created"/>
+    </pair>
+
+  </inConfigs>  
+</configConfMos> 
+  
+<!--
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy" 
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/ip-range-iprange" 
+    "org-root/org-TenantC/org-VDC-TenantC/dhcp-server-TenantC-Dhcp-Policy/ip-range-iprange"
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/dns-svc-Tenant3-DNS" 
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/dns-svc-Tenant3-DNS/dns-8.8.8.8" 
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
new file mode 100755
index 00000000000..bd8dbff6d32
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
@@ -0,0 +1,91 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%natruledn%"
+        name="%natrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/nat-action">
+      <natpolicyNatAction
+        actionType="static"
+        destTranslatedIpPool="%ippoolname%"
+        destTranslatedPortPool=""
+        dn="%natruledn%/nat-action"
+        id="0"
+        isBidirectionalEnabled="yes"
+        isDnsEnabled="no"
+        isNoProxyArpEnabled="no"
+        isRoundRobinIpEnabled="no"
+        srcTranslatedIpPatPool=""
+        srcTranslatedIpPool=""
+        srcTranslatedPortPool=""
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natruledn="org-root/org-vlan-123/org-VDC-vlan-123/natpol-aaa/rule-bbb"
+    natrulename="bbb"
+    descr=value
+    ippoolname="ccc"
+    ip="10.147.30.230"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
new file mode 100644
index 00000000000..c4bdd026186
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
@@ -0,0 +1,32 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <policyEdgeDeviceServiceProfile
+      addrTranslationTimeout="10800"
+      descr="%descr%"
+      dn="%dn%"
+      name="%name%"
+      status="created"
+      vpn=""/>
+  </inConfig>
+</configConfMo>
+<!-- dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" -->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
new file mode 100644
index 00000000000..69f4a5f7bfd
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <routeRoutingPolicy
+      descr="%descr%"
+      dn="%routepolicydn%"
+      name="%name%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
new file mode 100644
index 00000000000..126c188f979
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
@@ -0,0 +1,35 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%routepolicydn%/sroute-2">
+      <routeStaticRoute
+        dn="%routepolicydn%/sroute-2"
+        id="2"
+        ipAddress="%destination%"
+        ipSubnet="%netmask%"
+        nextHopGWIp="%nexthop%"
+        nextHopIntf="%nexthopintf%"
+        routeMetric="1"
+        status="created"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
new file mode 100644
index 00000000000..e5447e39e63
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
@@ -0,0 +1,89 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+      <pair key="%edgefwdn%" >
+        <fwEdgeFirewall
+          haMode="standalone"
+          descr="%edgefwdescr%"
+          dn="%edgefwdn%"
+          name="%edgefwname%"
+          status="created"/>
+      </pair>
+
+      <pair key="%insideintfdn%">
+        <fwDataInterface
+          descr="ASA Inside Interface"
+          dn="%insideintfdn%"
+          ipAddressPrimary="%insideip%"
+          ipAddressSecondary="0.0.0.0"
+          ipSubnet="%insidesubnet%"
+          isIpViaDHCP="no"
+          name="%insideintfname%"
+          role="inside"
+          status="created"/>
+      </pair>
+
+      <pair key="%outsideintfdn%">
+        <fwDataInterface
+          descr="ASA Outside interface "
+          dn="%outsideintfdn%"
+          ipAddressPrimary="%publicip%"
+          ipAddressSecondary="0.0.0.0"
+          ipSubnet="%outsidesubnet%"
+          isIpViaDHCP="no"
+          name="%outsideintfname%"
+          role="outside"
+          status="created"/>
+      </pair>
+
+      <pair key="%outsideintfsp%" >
+        <logicalInterfaceServiceProfileAssociation
+          descr=""
+          dn="%outsideintfsp%"
+          name=""
+          profileRef="%secprofileref%"
+          status="created"/>
+      </pair>
+
+      <pair key="%deviceserviceprofiledn%" >
+        <logicalDeviceServiceProfileAssociation
+          descr=""
+          dn="%deviceserviceprofiledn%"
+          name=""
+          profileRef="%deviceserviceprofile%"
+          status="created"/>
+      </pair>
+    </inConfigs>
+</configConfMos>
+  
+<!--
+    edgefwdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD"
+    insideintfdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD/interface-Edge_Inside"
+    descr="%edgefwdescr%"
+    ipAddressPrimary="%insideip%"
+    ipSubnet="%insidesubnet%"
+    name="%insideintfname%"
+    outsideintfdn="%outsideintfdn%"
+    ipAddressPrimary="%publicip%"
+    ipSubnet="%outsidesubnet%"
+    name="%outsideintfname%
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
new file mode 100644
index 00000000000..e2f5eaf0686
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
@@ -0,0 +1,41 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <policyVirtualNetworkEdgeProfile
+      descr="%descr%"
+      dn="%espdn%"
+      egressAclPsetRef="%egressref%"
+      ingressAclPsetRef="%ingressref%"
+      name="%name%"
+      status="created"
+      vpnRef=""/>
+  </inConfig>
+</configConfMo>
+
+<!--
+    descr="Edge Security Profile for Tenant3"
+    dn="org-root/org-TestTenant3/org-Tenant3-VDC/vnep-Tenant3-ESSP"
+    egressAclPsetRef="default-egress"
+    ingressAclPsetRef="default-ingress"
+    name="Tenant3-ESSP"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
new file mode 100755
index 00000000000..930272ed8ee
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
@@ -0,0 +1,201 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%sourceip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-5">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-5"
+        id="5"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-5/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartport%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP"
+    deststartip="destination start ip"
+    destendip="destination end ip"
+    sourcestartport="start port at source"
+    sourceendport="end port at source"
+    sourceip="source ip"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
new file mode 100755
index 00000000000..92c25043dad
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
@@ -0,0 +1,122 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP" or "ICMP"
+    deststartip="destination start ip"
+    destendip="destination end ip"
+    sourceip="source ip"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
new file mode 100755
index 00000000000..7c1164138bc
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
@@ -0,0 +1,121 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP" or "ICMP"
+    sourcestartip = "source start IP"
+    sourceendip = "source end IP"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
new file mode 100755
index 00000000000..1af30b44416
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@@ -0,0 +1,201 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%destip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-5">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-5"
+        id="5"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-5/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartport%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP"
+    sourcestartip="source start ip"
+    sourceendip="source end ip"
+    deststartport="start port at destination"
+    destendport="end port at destination"
+    destip="destination ip"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml
new file mode 100755
index 00000000000..4cf0451c33d
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml
@@ -0,0 +1,58 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%ippooldn%">
+      <policyObjectGroup
+        descr="%descr%"
+        dn="%ippooldn%"
+        name="%ippoolname%"
+        status="created"/>
+    </pair>
+    <pair key="%ippooldn%/objgrp-expr-2">
+      <policyObjectGroupExpression
+        dn="%ippooldn%/objgrp-expr-2"
+        id="2"
+        opr="eq"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%ippooldn%/objgrp-expr-2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%ippooldn%/objgrp-expr-2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ipvalue%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    ippooldn="org-root/org-vlan-123/org-VDC-vlan-123/objgrp-ccc"
+    ippoolname="ccc"
+    ipvalue="10.1.1.20"
+--!>
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml
new file mode 100755
index 00000000000..450d40c9d6d
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml
@@ -0,0 +1,38 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos 
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natpolicyrefdn%" >
+      <policyPolicyNameRef
+        dn="%natpolicyrefdn%"
+        order="%order%"
+        policyName="%natpolicyname%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natpolicyrefdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set/polref-Source-NAT-Policy-TenantD"
+    natpolicyname="Source-NAT-Policy-TenantD"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
new file mode 100644
index 00000000000..090caf15cb4
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
@@ -0,0 +1,37 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%natpolicysetdn%">
+      <natpolicyNatPolicySet
+        adminState="enabled"
+        descr="%descr%"
+        dn="%natpolicysetdn%"
+        name="%natpolicysetname%"
+        status="created"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natpolicysetdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set"
+    natpolicysetname="Source-NAT-Policy-Set-TenantD"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml
new file mode 100755
index 00000000000..0b556f42a84
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natpolicydn%">
+      <natpolicyNatRuleBasedPolicy
+        descr=""
+        dn="%natpolicydn%"
+        name="%natpolicyname%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
new file mode 100755
index 00000000000..a8a631f5d7f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
@@ -0,0 +1,166 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%natruledn%"
+        name="%natrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/nat-action">
+      <natpolicyNatAction
+        actionType="static"
+        destTranslatedIpPool="%ippoolname%"
+        destTranslatedPortPool="%portpoolname%"
+        dn="%natruledn%/nat-action"
+        id="0"
+        isBidirectionalEnabled="yes"
+        isDnsEnabled="no"
+        isNoProxyArpEnabled="no"
+        isRoundRobinIpEnabled="no"
+        srcTranslatedIpPatPool=""
+        srcTranslatedIpPool=""
+        srcTranslatedPortPool=""
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%startport%"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%endport%"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natruledn="org-root/org-vlan-123/org-VDC-vlan-123/natpol-aaa/rule-bbb"
+    natrulename="bbb"
+    descr=value
+    ippoolname="ccc"
+    portpoolname="ddd"
+    ip="10.147.30.230"
+    startport="22"
+    endport="22"
+    protocolvalue="TCP"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml
new file mode 100755
index 00000000000..e1b7be024f7
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml
@@ -0,0 +1,72 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%portpooldn%">
+      <policyObjectGroup
+        descr="%descr%"
+        dn="%portpooldn%"
+        name="%portpoolname%"
+        status="created"/>
+    </pair>
+    <pair key="%portpooldn%/objgrp-expr-2">
+      <policyObjectGroupExpression
+        dn="%portpooldn%/objgrp-expr-2"
+        id="2"
+        opr="range"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%portpooldn%/objgrp-expr-2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%portpooldn%/objgrp-expr-2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%startport%"/>
+    </pair>
+    <pair key="%portpooldn%/objgrp-expr-2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%portpooldn%/objgrp-expr-2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%endport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    portpooldn="org-root/org-vlan-123/org-VDC-vlan-123/objgrp-ddd"
+    portpoolname="ddd"
+    startport="22"
+    endport="22"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
new file mode 100644
index 00000000000..2ad1e8798a5
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
@@ -0,0 +1,58 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%snatpoolexprdn%" >
+      <policyObjectGroupExpression
+        dn="%snatpoolexprdn%" 
+        opr="eq"
+        order="unspecified"
+        status="created"/>
+    </pair>
+
+    <pair key="%publicipdn%" >
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%publicipdn%"
+        name=""
+        placement="none"
+        status="created"
+        value="%publicip%"/>
+    </pair>
+
+    <pair key="%snatpooldn%">
+      <policyObjectGroup
+        descr="%descr%"
+        dn="%snatpooldn%"
+        name="%name%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    snatpoolexprdn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2"
+    publicipdn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2/nw-ip-2"
+    snatpooldn= "org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3"
+    value="10.223.136.10"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
new file mode 100644
index 00000000000..a3ee9875e19
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
@@ -0,0 +1,103 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos 
+  cookie="%cookie%" 
+  inHierarchical="false">
+    <inConfigs>
+
+      <pair key="%natruledn%">
+        <policyRule
+          descr="%descr%"
+          dn="%natruledn%"
+          name="%natrulename%"
+          order="%order%"
+          status="created"/>
+      </pair>
+
+      <pair key="%natruledn%/nat-action">
+        <natpolicyNatAction
+          actionType="static"
+          destTranslatedIpPool=""
+          destTranslatedPortPool=""
+          dn="%natruledn%/nat-action"
+          id="0"
+          isBidirectionalEnabled="yes"
+          isDnsEnabled="yes"
+          isNoProxyArpEnabled="no"
+          isRoundRobinIpEnabled="no"
+          srcTranslatedIpPatPool=""
+          srcTranslatedIpPool="%ippoolname%"
+          srcTranslatedPortPool=""
+          status="created"/>
+      </pair>
+
+      <pair key="%natruledn%/rule-cond-2">
+        <policyRuleCondition
+          dn="%natruledn%/rule-cond-2"
+          id="2"
+          order="unspecified"
+          status="created"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2">
+        <policyNetworkExpression
+          dn="%natruledn%/rule-cond-2/nw-expr2" 
+          id="2"
+          opr="range"
+          status="created"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+        <policyNwAttrQualifier
+          attrEp="source"
+          dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+          status="created"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+        <policyIPAddress
+          dataType="string"
+          descr=""
+          dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+          id="2"
+          name=""
+          placement="begin"
+          status="created"
+          value="%srcstartip%"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-3">
+        <policyIPAddress
+          dataType="string"
+          descr=""
+          dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-3"
+          id="3"
+          name=""
+          placement="end"
+          status="created"
+          value="%srcendip%"/>
+      </pair>
+
+    </inConfigs>
+</configConfMos>
+
+<!--
+    natruledn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule"
+    natrulename="Source-NAT-Policy-Rule"
+    descr="Source NAT Policy Rule for Tenant3"
+    ippoolname=value
+    srcstartip=value
+    srcendip=value
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml
new file mode 100644
index 00000000000..085b7a2e533
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml
@@ -0,0 +1,29 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <orgTenant
+      descr="%descr%"
+      dn="%dn%"
+      name="%name%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml
new file mode 100644
index 00000000000..4cb805ecf7e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <orgDatacenter
+      descr="%descr%"
+      dn="%dn%"
+      name="%name%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml
new file mode 100755
index 00000000000..2c5578659c7
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%aclpolicysetdn%">
+      <policyPolicySet
+        dn="%aclpolicysetdn%"
+        name="%aclpolicysetname%"
+        status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml
new file mode 100755
index 00000000000..b1a27650419
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+
+      <pair key="%aclpolicydn%">
+        <policyRuleBasedPolicy
+          descr=""
+          dn="%aclpolicydn%"
+          name="%aclpolicyname%"
+          status="deleted,modified"/>
+      </pair>
+
+    </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml
new file mode 100755
index 00000000000..992d6a1ab62
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%edgefwdn%">
+      <fwEdgeFirewall
+        dn="%edgefwdn%"
+        name="%edgefwname%"
+        status="deleted"/>
+      </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml
new file mode 100755
index 00000000000..f394fe91d9e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml
@@ -0,0 +1,38 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%espdn%">
+      <policyVirtualNetworkEdgeProfile
+        connTimeoutRef=""
+        dn="%espdn%"
+        egressAclPsetRef=""
+        ingressAclPsetRef=""
+        inspectRef=""
+        ipAuditRef=""
+        name="%name%"
+        natPsetRef=""
+        status="deleted,modified"
+        tcpInterceptRef=""
+        vpnRef=""/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml
new file mode 100755
index 00000000000..3f4c08d747f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%natpolicysetdn%">
+      <natpolicyNatPolicySet
+        dn="%natpolicysetdn%"
+        name="%natpolicysetname%"
+        status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml
new file mode 100755
index 00000000000..6c3ed7b9f48
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+
+      <pair key="%natpolicydn%">
+        <natpolicyNatRuleBasedPolicy
+          descr=""
+          dn="%natpolicydn%"
+          name="%natpolicyname%"
+          status="deleted,modified"/>
+      </pair>
+
+    </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
new file mode 100755
index 00000000000..e56e9190496
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%ruledn%">
+      <policyRule
+        descr=""
+        dn="%ruledn%"
+        name="%rulename%"
+        status="deleted"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml
new file mode 100755
index 00000000000..05bef9a2906
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%dn%">
+      <orgTenant
+        dn="%dn%"
+        name="%name%"
+        status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml
new file mode 100755
index 00000000000..fbc2312c208
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+  <pair key="%dn%">
+    <orgDatacenter
+      dn="%dn%"
+      name="%name%"
+      status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml
new file mode 100755
index 00000000000..448b65f0d53
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%binddn%">
+      <fwResourceBinding
+        assignedToDn="%fwdn%"
+        dn="%binddn%"
+        status="deleted"/>
+      </pair>
+    </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
new file mode 100755
index 00000000000..aec800e9f4a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<orgResolveInScope
+  dn="%vdcdn%"
+  cookie="%cookie%"
+  inClass="policyRuleBasedPolicy"
+  inSingleLevel="false"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</orgResolveInScope>
+
+<!--
+    vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
new file mode 100755
index 00000000000..f272999a76c
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
@@ -0,0 +1,27 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configResolveChildren
+  cookie="%cookie%"
+  inDn="%dn%"
+  inHierarchical="true">
+  <inFilter>
+  </inFilter>
+</configResolveChildren>
+
+<!--dn="org-root/org-vlan-517/org-VDC-vlan-517/natpol-DNAT-vlan-517-10-147-30-235"--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml
new file mode 100755
index 00000000000..720ced06d8a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<orgResolveInScope
+  dn="%vdcdn%"
+  cookie="%cookie%"
+  inClass="natpolicyNatRuleBasedPolicy"
+  inSingleLevel="false"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</orgResolveInScope>
+
+<!--
+    vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml
new file mode 100755
index 00000000000..c53af90369d
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<orgResolveInScope
+  dn="%vdcdn%"
+  cookie="%cookie%"
+  inClass="policyPolicyNameRef"
+  inSingleLevel="false"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</orgResolveInScope>
+
+<!--
+    vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml
new file mode 100644
index 00000000000..63ae848b3e1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml
@@ -0,0 +1,26 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configResolveChildren
+  cookie="%cookie%"
+  classId="orgTenant"
+  inDn="org-root"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</configResolveChildren>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml
new file mode 100644
index 00000000000..539f330da8a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml
@@ -0,0 +1,39 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configResolveChildren
+  cookie="%cookie%"
+  classId="fwInstance"
+  inDn="fw"
+  inHierarchical="false">
+  <inFilter>
+    <and>
+      <eq class="fwInstance" property="capability" value="infra-fw"/>
+      <eq class="fwInstance" property="assoc" value="none"/>
+    </and>
+  </inFilter>
+</configResolveChildren>
+
+<!-- resource-mgr -->
+<!--
+<configResolveChildren cookie="1349366974/592be573-8a27-48d3-aab1-cf6cb94f23ab" commCookie="5/12/0/1cae" srcExtSys="10.223.56.5" destExtSys="10.223.56.5" srcSvc="sam_extXMLApi" destSvc="resource-mgr_dme" response="yes" classId="fwInstance">
+  <outConfigs>
+    <fwInstance assignedToDn="" assoc="none" capability="infra-fw" descr="" dn="fw/inst-1007" fltAggr="0" fsmDescr="" fsmPrev="DisassociateSuccess" fsmProgr="100" fsmRmtInvErrCode="none" fsmRmtInvErrDescr="" fsmRmtInvRslt="" fsmStageDescr="" fsmStamp="2012-10-04T16:07:40.110" fsmStatus="nop" fsmTry="0" intId="11818" mgmtIp="10.223.56.7" model="" name="ASA 1000V" pooled="0" registeredClientDn="extpol/reg/clients/client-1007" revision="0" serial="" svcId="1007" vendor=""/>
+  </outConfigs>
+</configResolveChildren>
+-->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml
new file mode 100644
index 00000000000..8e1c435ea15
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="us-ascii"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<aaaLogin inName="%username%" inPassword="%password%" />
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java
new file mode 100755
index 00000000000..a438cbc0e59
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java
@@ -0,0 +1,53 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+/**
+ * Associates an ASA 1000v appliance with logical edge firewall in VNMC
+ */
+public class AssociateAsaWithLogicalEdgeFirewallCommand extends Command {
+    private long _vlanId;
+    private String _asaMgmtIp;
+
+    public AssociateAsaWithLogicalEdgeFirewallCommand(long vlanId, String asaMgmtIp) {
+        super();
+        this._vlanId = vlanId;
+        this._asaMgmtIp = asaMgmtIp;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long vlanId) {
+        this._vlanId = vlanId;
+    }
+
+    public String getAsaMgmtIp() {
+        return _asaMgmtIp;
+    }
+
+    public void setAsaMgmtIp(String asaMgmtIp) {
+        this._asaMgmtIp = asaMgmtIp;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java
new file mode 100755
index 00000000000..c9f7f8c4c83
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java
@@ -0,0 +1,43 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+/**
+ * Command for cleaning up logical edge firewall in VNMC
+ */
+public class CleanupLogicalEdgeFirewallCommand extends Command {
+    private long _vlanId;
+
+    public CleanupLogicalEdgeFirewallCommand(long vlanId) {
+        super();
+        this._vlanId = vlanId;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long vlanId) {
+        this._vlanId = vlanId;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
new file mode 100755
index 00000000000..b20ad1f2df6
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
@@ -0,0 +1,95 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+/**
+ * Command for configuring n1kv VSM for asa1kv device. It does the following in VSM:
+ * a. creating vservice node for asa1kv
+ * b. updating vlan of inside port profile associated with asa1kv
+ */
+public class ConfigureNexusVsmForAsaCommand extends Command {
+    private long _vlanId;
+    private String _ipAddress;
+    private String _vsmUsername;
+    private String _vsmPassword;
+    private String _vsmIp;
+    private String _asaInPortProfile;
+
+    public ConfigureNexusVsmForAsaCommand(long vlanId, String ipAddress,
+            String vsmUsername, String vsmPassword, String vsmIp, String asaInPortProfile) {
+        super();
+        this._vlanId = vlanId;
+        this._ipAddress = ipAddress;
+        this._vsmUsername = vsmUsername;
+        this._vsmPassword = vsmPassword;
+        this._vsmIp = vsmIp;
+        this._asaInPortProfile = asaInPortProfile;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long _vlanId) {
+        this._vlanId = _vlanId;
+    }
+
+    public String getIpAddress() {
+        return _ipAddress;
+    }
+
+    public void setIpAddress(String _ipAddress) {
+        this._ipAddress = _ipAddress;
+    }
+
+    public String getVsmUsername() {
+        return _vsmUsername;
+    }
+
+    public void setVsmUsername(String _vsmUsername) {
+        this._vsmUsername = _vsmUsername;
+    }
+
+    public String getVsmPassword() {
+        return _vsmPassword;
+    }
+
+    public void setVsmPassword(String _vsmPassword) {
+        this._vsmPassword = _vsmPassword;
+    }
+
+    public String getVsmIp() {
+        return _vsmIp;
+    }
+
+    public void setVsmIp(String _vsmIp) {
+        this._vsmIp = _vsmIp;
+    }
+
+    public String getAsaInPortProfile() {
+        return _asaInPortProfile;
+    }
+
+    public void setAsaInPortProfile(String _asaInPortProfile) {
+        this._asaInPortProfile = _asaInPortProfile;
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
new file mode 100755
index 00000000000..def8225acf1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
@@ -0,0 +1,94 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Command for creating a logical edge firewall in VNMC
+ */
+public class CreateLogicalEdgeFirewallCommand extends Command {
+    private long _vlanId;
+    private String _publicIp;
+    private String _internalIp;
+    private String _publicSubnet;
+    private String _internalSubnet;
+    private List<String> _publicGateways;
+
+    public CreateLogicalEdgeFirewallCommand(long vlanId,
+            String publicIp, String internalIp,
+            String publicSubnet, String internalSubnet) {
+        super();
+        this._vlanId = vlanId;
+        this._publicIp = publicIp;
+        this._internalIp = internalIp;
+        this._publicSubnet = publicSubnet;
+        this.setInternalSubnet(internalSubnet);
+        _publicGateways = new ArrayList<String>();
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long vlanId) {
+        this._vlanId = vlanId;
+    }
+
+    public String getPublicIp() {
+        return _publicIp;
+    }
+
+    public void setPublicIp(String publicIp) {
+        this._publicIp = publicIp;
+    }
+
+    public String getInternalIp() {
+        return _internalIp;
+    }
+
+    public void setInternalIp(String internalIp) {
+        this._internalIp = internalIp;
+    }
+
+    public String getPublicSubnet() {
+        return _publicSubnet;
+    }
+
+    public void setPublicSubnet(String publicSubnet) {
+        this._publicSubnet = publicSubnet;
+    }
+
+    public String getInternalSubnet() {
+        return _internalSubnet;
+    }
+
+    public void setInternalSubnet(String _internalSubnet) {
+        this._internalSubnet = _internalSubnet;
+    }
+
+    public List<String> getPublicGateways() {
+        return _publicGateways;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java
new file mode 100755
index 00000000000..c880199f5c4
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java
@@ -0,0 +1,116 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ClusterResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.element.CiscoAsa1000vService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="addCiscoAsa1000vResource", responseObject=CiscoAsa1000vResourceResponse.class, description="Adds a Cisco Asa 1000v appliance")
+public class AddCiscoAsa1000vResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(AddCiscoAsa1000vResourceCmd.class.getName());
+    private static final String s_name = "addCiscoAsa1000vResource";
+    @Inject CiscoAsa1000vService _ciscoAsa1000vService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, required=true, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, required = true, description="Hostname or ip address of the Cisco ASA 1000v appliance.")
+    private String host;
+
+    @Parameter(name=ApiConstants.ASA_INSIDE_PORT_PROFILE, type=CommandType.STRING, required = true, description="Nexus port profile associated with inside interface of ASA 1000v")
+    private String inPortProfile;
+
+    @Parameter(name=ApiConstants.CLUSTER_ID, type=CommandType.UUID, entityType = ClusterResponse.class, required=true, description="the Cluster ID")
+    private Long clusterId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getManagementIp() {
+        return host;
+    }
+
+    public String getInPortProfile() {
+        return inPortProfile;
+    }
+
+    public Long getClusterId() {
+        return clusterId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            CiscoAsa1000vDevice ciscoAsa1000v = _ciscoAsa1000vService.addCiscoAsa1000vResource(this);
+            if (ciscoAsa1000v != null) {
+                CiscoAsa1000vResourceResponse response = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000v);
+                response.setObjectName("CiscoAsa1000vResource");
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Cisco ASA 1000v appliance due to internal error.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java
new file mode 100644
index 00000000000..bfd6db95434
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java
@@ -0,0 +1,115 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.element.CiscoVnmcElementService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="addCiscoVnmcResource", responseObject=CiscoVnmcResourceResponse.class, description="Adds a Cisco Vnmc Controller")
+public class AddCiscoVnmcResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(AddCiscoVnmcResourceCmd.class.getName());
+    private static final String s_name = "addCiscoVnmcResource";
+    @Inject CiscoVnmcElementService _ciscoVnmcElementService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, required=true, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, required = true, description="Hostname or ip address of the Cisco VNMC Controller.")
+    private String host;
+
+    @Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, required = true, description="Credentials to access the Cisco VNMC Controller API")
+    private String username;
+
+    @Parameter(name=ApiConstants.PASSWORD, type=CommandType.STRING, required = true, description="Credentials to access the Cisco VNMC Controller API")
+    private String password;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getHost() {
+        return host;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            CiscoVnmcController CiscoVnmcResourceVO = _ciscoVnmcElementService.addCiscoVnmcResource(this);
+            if (CiscoVnmcResourceVO != null) {
+                CiscoVnmcResourceResponse response = _ciscoVnmcElementService.createCiscoVnmcResourceResponse(CiscoVnmcResourceVO);
+                response.setObjectName("CiscoVnmcResource");
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Cisco VNMC controller due to internal error.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java
new file mode 100755
index 00000000000..d4f86fa527a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java
@@ -0,0 +1,93 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.element.CiscoAsa1000vService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="deleteCiscoAsa1000vResource", responseObject=SuccessResponse.class, description="Deletes a Cisco ASA 1000v appliance")
+public class DeleteCiscoAsa1000vResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(DeleteCiscoAsa1000vResourceCmd.class.getName());
+    private static final String s_name = "deleteCiscoAsa1000vResource";
+    @Inject CiscoAsa1000vService _ciscoAsa1000vService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, required=true, entityType=CiscoAsa1000vResourceResponse.class, description="Cisco ASA 1000v resource ID")
+    private Long ciscoAsa1000vResourceId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoAsa1000vResourceId() {
+        return ciscoAsa1000vResourceId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            boolean result = _ciscoAsa1000vService.deleteCiscoAsa1000vResource(this);
+            if (result) {
+                SuccessResponse response = new SuccessResponse(getCommandName());
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete Cisco ASA 1000v appliance.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java
new file mode 100644
index 00000000000..d2a37202f0a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java
@@ -0,0 +1,93 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.element.CiscoVnmcElementService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="deleteCiscoVnmcResource", responseObject=SuccessResponse.class, description="Deletes a Cisco Vnmc controller")
+public class DeleteCiscoVnmcResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(DeleteCiscoVnmcResourceCmd.class.getName());
+    private static final String s_name = "deleteCiscoVnmcResource";
+    @Inject CiscoVnmcElementService _ciscoVnmcElementService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, required=true, entityType=CiscoVnmcResourceResponse.class, description="Cisco Vnmc resource ID")
+    private Long ciscoVnmcResourceId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoVnmcResourceId() {
+        return ciscoVnmcResourceId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            boolean result = _ciscoVnmcElementService.deleteCiscoVnmcResource(this);
+            if (result) {
+                SuccessResponse response = new SuccessResponse(getCommandName());
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete Cisco Vnmc resource.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java
new file mode 100755
index 00000000000..509d39fb5f9
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java
@@ -0,0 +1,110 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.network.element.CiscoAsa1000vService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="listCiscoAsa1000vResources", responseObject=CiscoAsa1000vResourceResponse.class, description="Lists Cisco ASA 1000v appliances")
+public class ListCiscoAsa1000vResourcesCmd extends BaseListCmd {
+    private static final Logger s_logger = Logger.getLogger(ListCiscoAsa1000vResourcesCmd.class.getName());
+    private static final String s_name = "listCiscoAsa1000vResources";
+    @Inject CiscoAsa1000vService _ciscoAsa1000vService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, entityType=CiscoAsa1000vResourceResponse.class, description="Cisco ASA 1000v resource ID")
+    private Long ciscoAsa1000vResourceId;
+
+    @Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, description="Hostname or ip address of the Cisco ASA 1000v appliance.")
+    private String host;
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoAsa1000vResourceId() {
+        return ciscoAsa1000vResourceId;
+    }
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getManagementIp() {
+        return host;
+    }
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            List<CiscoAsa1000vDeviceVO> ciscoAsa1000vDevices = _ciscoAsa1000vService.listCiscoAsa1000vResources(this);
+            ListResponse<CiscoAsa1000vResourceResponse> response = new ListResponse<CiscoAsa1000vResourceResponse>();
+            List<CiscoAsa1000vResourceResponse> ciscoAsa1000vResourcesResponse = new ArrayList<CiscoAsa1000vResourceResponse>();
+
+            if (ciscoAsa1000vDevices != null && !ciscoAsa1000vDevices.isEmpty()) {
+                for (CiscoAsa1000vDevice ciscoAsa1000vDeviceVO : ciscoAsa1000vDevices) {
+                    CiscoAsa1000vResourceResponse ciscoAsa1000vResourceResponse = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000vDeviceVO);
+                    ciscoAsa1000vResourcesResponse.add(ciscoAsa1000vResourceResponse);
+                }
+            }
+
+            response.setResponses(ciscoAsa1000vResourcesResponse);
+            response.setResponseName(getCommandName());
+            this.setResponseObject(response);
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java
new file mode 100644
index 00000000000..ab553ee94ac
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java
@@ -0,0 +1,106 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.network.element.CiscoVnmcElementService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="listCiscoVnmcResources", responseObject=CiscoVnmcResourceResponse.class, description="Lists Cisco VNMC controllers")
+public class ListCiscoVnmcResourcesCmd extends BaseListCmd {
+    private static final Logger s_logger = Logger.getLogger(ListCiscoVnmcResourcesCmd.class.getName());
+    private static final String s_name = "listCiscoVnmcResources";
+    @Inject CiscoVnmcElementService _ciscoVnmcElementService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID,  entityType=CiscoVnmcResourceResponse.class, description="Cisco VNMC resource ID")
+    private Long ciscoVnmcResourceId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoVnmcResourceId() {
+        return ciscoVnmcResourceId;
+    }
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            List<CiscoVnmcControllerVO> CiscoVnmcResources = _ciscoVnmcElementService.listCiscoVnmcResources(this);
+            ListResponse<CiscoVnmcResourceResponse> response = new ListResponse<CiscoVnmcResourceResponse>();
+            List<CiscoVnmcResourceResponse> CiscoVnmcResourcesResponse = new ArrayList<CiscoVnmcResourceResponse>();
+
+            if (CiscoVnmcResources != null && !CiscoVnmcResources.isEmpty()) {
+                for (CiscoVnmcController CiscoVnmcResourceVO : CiscoVnmcResources) {
+                    CiscoVnmcResourceResponse CiscoVnmcResourceResponse = _ciscoVnmcElementService.createCiscoVnmcResourceResponse(CiscoVnmcResourceVO);
+                    CiscoVnmcResourcesResponse.add(CiscoVnmcResourceResponse);
+                }
+            }
+
+            response.setResponses(CiscoVnmcResourcesResponse);
+            response.setResponseName(getCommandName());
+            this.setResponseObject(response);
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+    
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java
new file mode 100755
index 00000000000..9cd87da66a1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.response;
+
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.google.gson.annotations.SerializedName;
+
+@EntityReference(value = CiscoAsa1000vDevice.class)
+public class CiscoAsa1000vResourceResponse extends BaseResponse {
+    public static final String RESOURCE_NAME = "resourcename";
+
+    @SerializedName(ApiConstants.RESOURCE_ID) @Parameter(description="resource id of the Cisco ASA 1000v appliance")
+    private String id;
+
+    @SerializedName(ApiConstants.PHYSICAL_NETWORK_ID) 
+    @Parameter(description="the physical network to which this ASA 1000v belongs to", entityType = PhysicalNetworkResponse.class)
+    private Long physicalNetworkId ;
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    @SerializedName(ApiConstants.HOST_NAME)
+    @Parameter(description="management ip address of ASA 1000v")
+    private String managementIp;
+
+    public String getManagementIp() {
+        return managementIp;
+    }
+
+    @SerializedName(ApiConstants.ASA_INSIDE_PORT_PROFILE)
+    @Parameter(description="management ip address of ASA 1000v")
+    private String inPortProfile;
+
+    public String getInPortProfile() {
+        return inPortProfile;
+    }
+
+    @SerializedName(ApiConstants.NETWORK_ID)
+    @Parameter(description="the guest network to which ASA 1000v is associated", entityType = NetworkResponse.class)
+    private Long guestNetworkId;
+
+    public Long getGuestNetworkId() {
+        return guestNetworkId;
+    }
+
+    public void setId(String ciscoAsa1000vResourceId) {
+        this.id = ciscoAsa1000vResourceId;
+    }
+
+    public void setPhysicalNetworkId(Long physicalNetworkId) {
+        this.physicalNetworkId = physicalNetworkId;
+    }
+
+    public void setManagementIp(String managementIp) {
+        this.managementIp = managementIp;
+    }
+
+    public void setInPortProfile(String inPortProfile) {
+        this.inPortProfile = inPortProfile;
+    }     
+
+    public void setGuestNetworkId(Long guestNetworkId) {
+        this.guestNetworkId = guestNetworkId;
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java
new file mode 100644
index 00000000000..f5c9b727f8f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java
@@ -0,0 +1,75 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.response;
+
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.google.gson.annotations.SerializedName;
+@EntityReference(value = CiscoVnmcController.class)
+public class CiscoVnmcResourceResponse extends BaseResponse {
+    public static final String RESOURCE_NAME = "resourcename";
+
+    @SerializedName(ApiConstants.RESOURCE_ID)
+    @Parameter(description="resource id of the Cisco VNMC controller")
+    private String id;
+
+    @SerializedName(ApiConstants.PHYSICAL_NETWORK_ID) 
+    @Parameter(description="the physical network to which this VNMC belongs to", entityType = PhysicalNetworkResponse.class)
+    private Long physicalNetworkId;
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getProviderName() {
+        return providerName;
+    }
+
+    public String getResourceName() {
+        return resourceName;
+    }
+
+    @SerializedName(ApiConstants.PROVIDER) @Parameter(description="name of the provider")
+    private String providerName;
+
+    @SerializedName(RESOURCE_NAME) 
+    @Parameter(description="Cisco VNMC resource name")
+    private String resourceName;
+
+    public void setId(String ciscoVnmcResourceId) {
+        this.id = ciscoVnmcResourceId;
+    }
+
+    public void setPhysicalNetworkId(Long physicalNetworkId) {
+        this.physicalNetworkId = physicalNetworkId;
+    }
+
+    public void setProviderName(String providerName) {
+        this.providerName = providerName;
+    }
+
+    public void setResourceName(String resourceName) {
+        this.resourceName = resourceName;
+    }     
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java
new file mode 100755
index 00000000000..3c5f6827718
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java
@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.org.Grouping;
+
+public interface CiscoAsa1000vDevice extends Grouping, InternalIdentity, Identity {
+
+    long getId();
+
+    String getUuid();
+
+    void setUuid(String uuid);
+
+    long getPhysicalNetworkId();
+
+    String getManagementIp();
+
+    String getInPortProfile();
+
+    long getClusterId();
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java
new file mode 100755
index 00000000000..ba85fb105c8
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java
@@ -0,0 +1,101 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+@Entity
+@Table(name="external_cisco_asa1000v_devices")
+public class CiscoAsa1000vDeviceVO implements CiscoAsa1000vDevice {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name="id")
+    private long id;
+
+    @Column(name="uuid")
+    private String uuid;
+
+    @Column(name="physical_network_id")
+    private long physicalNetworkId;
+
+    @Column(name="management_ip")
+    private String managementIp;
+
+    @Column(name="in_Port_profile")
+    private String inPortProfile;
+
+    @Column(name="cluster_id")
+    private long clusterId;
+
+    public CiscoAsa1000vDeviceVO() {
+        this.uuid = UUID.randomUUID().toString();
+    }
+
+    public CiscoAsa1000vDeviceVO(long physicalNetworkId,
+            String managementIp, String inPortProfile, long clusterId) {
+        super();
+        this.physicalNetworkId = physicalNetworkId;
+        this.managementIp = managementIp;
+        this.inPortProfile = inPortProfile;
+        this.uuid = UUID.randomUUID().toString();
+        this.clusterId = clusterId;
+    }
+
+    @Override
+	public long getId() {
+        return id;
+    }
+
+    @Override
+	public String getUuid() {
+        return uuid;
+    }
+
+    @Override
+	public void setUuid(String uuid) {
+        this.uuid = uuid;
+    }
+
+    @Override
+	public long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    @Override
+	public String getManagementIp() {
+        return managementIp;
+    }
+
+    @Override
+	public String getInPortProfile() {
+        return inPortProfile;
+    }
+
+    @Override
+    public long getClusterId() {
+        return clusterId;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
new file mode 100644
index 00000000000..f137148ab48
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -0,0 +1,196 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.util.Map;
+
+import com.cloud.utils.exception.ExecutionException;
+
+public interface CiscoVnmcConnection {
+
+    public boolean createTenant(String tenantName) throws ExecutionException;
+
+    public boolean deleteTenant(String tenantName) throws ExecutionException;
+
+    public boolean createTenantVDC(String tenantName) throws ExecutionException;
+
+    public boolean deleteTenantVDC(String tenantName) throws ExecutionException;
+
+    public boolean createTenantVDCEdgeDeviceProfile(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEdgeStaticRoute(String tenantName,
+            String nextHopIp, String destination, String netmask) throws ExecutionException;
+
+    public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName)
+            throws ExecutionException;
+
+    public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName,
+            String intfName) throws ExecutionException;
+
+    public boolean createTenantVDCEdgeDhcpPolicy(String tenantName,
+            String startIp, String endIp, String subnet, String nameServerIp,
+            String domain) throws ExecutionException;
+
+    public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName,
+            String intfName) throws ExecutionException;
+
+    public boolean createTenantVDCEdgeSecurityProfile(String tenantName)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCEdgeSecurityProfile(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatIpPool(String tenantName, String identifier,
+            String publicIp) throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatRule(String tenantName, String identifier,
+            String startSourceIp, String endSourceIp) throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatPolicyRef(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCDNatIpPool(String tenantName, String identifier,
+            String ipAddress) throws ExecutionException;
+
+    public boolean createTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String publicIp)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCAclRuleForDNat(String tenantName,
+            String identifier, String policyIdentifier,
+            String ipAddress)
+            throws ExecutionException;
+
+    public boolean createTenantVDCDNatPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCDNatPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCDNatPolicyRef(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFPortPool(String tenantName, String identifier,
+            String startPort, String endPort)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFIpPool(String tenantName, String identifier,
+            String ipAddress) throws ExecutionException;
+
+    public boolean createTenantVDCPFRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String publicIp,
+            String startPort, String endPort)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCPFRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCAclRuleForPF(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String ipAddress,
+            String startPort, String endPort)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCPFPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCNatPolicySet(String tenantName)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCNatPolicySet(String tenantName)
+            throws ExecutionException;
+    
+    public boolean associateNatPolicySet(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destStartPort, String destEndPort, String destIp)
+            throws ExecutionException;
+
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp, String destIp)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
+            String destStartIp, String destEndIp)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceIp, String destStartIp, String destEndIp)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCAclRule(String tenantName,
+            String identifier, String policyIdentifier) throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicy(String tenantName,
+            String identifier) throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier,
+            boolean ingress) throws ExecutionException;
+
+    public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCAclPolicySet(String tenantName, boolean ingress)
+            throws ExecutionException;
+
+    public boolean associateAclPolicySet(String tenantName)
+            throws ExecutionException;
+
+    public boolean createEdgeFirewall(String tenantName, String publicIp,
+            String insideIp, String publicSubnet, String insideSubnet)
+            throws ExecutionException;
+
+    public boolean deleteEdgeFirewall(String tenantName) throws ExecutionException;
+
+    public Map<String, String> listUnAssocAsa1000v() throws ExecutionException;
+
+    public boolean assignAsa1000v(String tenantName, String firewallDn)
+            throws ExecutionException;
+
+    public boolean unassignAsa1000v(String tenantName, String firewallDn)
+            throws ExecutionException;
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
new file mode 100644
index 00000000000..527fb04698e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -0,0 +1,1415 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpStatus;
+import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.log4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+
+import com.cloud.utils.exception.ExecutionException;
+import com.cloud.utils.script.Script;
+
+public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
+
+    private String _ip;
+    private String _username;
+    private String _password;
+    private String _cookie;
+
+    private final Logger s_logger = Logger.getLogger(CiscoVnmcConnectionImpl.class);
+
+    private enum VnmcXml {
+        LOGIN("login.xml", "mgmt-controller"),
+
+        CREATE_TENANT("create-tenant.xml", "service-reg"),
+        DELETE_TENANT("delete-tenant.xml", "service-reg"),
+        CREATE_VDC("create-vdc.xml", "service-reg"),
+        DELETE_VDC("delete-vdc.xml", "service-reg"),
+
+        CREATE_EDGE_DEVICE_PROFILE("create-edge-device-profile.xml", "policy-mgr"),
+        CREATE_EDGE_ROUTE_POLICY("create-edge-device-route-policy.xml", "policy-mgr"),
+        CREATE_EDGE_ROUTE("create-edge-device-route.xml", "policy-mgr"),
+        RESOLVE_EDGE_ROUTE_POLICY("associate-route-policy.xml", "policy-mgr"),
+
+        CREATE_DHCP_POLICY("create-dhcp-policy.xml", "policy-mgr"),
+        RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"),
+        RESOLVE_EDGE_DHCP_SERVER_POLICY("associate-dhcp-server.xml", "policy-mgr"),
+
+        CREATE_EDGE_SECURITY_PROFILE("create-edge-security-profile.xml", "policy-mgr"),
+        DELETE_EDGE_SECURITY_PROFILE("delete-edge-security-profile.xml", "policy-mgr"),
+
+        CREATE_NAT_POLICY_SET("create-nat-policy-set.xml", "policy-mgr"),
+        DELETE_NAT_POLICY_SET("delete-nat-policy-set.xml", "policy-mgr"),
+        RESOLVE_NAT_POLICY_SET("associate-nat-policy-set.xml", "policy-mgr"),
+        CREATE_NAT_POLICY("create-nat-policy.xml", "policy-mgr"),
+        DELETE_NAT_POLICY("delete-nat-policy.xml", "policy-mgr"),
+        LIST_NAT_POLICIES("list-nat-policies.xml", "policy-mgr"),
+        CREATE_NAT_POLICY_REF("create-nat-policy-ref.xml", "policy-mgr"),
+        CREATE_PORT_POOL("create-port-pool.xml", "policy-mgr"),
+        CREATE_IP_POOL("create-ip-pool.xml", "policy-mgr"),
+
+        CREATE_PF_RULE("create-pf-rule.xml", "policy-mgr"),
+        CREATE_ACL_RULE_FOR_PF("create-acl-rule-for-pf.xml", "policy-mgr"),
+        CREATE_DNAT_RULE("create-dnat-rule.xml", "policy-mgr"),
+        CREATE_ACL_RULE_FOR_DNAT("create-acl-rule-for-dnat.xml", "policy-mgr"),
+        CREATE_SOURCE_NAT_RULE("create-source-nat-rule.xml", "policy-mgr"),
+
+        CREATE_ACL_POLICY_SET("create-acl-policy-set.xml", "policy-mgr"),
+        DELETE_ACL_POLICY_SET("delete-acl-policy-set.xml", "policy-mgr"),
+        RESOLVE_ACL_POLICY_SET("associate-acl-policy-set.xml", "policy-mgr"),
+        CREATE_ACL_POLICY("create-acl-policy.xml", "policy-mgr"),
+        DELETE_ACL_POLICY("delete-acl-policy.xml", "policy-mgr"),
+        LIST_ACL_POLICIES("list-acl-policies.xml", "policy-mgr"),
+        CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
+        CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"),
+        CREATE_EGRESS_ACL_RULE("create-egress-acl-rule.xml", "policy-mgr"),
+        CREATE_GENERIC_INGRESS_ACL_RULE("create-generic-ingress-acl-rule.xml", "policy-mgr"),
+        CREATE_GENERIC_EGRESS_ACL_RULE("create-generic-egress-acl-rule.xml", "policy-mgr"),
+
+        DELETE_RULE("delete-rule.xml", "policy-mgr"),
+
+        LIST_CHILDREN("list-children.xml", "policy-mgr"),
+
+        CREATE_EDGE_FIREWALL("create-edge-firewall.xml", "resource-mgr"),
+        DELETE_EDGE_FIREWALL("delete-edge-firewall.xml", "resource-mgr"),
+
+        LIST_UNASSOC_ASA1000V("list-unassigned-asa1000v.xml", "resource-mgr"),
+        ASSIGN_ASA1000V("assoc-asa1000v.xml", "resource-mgr"),
+        UNASSIGN_ASA1000V("disassoc-asa1000v.xml", "resource-mgr");
+
+        private String scriptsDir = "scripts/network/cisco";
+        private String xml;
+        private String service;
+        private final Logger s_logger = Logger.getLogger(CiscoVnmcConnectionImpl.class);
+
+
+        private VnmcXml(String filename, String service) {
+            this.xml = getXml(filename);
+            this.service = service;
+        }
+
+        public String getXml() {
+            return xml;
+        }
+
+        private String getXml(String filename) {
+            try {
+                String xmlFilePath = Script.findScript(scriptsDir, filename);
+
+                if (xmlFilePath == null) {
+                    throw new Exception("Failed to find Cisco VNMC XML file: " + filename);
+                }
+
+                FileReader fr = new FileReader(xmlFilePath);
+                BufferedReader br = new BufferedReader(fr);
+
+                String xml = "";
+                String line;
+                while ((line = br.readLine()) != null) {
+                    //xml += line.replaceAll("\n"," ");
+                    xml += line;
+                }
+
+                return xml;
+            } catch (Exception e) {
+                s_logger.debug(e);
+                return null;
+            }
+        }
+
+        public String getService() {
+            return service;
+        }
+    }
+
+    public CiscoVnmcConnectionImpl(String hostIp, String userName, String password) {
+        this._ip = hostIp;
+        this._username = userName;
+        this._password = password;
+        
+    }
+
+    public boolean login() throws ExecutionException {
+        String xml = VnmcXml.LOGIN.getXml();
+        String service = VnmcXml.LOGIN.getService();
+        xml = replaceXmlValue(xml, "username", _username);
+        xml = replaceXmlValue(xml, "password", _password);
+        String response =  sendRequest(service, xml);
+        Map<String, String> checked = checkResponse(response, "outCookie", "errorCode", "response");
+
+        if (checked.get("errorCode") != null)
+            return false;
+        _cookie = checked.get("outCookie");
+        if (_cookie == null) {
+            return false;
+        }
+        return true;
+    }
+
+    private String getDnForTenant(String tenantName) {
+        return "org-root/org-" + tenantName;
+    }
+
+    private String getDnForTenantVDC(String tenantName) {
+        return getDnForTenant(tenantName) + "/org-VDC-" + tenantName;
+    }
+
+    private String getDnForTenantVDCEdgeDeviceProfile(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/edsp-" + getNameForEdgeDeviceServiceProfile(tenantName);
+    }
+
+    private String getDnForTenantVDCEdgeSecurityProfile(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/vnep-" + getNameForEdgeDeviceSecurityProfile(tenantName);
+    }
+
+    private String getDnForEdgeDeviceRoutingPolicy(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/routing-policy-" + getNameForEdgeDeviceRoutePolicy(tenantName);
+        //FIXME: any other construct is unreliable. why?
+    }
+
+    private String getDnForDhcpPolicy(String tenantName, String intfName) {
+        return getDnForTenantVDCEdgeDeviceProfile(tenantName) + "/dhcp-" + intfName;
+    }
+
+    private String getNameForDhcpPolicy(String tenantName) {
+        return tenantName + "-Dhcp-Policy";
+    }
+
+    private String getNameForDhcpServer(String tenantName) {
+        return tenantName + "-Dhcp-Server";
+    }
+
+    private String getDnForDhcpServerPolicy(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/dhcp-server-" + getNameForDhcpPolicy(tenantName);
+    }
+
+    private String getNameForIpRange() {
+        return "iprange";
+    }
+
+    private String getDnForDhcpIpRange(String tenantName) {
+        return getDnForDhcpServerPolicy(tenantName) + "/ip-range-" + getNameForIpRange();
+    }
+
+    private String getNameForDNSService(String tenantName) {
+        return tenantName + "-DNS";
+    }
+
+    private String getDnForDnsService(String tenantName) {
+        return getDnForDhcpServerPolicy(tenantName) + "/dns-svc-" + getNameForDNSService(tenantName); 
+    }
+
+    private String getDnForDnsServer(String tenantName, String dnsip) {
+        return getDnForDnsService(tenantName) + "/dns-" + dnsip; 
+    }
+
+    private String getNameForTenantVDC(String tenantName) {
+        return "VDC-" + tenantName;
+    }
+
+    private String getNameForEdgeDeviceServiceProfile(String tenantName) {
+        return "EDSP-" + tenantName;
+    }
+
+    private String getNameForEdgeDeviceSecurityProfile(String tenantName) {
+        return "ESP-" + tenantName;
+    }
+
+    private String getNameForEdgeDeviceRoutePolicy(String tenantName) {
+        return "EDSP-" + tenantName + "-Routes";
+    }
+
+    @Override
+    public boolean createTenant(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_TENANT.getXml();
+        String service = VnmcXml.CREATE_TENANT.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Tenant for account " + tenantName);
+        xml = replaceXmlValue(xml, "name", tenantName);
+        xml = replaceXmlValue(xml, "dn", getDnForTenant(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenant(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_TENANT.getXml();
+        String service = VnmcXml.DELETE_TENANT.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", tenantName);
+        xml = replaceXmlValue(xml, "dn", getDnForTenant(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDC(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_VDC.getXml();
+        String service = VnmcXml.CREATE_VDC.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "VDC for Tenant" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForTenantVDC(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDC(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDC(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_VDC.getXml();
+        String service = VnmcXml.DELETE_VDC.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForTenantVDC(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDC(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeDeviceProfile(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_DEVICE_PROFILE.getXml();
+        String service = VnmcXml.CREATE_EDGE_DEVICE_PROFILE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Device Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceServiceProfile(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getXml();
+        String service = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));
+        xml = replaceXmlValue(xml, "routepolicydn", getDnForEdgeDeviceRoutingPolicy(tenantName));
+        xml = replaceXmlValue(xml, "descr", "Routing Policy for Edge Device for Tenant " + tenantName);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+   }
+
+    @Override
+    public boolean createTenantVDCEdgeStaticRoute(String tenantName,
+            String nextHopIp, String destination, String netmask) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_ROUTE.getXml();
+        String service = VnmcXml.CREATE_EDGE_ROUTE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "routepolicydn", getDnForEdgeDeviceRoutingPolicy(tenantName));
+        xml = replaceXmlValue(xml, "nexthop", nextHopIp);
+        xml = replaceXmlValue(xml, "nexthopintf", getNameForEdgeOutsideIntf(tenantName));
+        xml = replaceXmlValue(xml, "destination", destination);
+        xml = replaceXmlValue(xml, "netmask", netmask);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getXml();
+        String service = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceServiceProfile(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName));
+        xml = replaceXmlValue(xml, "routepolicyname", getNameForEdgeDeviceRoutePolicy(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName, String intfName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_EDGE_DHCP_POLICY.getXml();
+        String service = VnmcXml.RESOLVE_EDGE_DHCP_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dhcpdn", getDnForDhcpPolicy(tenantName, intfName));
+        xml = replaceXmlValue(xml, "insideintf", intfName);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeDhcpPolicy(String tenantName, 
+            String startIp, String endIp, String subnet, String nameServerIp, String domain) throws ExecutionException {
+        String xml = VnmcXml.CREATE_DHCP_POLICY.getXml();
+        String service = VnmcXml.CREATE_DHCP_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dhcpserverdn", getDnForDhcpServerPolicy(tenantName));
+        xml = replaceXmlValue(xml, "dhcpserverdescr", "DHCP server for " + tenantName);
+        xml = replaceXmlValue(xml, "dhcpservername", getNameForDhcpPolicy(tenantName));
+        xml = replaceXmlValue(xml, "iprangedn", getDnForDhcpIpRange(tenantName));
+        xml = replaceXmlValue(xml, "startip", startIp);
+        xml = replaceXmlValue(xml, "endip", endIp);
+        xml = replaceXmlValue(xml, "subnet", subnet);
+        xml = replaceXmlValue(xml, "domain", domain);
+        xml = replaceXmlValue(xml, "dnsservicedn", getDnForDnsService(tenantName));
+        xml = replaceXmlValue(xml, "dnsservicename", getNameForDNSService(tenantName));
+        xml = replaceXmlValue(xml, "nameserverip", nameServerIp);
+        xml = replaceXmlValue(xml, "nameserverdn", getDnForDnsServer(tenantName, nameServerIp));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName, String intfName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_EDGE_DHCP_SERVER_POLICY.getXml();
+        String service = VnmcXml.RESOLVE_EDGE_DHCP_SERVER_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dhcpdn", getDnForDhcpPolicy(tenantName, intfName));
+        xml = replaceXmlValue(xml, "insideintf", intfName);
+        xml = replaceXmlValue(xml, "dhcpserverpolicyname", getNameForDhcpServer(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeSecurityProfile(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_SECURITY_PROFILE.getXml();
+        String service = VnmcXml.CREATE_EDGE_SECURITY_PROFILE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "egressref", "default-egress");
+        xml = replaceXmlValue(xml, "ingressref", "default-ingress"); //FIXME: allows everything
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCEdgeSecurityProfile(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_EDGE_SECURITY_PROFILE.getXml();
+        String service = VnmcXml.DELETE_EDGE_SECURITY_PROFILE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private String getNameForSourceNatIpPool(String tenantName) {
+        return "SNATIp-" + tenantName;
+    }
+
+    private String getDnForSourceNatPool(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForSourceNatIpPool(tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatIpPool(String tenantName, String identifier,
+            String publicIp) throws ExecutionException {
+        return createTenantVDCIpPool(
+                getDnForSourceNatPool(tenantName),
+                getNameForSourceNatIpPool(tenantName),
+                "Source NAT ip pool for Tenant VDC " + tenantName,
+                publicIp);
+    }
+
+    private String getNameForSourceNatPolicy(String tenantName) {
+       return "SNAT-Policy-" + tenantName;
+    }
+
+    private String getDnForSourceNatPolicy(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForSourceNatPolicy(tenantName);
+    }
+
+    private String getNameForSourceNatRule(String tenantName) {
+        return "SNAT-Rule-" + tenantName;
+    }
+
+    private String getDnForSourceNatRule(String tenantName) {
+        return getDnForSourceNatPolicy(tenantName) + "/rule-" + getNameForSourceNatRule(tenantName);
+    }
+
+    private String getNameForNatPolicySet(String tenantName) {
+        return "NAT-PolicySet-" + tenantName;
+    }
+
+    private String getDnForNatPolicySet(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/natpset-" + getNameForNatPolicySet(tenantName) ;
+    }
+
+    private String getDnForSourceNatPolicyRef(String tenantName) {
+        return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForSourceNatPolicy(tenantName) ;
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatRule(String tenantName, String identifier,
+            String startSourceIp, String endSourceIp) throws ExecutionException {
+
+        String xml = VnmcXml.CREATE_SOURCE_NAT_RULE.getXml();
+        String service = VnmcXml.CREATE_SOURCE_NAT_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natruledn", getDnForSourceNatRule(tenantName));
+        xml = replaceXmlValue(xml, "natrulename", getNameForSourceNatRule(tenantName));
+        xml = replaceXmlValue(xml, "descr", "Source NAT rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "srcstartip", startSourceIp);
+        xml = replaceXmlValue(xml, "srcendip", endSourceIp);
+        xml = replaceXmlValue(xml, "ippoolname", getNameForSourceNatIpPool(tenantName));
+
+        List<String> rules = listChildren(getDnForSourceNatPolicy(tenantName));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatPolicyRef(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicyRef(
+                getDnForSourceNatPolicyRef(tenantName),
+                getNameForSourceNatPolicy(tenantName),
+                tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatPolicy(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicy(
+                getDnForSourceNatPolicy(tenantName),
+                getNameForSourceNatPolicy(tenantName));
+    }
+
+    @Override
+    public boolean createTenantVDCNatPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_NAT_POLICY_SET.getXml();
+        String service = VnmcXml.CREATE_NAT_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "NAT policy set for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+        xml = replaceXmlValue(xml, "natpolicysetdn", getDnForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCNatPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_NAT_POLICY_SET.getXml();
+        String service = VnmcXml.DELETE_NAT_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+        xml = replaceXmlValue(xml, "natpolicysetdn", getDnForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateNatPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_NAT_POLICY_SET.getXml();
+        String service = VnmcXml.RESOLVE_NAT_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private String getNameForAclPolicySet(String tenantName, boolean ingress) {
+        return (ingress ? "Ingress-" : "Egress-") + "ACL-PolicySet-" + tenantName;
+    }
+
+    private String getDnForAclPolicySet(String tenantName, boolean ingress) {
+        return getDnForTenantVDC(tenantName) + "/pset-" + getNameForAclPolicySet(tenantName, ingress) ;
+    }
+
+    private String getNameForAclPolicy(String tenantName, String identifier) {
+        return "ACL-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForAclPolicy(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/pol-" + getNameForAclPolicy(tenantName, identifier);
+    }
+
+    private String getDnForAclPolicyRef(String tenantName, String identifier, boolean ingress) {
+        return getDnForAclPolicySet(tenantName, ingress) + "/polref-" + getNameForAclPolicy(tenantName, identifier);
+    }
+
+    private String getNameForAclRule(String tenantName, String identifier) {
+        return "Rule-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForAclRule(String tenantName, String identifier, String policyIdentifier) {
+        return getDnForAclPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForAclRule(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCAclPolicy(String tenantName, String identifier) throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_POLICY.getXml();
+        String service = VnmcXml.CREATE_ACL_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier) throws ExecutionException {
+        String xml = VnmcXml.DELETE_ACL_POLICY.getXml();
+        String service = VnmcXml.DELETE_ACL_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier, boolean ingress) throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_POLICY_REF.getXml();
+        String service = VnmcXml.CREATE_ACL_POLICY_REF.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier, ingress));
+
+        List<String> policies = listAclPolicies(tenantName);
+        int order = 100;
+        if (policies != null) {
+            order += policies.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress) throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_POLICY_SET.getXml();
+        String service = VnmcXml.CREATE_ACL_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "ACL policy set for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "aclpolicysetname", getNameForAclPolicySet(tenantName, ingress));
+        xml = replaceXmlValue(xml, "aclpolicysetdn", getDnForAclPolicySet(tenantName, ingress));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCAclPolicySet(String tenantName, boolean ingress) throws ExecutionException {
+        String xml = VnmcXml.DELETE_ACL_POLICY_SET.getXml();
+        String service = VnmcXml.DELETE_ACL_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicysetname", getNameForAclPolicySet(tenantName, ingress));
+        xml = replaceXmlValue(xml, "aclpolicysetdn", getDnForAclPolicySet(tenantName, ingress));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateAclPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_ACL_POLICY_SET.getXml();
+        String service = VnmcXml.RESOLVE_ACL_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+        //xml = replaceXmlValue(xml, "egresspolicysetname", getNameForAclPolicySet(tenantName, false));
+        xml = replaceXmlValue(xml, "egresspolicysetname", "default-egress");
+        xml = replaceXmlValue(xml, "ingresspolicysetname", getNameForAclPolicySet(tenantName, true));
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destStartPort, String destEndPort, String destIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_INGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_INGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+        xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
+        xml = replaceXmlValue(xml, "deststartport", destStartPort);
+        xml = replaceXmlValue(xml, "destendport", destEndPort);
+        xml = replaceXmlValue(xml, "destip", destIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+        xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
+            String destStartIp, String destEndIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_EGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "deststartip", destStartIp);
+        xml = replaceXmlValue(xml, "destendip", destEndIp);
+        xml = replaceXmlValue(xml, "sourcestartport", sourceStartPort);
+        xml = replaceXmlValue(xml, "sourceendport", sourceEndPort);
+        xml = replaceXmlValue(xml, "sourceip", sourceIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceIp,
+            String destStartIp, String destEndIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "deststartip", destStartIp);
+        xml = replaceXmlValue(xml, "destendip", destEndIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCAclRule(String tenantName, String identifier, String policyIdentifier) throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForAclRule(tenantName, identifier, policyIdentifier),
+                getNameForAclRule(tenantName, identifier));
+    }
+
+    private String getNameForPFPortPool(String tenantName, String identifier) {
+        return "PFPort-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFPortPool(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForPFPortPool(tenantName, identifier);
+    }
+
+    private String getNameForPFIpPool(String tenantName, String identifier) {
+        return "PFIp-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFIpPool(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForPFIpPool(tenantName, identifier);
+    }
+
+    private boolean createTenantVDCPortPool(String poolDn, String name,
+            String description, String startPort, String endPort) throws ExecutionException {
+        String xml = VnmcXml.CREATE_PORT_POOL.getXml();
+        String service = VnmcXml.CREATE_PORT_POOL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "portpooldn", poolDn);
+        xml = replaceXmlValue(xml, "portpoolname", name);
+        xml = replaceXmlValue(xml, "descr", description);
+        xml = replaceXmlValue(xml, "startport", startPort);
+        xml = replaceXmlValue(xml, "endport", endPort);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean createTenantVDCIpPool(String poolDn, String name,
+            String description, String ipAddress) throws ExecutionException {
+        String xml = VnmcXml.CREATE_IP_POOL.getXml();
+        String service = VnmcXml.CREATE_IP_POOL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "ippooldn", poolDn);
+        xml = replaceXmlValue(xml, "ippoolname", name);
+        xml = replaceXmlValue(xml, "descr", description);
+        xml = replaceXmlValue(xml, "ipvalue", ipAddress);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean createTenantVDCNatPolicyRef(String policyRefDn, String name, String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_NAT_POLICY_REF.getXml();
+        String service = VnmcXml.CREATE_NAT_POLICY_REF.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicyrefdn", policyRefDn);
+        xml = replaceXmlValue(xml, "natpolicyname", name);
+
+        List<String> policies = listNatPolicies(tenantName);
+        int order = 100;
+        if (policies != null) {
+            order += policies.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean createTenantVDCNatPolicy(String policyDn, String name) throws ExecutionException {
+        String xml = VnmcXml.CREATE_NAT_POLICY.getXml();
+        String service = VnmcXml.CREATE_NAT_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicydn", policyDn);
+        xml = replaceXmlValue(xml, "natpolicyname", name);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean deleteTenantVDCNatPolicy(String policyDn, String name) throws ExecutionException {
+        String xml = VnmcXml.DELETE_NAT_POLICY.getXml();
+        String service = VnmcXml.DELETE_NAT_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicydn", policyDn);
+        xml = replaceXmlValue(xml, "natpolicyname", name);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean deleteTenantVDCRule(String ruledn, String ruleName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_RULE.getXml();
+        String service = VnmcXml.DELETE_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "ruledn", ruledn);
+        xml = replaceXmlValue(xml, "rulename", ruleName);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private List<String> listNatPolicies(String tenantName) throws ExecutionException {
+
+        String xml = VnmcXml.LIST_NAT_POLICIES.getXml();
+        String service = VnmcXml.LIST_NAT_POLICIES.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("pair");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("key").getNodeValue());
+        }
+
+        return result;
+    }
+
+    private List<String> listAclPolicies(String tenantName) throws ExecutionException {
+
+        String xml = VnmcXml.LIST_ACL_POLICIES.getXml();
+        String service = VnmcXml.LIST_ACL_POLICIES.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("pair");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("key").getNodeValue());
+        }
+
+        return result;
+    }
+
+    private List<String> listChildren(String dn) throws ExecutionException {
+
+        String xml = VnmcXml.LIST_CHILDREN.getXml();
+        String service = VnmcXml.LIST_CHILDREN.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dn", dn);
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("policyRule");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("name").getNodeValue());
+        }
+
+        return result;
+    }
+
+    @Override
+    public boolean createTenantVDCPFPortPool(String tenantName, String identifier,
+            String startPort, String endPort) throws ExecutionException {
+        return createTenantVDCPortPool(
+                getDnForPFPortPool(tenantName, identifier),
+                getNameForPFPortPool(tenantName, identifier),
+                "PF port pool for " + getNameForPFPortPool(tenantName, identifier),
+                startPort, endPort);
+    }
+
+    @Override
+    public boolean createTenantVDCPFIpPool(String tenantName, String identifier,
+            String ipAddress) throws ExecutionException {
+        return createTenantVDCIpPool(
+                getDnForPFIpPool(tenantName, identifier),
+                getNameForPFIpPool(tenantName, identifier),
+                "PF ip pool for " + getNameForPFIpPool(tenantName, identifier),
+                ipAddress);
+    }
+
+    private String getNameForPFPolicy(String tenantName, String identifier) {
+        return "PF-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFPolicy(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForPFPolicy(tenantName, identifier);
+    }
+
+    private String getDnForPFPolicyRef(String tenantName, String identifier) {
+        return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForPFPolicy(tenantName, identifier);
+    }
+
+    private String getNameForPFRule(String tenantName, String identifier) {
+        return "Rule-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFRule(String tenantName, String identifier, String policyIdentifier) {
+        return getDnForPFPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForPFRule(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCPFRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String publicIp,
+            String startPort, String endPort) throws ExecutionException {
+        String xml = VnmcXml.CREATE_PF_RULE.getXml();
+        String service = VnmcXml.CREATE_PF_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natruledn", getDnForPFRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "natrulename", getNameForPFRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "PF rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "ippoolname", getNameForPFIpPool(tenantName, policyIdentifier + "-" + identifier));
+        xml = replaceXmlValue(xml, "portpoolname", getNameForPFPortPool(tenantName, policyIdentifier + "-" + identifier));
+        xml = replaceXmlValue(xml, "ip", publicIp);
+        xml = replaceXmlValue(xml, "startport", startPort);
+        xml = replaceXmlValue(xml, "endport", endPort);
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+
+        List<String> rules = listChildren(getDnForPFPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCPFRule(String tenantName, String identifier,
+            String policyIdentifier) throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForPFRule(tenantName, identifier, policyIdentifier),
+                getNameForPFRule(tenantName, identifier));
+    }
+
+    @Override
+    public boolean createTenantVDCAclRuleForPF(String tenantName,
+            String identifier, String policyIdentifier, String protocol,
+            String ipAddress, String startPort, String endPort)
+            throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_RULE_FOR_PF.getXml();
+        String service = VnmcXml.CREATE_ACL_RULE_FOR_PF.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "ip", ipAddress);
+        xml = replaceXmlValue(xml, "startport", startPort);
+        xml = replaceXmlValue(xml, "endport", endPort);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicyRef(
+                getDnForPFPolicyRef(tenantName, identifier),
+                getNameForPFPolicy(tenantName, identifier),
+                tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCPFPolicy(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicy(
+                getDnForPFPolicy(tenantName, identifier),
+                getNameForPFPolicy(tenantName, identifier));
+    }
+
+    @Override
+    public boolean deleteTenantVDCPFPolicy(String tenantName, String identifier) throws ExecutionException {
+        return deleteTenantVDCNatPolicy(
+                getDnForPFPolicy(tenantName, identifier),
+                getNameForPFPolicy(tenantName, identifier));
+    }
+
+    private String getNameForDNatIpPool(String tenantName, String identifier) {
+        return "DNATIp-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForDNatIpPool(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForDNatIpPool(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatIpPool(String tenantName,
+            String identifier, String ipAddress) throws ExecutionException {
+        return createTenantVDCIpPool(
+                getDnForDNatIpPool(tenantName, identifier),
+                getNameForDNatIpPool(tenantName, identifier),
+                "DNAT ip pool for " + getNameForDNatIpPool(tenantName, identifier),
+                ipAddress);
+    }
+
+    private String getNameForDNatRule(String tenantName, String identifier) {
+        return "Rule-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForDNatRule(String tenantName, String identifier, String policyIdentifier) {
+        return getDnForDNatPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForDNatRule(tenantName, identifier);
+    }
+
+    private String getNameForDNatPolicy(String tenantName, String identifier) {
+        return "DNAT-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForDNatPolicy(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForDNatPolicy(tenantName, identifier);
+    }
+
+    private String getDnForDNatPolicyRef(String tenantName, String identifier) {
+        return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForDNatPolicy(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier, String publicIp)
+            throws ExecutionException {
+        String xml = VnmcXml.CREATE_DNAT_RULE.getXml();
+        String service = VnmcXml.CREATE_DNAT_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natruledn", getDnForDNatRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "natrulename", getNameForDNatRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "DNAT rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "ippoolname", getNameForDNatIpPool(tenantName, policyIdentifier + "-" + identifier));
+        xml = replaceXmlValue(xml, "ip", publicIp);
+
+        List<String> rules = listChildren(getDnForDNatPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForDNatRule(tenantName, identifier, policyIdentifier),
+                getNameForDNatRule(tenantName, identifier));
+    }
+
+    @Override
+    public boolean createTenantVDCAclRuleForDNat(String tenantName,
+            String identifier, String policyIdentifier, String ipAddress)
+            throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getXml();
+        String service = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "ip", ipAddress);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatPolicyRef(String tenantName,
+            String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicyRef(
+                getDnForDNatPolicyRef(tenantName, identifier),
+                getNameForDNatPolicy(tenantName, identifier),
+                tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatPolicy(String tenantName,
+            String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicy(
+                getDnForDNatPolicy(tenantName, identifier),
+                getNameForDNatPolicy(tenantName, identifier));
+    }
+
+    @Override
+    public boolean deleteTenantVDCDNatPolicy(String tenantName,
+            String identifier) throws ExecutionException {
+        return deleteTenantVDCNatPolicy(
+                getDnForDNatPolicy(tenantName, identifier),
+                getNameForDNatPolicy(tenantName, identifier));
+    }
+
+    private String getNameForEdgeFirewall(String tenantName) {
+        return "ASA-1000v-" + tenantName;
+    }
+
+    private String getDnForEdgeFirewall(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/efw-" + getNameForEdgeFirewall(tenantName);
+    }
+
+    private String getNameForEdgeInsideIntf(String tenantName) {
+        return "Edge_Inside"; //TODO: make this configurable
+    }
+
+    private String getNameForEdgeOutsideIntf(String tenantName) {
+        return "Edge_Outside"; //TODO: make this configurable
+    }
+
+    private String getDnForOutsideIntf(String tenantName) {
+        return getDnForEdgeFirewall(tenantName) + "/interface-" + getNameForEdgeOutsideIntf(tenantName);
+    }
+
+    private String getDnForInsideIntf(String tenantName) {
+        return getDnForEdgeFirewall(tenantName) + "/interface-" + getNameForEdgeInsideIntf(tenantName);
+    }
+
+    @Override
+    public boolean createEdgeFirewall(String tenantName, String publicIp, String insideIp, 
+            String publicSubnet, String insideSubnet) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_FIREWALL.getXml();
+        String service = VnmcXml.CREATE_EDGE_FIREWALL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "edgefwdescr", "Edge Firewall for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "edgefwname", getNameForEdgeFirewall(tenantName));
+        xml = replaceXmlValue(xml, "edgefwdn", getDnForEdgeFirewall(tenantName));
+        xml = replaceXmlValue(xml, "insideintfname", getNameForEdgeInsideIntf(tenantName));
+        xml = replaceXmlValue(xml, "outsideintfname", getNameForEdgeOutsideIntf(tenantName));
+
+        xml = replaceXmlValue(xml, "insideintfdn", getDnForInsideIntf(tenantName));
+        xml = replaceXmlValue(xml, "outsideintfdn", getDnForOutsideIntf(tenantName));
+
+        xml = replaceXmlValue(xml, "deviceserviceprofiledn", getDnForEdgeFirewall(tenantName) + "/device-service-profile");
+        xml = replaceXmlValue(xml, "outsideintfsp", getDnForOutsideIntf(tenantName)  + "/interface-service-profile");
+
+        xml = replaceXmlValue(xml, "secprofileref", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "deviceserviceprofile", getNameForEdgeDeviceServiceProfile(tenantName));
+
+        xml = replaceXmlValue(xml, "insideip", insideIp);
+        xml = replaceXmlValue(xml, "publicip", publicIp);
+        xml = replaceXmlValue(xml, "insidesubnet", insideSubnet);
+        xml = replaceXmlValue(xml, "outsidesubnet", publicSubnet);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteEdgeFirewall(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_EDGE_FIREWALL.getXml();
+        String service = VnmcXml.DELETE_EDGE_FIREWALL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "edgefwname", getNameForEdgeFirewall(tenantName));
+        xml = replaceXmlValue(xml, "edgefwdn", getDnForEdgeFirewall(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public Map<String, String> listUnAssocAsa1000v() throws ExecutionException {
+        String xml = VnmcXml.LIST_UNASSOC_ASA1000V.getXml();
+        String service = VnmcXml.LIST_UNASSOC_ASA1000V.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+
+        String response =  sendRequest(service, xml);
+
+        Map<String, String> result = new HashMap<String, String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList fwList = xmlDoc.getElementsByTagName("fwInstance");
+        for (int j=0; j < fwList.getLength(); j++) {
+            Node fwNode = fwList.item(j);
+            result.put(fwNode.getAttributes().getNamedItem("mgmtIp").getNodeValue(),
+                    fwNode.getAttributes().getNamedItem("dn").getNodeValue());
+        }
+
+        return result;
+    }
+
+    @Override
+    public boolean assignAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
+        String xml = VnmcXml.ASSIGN_ASA1000V.getXml();
+        String service = VnmcXml.ASSIGN_ASA1000V.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "binddn", getDnForEdgeFirewall(tenantName) + "/binding");
+        xml = replaceXmlValue(xml, "fwdn", firewallDn);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean unassignAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
+        String xml = VnmcXml.UNASSIGN_ASA1000V.getXml();
+        String service = VnmcXml.UNASSIGN_ASA1000V.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "binddn", getDnForEdgeFirewall(tenantName) + "/binding");
+        xml = replaceXmlValue(xml, "fwdn", firewallDn);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private String sendRequest(String service, String xmlRequest) throws ExecutionException {
+        org.apache.commons.httpclient.protocol.Protocol myhttps = 
+                new org.apache.commons.httpclient.protocol.Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+        HttpClient client = new HttpClient();
+        client.getHostConfiguration().setHost(_ip, 443, myhttps);
+        byte[] response = null;
+        PostMethod method = new PostMethod("/xmlIM/" + service);
+        
+        method.setRequestBody(xmlRequest);
+        
+        try{
+            int statusCode = client.executeMethod(method);
+                     
+            if (statusCode != HttpStatus.SC_OK) {
+                throw new Exception("Error code : " + statusCode);
+            }
+            response = method.getResponseBody();
+        }catch(Exception e){
+            System.out.println(e.getMessage());
+            throw new ExecutionException(e.getMessage());
+        }
+        System.out.println(new String(response));
+        return new String(response);
+    }
+
+    private Map<String, String> checkResponse(String xmlResponse, String... keys) throws ExecutionException {
+        Document xmlDoc = getDocument(xmlResponse);
+        Map<String, String> result = new HashMap<String, String>();
+        Node topElement = xmlDoc.getChildNodes().item(0);
+        if (topElement != null) {
+            for (String key: keys){
+                Node valueNode = topElement.getAttributes().getNamedItem(key);
+                result.put(key, valueNode==null?null:valueNode.getNodeValue());
+            }
+        }
+        return result;
+    }
+
+    private boolean verifySuccess(String xmlResponse) throws ExecutionException {
+        Map<String, String> checked = checkResponse(xmlResponse, "errorCode", "errorDescr");
+
+        if (checked.get("errorCode") != null) {
+            String errorCode = checked.get("errorCode");
+            if (errorCode.equals("103")) {
+                //tenant already exists
+                return true;
+            }
+            String errorDescr = checked.get("errorDescr");
+            throw new ExecutionException(errorDescr);
+        }
+        return true;
+    }
+
+    /*
+     * XML utils
+     */
+    
+    private Document getDocument(String xml) throws ExecutionException {
+        StringReader xmlReader = new StringReader("<?xml version=\"1.0\"?> \n" + xml.trim());
+        InputSource xmlSource = new InputSource(xmlReader);
+        Document doc = null; 
+
+        try {
+            doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlSource);
+            
+        } catch (Exception e) {
+            s_logger.error(e);
+            throw new ExecutionException(e.getMessage());
+        }
+
+        if (doc == null) {
+            throw new ExecutionException("Failed to parse xml " + xml);
+        } else {
+            return doc;
+        }
+    }    
+
+    private String replaceXmlTag(String xml, String oldTag, String newTag) {
+        return xml.replaceAll(oldTag, newTag);
+    }
+
+    private String replaceXmlValue(String xml, String marker, String value) {
+        marker = "\\s*%" + marker + "%\\s*";
+
+        if (value == null) {
+            value = "";
+        }
+
+        return xml.replaceAll(marker, value);
+    }
+
+    private String extractXml(String xml, String marker) {
+        String startMarker = "<" + marker + ">";
+        String endMarker = "</" + marker + ">";
+        if (xml.contains(startMarker) && xml.contains(endMarker)) {
+            return xml.substring(xml.indexOf(startMarker) + startMarker.length(), xml.indexOf(endMarker));
+        } else {
+            return null;
+        }
+
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java
new file mode 100644
index 00000000000..e756165bdaa
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java
@@ -0,0 +1,40 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.org.Grouping;
+
+public interface CiscoVnmcController extends Grouping, InternalIdentity, Identity {
+
+    long getId();
+
+    String getUuid();
+
+    void setUuid(String uuid);
+
+    long getPhysicalNetworkId();
+
+    long getHostId();
+
+    String getProviderName();
+
+    String getDeviceName();
+
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java
new file mode 100644
index 00000000000..4207f1dac4c
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+@Entity
+@Table(name="external_cisco_vnmc_devices")
+public class CiscoVnmcControllerVO implements CiscoVnmcController {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name="id")
+    private long id;
+
+    @Column(name="uuid")
+    private String uuid;
+
+    @Column(name="host_id")
+    private long hostId;
+
+    @Column(name="physical_network_id")
+    private long physicalNetworkId;
+
+    @Column(name="provider_name")
+    private String providerName;
+
+    @Column(name="device_name")
+    private String deviceName;
+
+
+    public CiscoVnmcControllerVO() {
+        this.uuid = UUID.randomUUID().toString();
+    }
+
+    public CiscoVnmcControllerVO(long hostId, long physicalNetworkId,
+            String providerName, String deviceName) {
+        super();
+        this.hostId = hostId;
+        this.physicalNetworkId = physicalNetworkId;
+        this.providerName = providerName;
+        this.deviceName = deviceName;
+        this.uuid = UUID.randomUUID().toString();
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+
+    @Override
+    public String getUuid() {
+        return uuid;
+    }
+
+    @Override
+    public void setUuid(String uuid) {
+        this.uuid = uuid;
+    }
+
+    @Override
+    public long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    @Override
+    public long getHostId() {
+        return hostId;
+    }
+
+    @Override
+    public String getProviderName() {
+        return providerName;
+    }
+
+    @Override
+    public String getDeviceName() {
+        return deviceName;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java
new file mode 100755
index 00000000000..2e004dccd41
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java
@@ -0,0 +1,31 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.org.Grouping;
+
+public interface NetworkAsa1000vMap extends Grouping, InternalIdentity {
+
+    long getId();
+
+    long getNetworkId();
+
+    long getAsa1000vId();
+
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java
new file mode 100755
index 00000000000..9638b6f8ae2
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java
@@ -0,0 +1,73 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+@Entity
+@Table(name="network_asa1000v_map")
+public class NetworkAsa1000vMapVO implements NetworkAsa1000vMap {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name="id")
+    private long id;
+
+    @Column(name="network_id")
+    private long networkId;
+
+    @Column(name="asa1000v_id")
+    private long asa1000vId;
+    
+    public NetworkAsa1000vMapVO() {
+    }
+
+    public NetworkAsa1000vMapVO(long networkId, long asa1000vId) {
+        super();
+        this.networkId = networkId;
+        this.asa1000vId = asa1000vId;
+    }
+
+	@Override
+	public long getId() {
+		return id;
+	}
+
+	@Override
+	public long getAsa1000vId() {
+		return asa1000vId;
+	}
+
+	public void setAsa1000vId(long asa1000vId) {
+		this.asa1000vId = asa1000vId;
+	}
+
+	@Override
+	public long getNetworkId() {
+		return networkId;
+	}
+
+	public void setNetworkId(long networkId) {
+		this.networkId = networkId;
+	}
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java
new file mode 100755
index 00000000000..1a380b13691
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java
@@ -0,0 +1,33 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface CiscoAsa1000vDao extends GenericDao<CiscoAsa1000vDeviceVO, Long>{
+    /**
+     * list all the Cisco Asa 1000v devices added in to this physical network
+     * @param physicalNetworkId physical Network Id
+     * @return list of CiscoAsa1000vDeviceVO for this physical network.
+     */
+    List<CiscoAsa1000vDeviceVO> listByPhysicalNetwork(long physicalNetworkId);
+
+    CiscoAsa1000vDeviceVO findByManagementIp(String managementIp);
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java
new file mode 100755
index 00000000000..a5820dea48b
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java
@@ -0,0 +1,63 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+
+@Component
+@Local(value=CiscoAsa1000vDao.class)
+public class CiscoAsa1000vDaoImpl extends GenericDaoBase<CiscoAsa1000vDeviceVO, Long>
+        implements CiscoAsa1000vDao {
+
+    protected final SearchBuilder<CiscoAsa1000vDeviceVO> physicalNetworkIdSearch;
+    protected final SearchBuilder<CiscoAsa1000vDeviceVO> managementIpSearch;
+
+    public CiscoAsa1000vDaoImpl() {
+        physicalNetworkIdSearch = createSearchBuilder();
+        physicalNetworkIdSearch.and("physicalNetworkId", physicalNetworkIdSearch.entity().getPhysicalNetworkId(), Op.EQ);
+        physicalNetworkIdSearch.done();
+
+        managementIpSearch = createSearchBuilder();
+        managementIpSearch.and("managementIp", managementIpSearch.entity().getManagementIp(), Op.EQ);
+        managementIpSearch.done();
+    }
+
+    @Override
+    public List<CiscoAsa1000vDeviceVO> listByPhysicalNetwork(long physicalNetworkId) {
+        SearchCriteria<CiscoAsa1000vDeviceVO> sc = physicalNetworkIdSearch.create();
+        sc.setParameters("physicalNetworkId", physicalNetworkId);
+        return search(sc, null);
+    }
+
+    @Override
+    public CiscoAsa1000vDeviceVO findByManagementIp(String managementIp) {
+        SearchCriteria<CiscoAsa1000vDeviceVO> sc = managementIpSearch.create();
+        sc.setParameters("managementIp", managementIp);
+        return findOneBy(sc);
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java
new file mode 100644
index 00000000000..f0b394834a0
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java
@@ -0,0 +1,32 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface CiscoVnmcDao extends GenericDao<CiscoVnmcControllerVO, Long>{
+    /**
+     * list all the Cisco VNMC devices added in to this physical network
+     * @param physicalNetworkId physical Network Id
+     * @return list of CiscoVnmcDeviceVO for this physical network.
+     */
+    List<CiscoVnmcControllerVO> listByPhysicalNetwork(long physicalNetworkId);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java
new file mode 100644
index 00000000000..89518104851
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java
@@ -0,0 +1,51 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+
+@Component
+@Local(value=CiscoVnmcDao.class)
+public class CiscoVnmcDaoImpl extends GenericDaoBase<CiscoVnmcControllerVO, Long>
+        implements CiscoVnmcDao {
+    
+    protected final SearchBuilder<CiscoVnmcControllerVO> physicalNetworkIdSearch;
+
+    public CiscoVnmcDaoImpl() {
+        physicalNetworkIdSearch = createSearchBuilder();
+        physicalNetworkIdSearch.and("physicalNetworkId", physicalNetworkIdSearch.entity().getPhysicalNetworkId(), Op.EQ);
+        physicalNetworkIdSearch.done();
+    }
+
+    @Override
+    public List<CiscoVnmcControllerVO> listByPhysicalNetwork(long physicalNetworkId) {
+        SearchCriteria<CiscoVnmcControllerVO> sc = physicalNetworkIdSearch.create();
+        sc.setParameters("physicalNetworkId", physicalNetworkId);
+        return search(sc, null);
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java
new file mode 100755
index 00000000000..053f4afef54
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface NetworkAsa1000vMapDao extends GenericDao<NetworkAsa1000vMapVO, Long>{
+
+    NetworkAsa1000vMapVO findByNetworkId(long networkId);
+
+    NetworkAsa1000vMapVO findByAsa1000vId(long asa1000vId);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java
new file mode 100755
index 00000000000..692b3d6fda6
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java
@@ -0,0 +1,61 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+
+@Component
+@Local(value=NetworkAsa1000vMapDao.class)
+public class NetworkAsa1000vMapDaoImpl extends GenericDaoBase<NetworkAsa1000vMapVO, Long>
+        implements NetworkAsa1000vMapDao {
+
+    protected final SearchBuilder<NetworkAsa1000vMapVO> networkSearch;
+    protected final SearchBuilder<NetworkAsa1000vMapVO> asa1000vSearch;
+
+    public NetworkAsa1000vMapDaoImpl() {
+        networkSearch = createSearchBuilder();
+        networkSearch.and("networkId", networkSearch.entity().getNetworkId(), Op.EQ);
+        networkSearch.done();
+
+        asa1000vSearch = createSearchBuilder();
+        asa1000vSearch.and("asa1000vId", asa1000vSearch.entity().getAsa1000vId(), Op.EQ);
+        asa1000vSearch.done();
+    }
+
+    @Override
+    public NetworkAsa1000vMapVO findByNetworkId(long networkId) {
+        SearchCriteria<NetworkAsa1000vMapVO> sc = networkSearch.create();
+        sc.setParameters("networkId", networkId);
+        return findOneBy(sc);
+    }
+
+    @Override
+    public NetworkAsa1000vMapVO findByAsa1000vId(long asa1000vId) {
+        SearchCriteria<NetworkAsa1000vMapVO> sc = asa1000vSearch.create();
+        sc.setParameters("asa1000vId", asa1000vId);
+        return findOneBy(sc);
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java
new file mode 100755
index 00000000000..dff9288b0ff
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java
@@ -0,0 +1,43 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.element;
+
+import java.util.List;
+
+import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.ListCiscoAsa1000vResourcesCmd;
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.network.Network;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.utils.component.PluggableService;
+
+public interface CiscoAsa1000vService extends PluggableService {
+
+    public CiscoAsa1000vDevice addCiscoAsa1000vResource(AddCiscoAsa1000vResourceCmd cmd);
+
+    public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
+            CiscoAsa1000vDevice ciscoAsa1000vDeviceVO);
+
+    boolean deleteCiscoAsa1000vResource(DeleteCiscoAsa1000vResourceCmd cmd);
+
+    List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(ListCiscoAsa1000vResourcesCmd cmd);
+
+    CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
new file mode 100644
index 00000000000..443bb40f57f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -0,0 +1,928 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.network.element;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.network.ExternalNetworkDeviceManager.NetworkDevice;
+import org.apache.log4j.Logger;
+
+import com.cloud.agent.AgentManager;
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupExternalFirewallCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
+import com.cloud.agent.api.to.IpAddressTO;
+import com.cloud.agent.api.to.PortForwardingRuleTO;
+import com.cloud.agent.api.to.StaticNatRuleTO;
+import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.AddCiscoVnmcResourceCmd;
+import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd;
+import com.cloud.api.commands.ListCiscoAsa1000vResourcesCmd;
+import com.cloud.api.commands.ListCiscoVnmcResourcesCmd;
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.configuration.ConfigurationManager;
+import com.cloud.dc.ClusterVO;
+import com.cloud.dc.ClusterVSMMapVO;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.Vlan;
+import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.dao.ClusterDao;
+import com.cloud.dc.dao.ClusterVSMMapDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.deploy.DeployDestination;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.host.DetailVO;
+import com.cloud.host.Host;
+import com.cloud.host.HostVO;
+import com.cloud.host.dao.HostDao;
+import com.cloud.host.dao.HostDetailsDao;
+import com.cloud.network.CiscoNexusVSMDeviceVO;
+import com.cloud.network.IpAddress;
+import com.cloud.network.Network;
+import com.cloud.network.NetworkManager;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.PhysicalNetworkServiceProvider;
+import com.cloud.network.dao.PhysicalNetworkVO;
+import com.cloud.network.Network.Capability;
+import com.cloud.network.Network.Provider;
+import com.cloud.network.Network.Service;
+import com.cloud.network.Networks.BroadcastDomainType;
+import com.cloud.network.PublicIpAddress;
+import com.cloud.network.addr.PublicIp;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.network.dao.CiscoAsa1000vDao;
+import com.cloud.network.dao.CiscoNexusVSMDeviceDao;
+import com.cloud.network.dao.CiscoVnmcDao;
+import com.cloud.network.dao.NetworkAsa1000vMapDao;
+import com.cloud.network.dao.NetworkDao;
+import com.cloud.network.dao.PhysicalNetworkDao;
+import com.cloud.network.dao.PhysicalNetworkServiceProviderDao;
+import com.cloud.network.dao.PhysicalNetworkServiceProviderVO;
+import com.cloud.network.resource.CiscoVnmcResource;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.rules.StaticNat;
+import com.cloud.offering.NetworkOffering;
+import com.cloud.resource.ResourceManager;
+import com.cloud.resource.ResourceState;
+import com.cloud.resource.ResourceStateAdapter;
+import com.cloud.resource.ServerResource;
+import com.cloud.resource.UnableDeleteHostException;
+import com.cloud.user.Account;
+import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.NicProfile;
+import com.cloud.vm.ReservationContext;
+import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.VirtualMachine.Type;
+import com.cloud.vm.VirtualMachineProfile;
+
+@Local(value = NetworkElement.class)
+public class CiscoVnmcElement extends AdapterBase implements SourceNatServiceProvider, FirewallServiceProvider,
+    PortForwardingServiceProvider, IpDeployer, StaticNatServiceProvider, ResourceStateAdapter, NetworkElement,
+    CiscoVnmcElementService, CiscoAsa1000vService {
+    private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class);
+    private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
+
+    @Inject
+    AgentManager _agentMgr;
+    @Inject
+    ResourceManager _resourceMgr;
+    @Inject
+    ConfigurationManager _configMgr;
+    @Inject
+    NetworkManager _networkMgr;
+    @Inject
+    NetworkModel _networkModel;
+
+    @Inject
+    PhysicalNetworkDao _physicalNetworkDao;
+    @Inject
+    PhysicalNetworkServiceProviderDao _physicalNetworkServiceProviderDao;
+    @Inject 
+    HostDetailsDao _hostDetailsDao;
+    @Inject
+    HostDao _hostDao;
+    @Inject
+    NetworkDao _networkDao;
+    @Inject
+    ClusterDao _clusterDao;
+    @Inject
+    VlanDao _vlanDao;
+    @Inject
+    ClusterVSMMapDao _clusterVsmMapDao;
+    @Inject
+    CiscoNexusVSMDeviceDao _vsmDeviceDao;
+    @Inject
+    CiscoVnmcDao _ciscoVnmcDao;
+    @Inject
+    CiscoAsa1000vDao _ciscoAsa1000vDao;
+    @Inject
+    NetworkAsa1000vMapDao _networkAsa1000vMapDao;
+
+    protected boolean canHandle(Network network) {
+        if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) {
+            return false; //TODO: should handle VxLAN as well
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean configure(String name, Map<String, Object> params)
+            throws ConfigurationException {
+        super.configure(name, params);
+        _resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this);
+        return true;
+    }
+
+    private static Map<Service, Map<Capability, String>> setCapabilities() {
+        Map<Service, Map<Capability, String>> capabilities = new HashMap<Service, Map<Capability, String>>();
+        capabilities.put(Service.Gateway, null);
+
+        Map<Capability, String> firewallCapabilities = new HashMap<Capability, String>();
+        firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
+        firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress,egress");
+        firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
+        firewallCapabilities.put(Capability.SupportedEgressProtocols, "tcp,udp,icmp");
+        firewallCapabilities.put(Capability.MultipleIps, "true");
+        capabilities.put(Service.Firewall, firewallCapabilities);
+
+        capabilities.put(Service.StaticNat, null);
+        capabilities.put(Service.PortForwarding, null);
+
+        Map<Capability, String> sourceNatCapabilities = new HashMap<Capability, String>();
+        sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "peraccount");
+        sourceNatCapabilities.put(Capability.RedundantRouter, "false"); //TODO:
+        capabilities.put(Service.SourceNat, sourceNatCapabilities);
+        return capabilities;
+    }
+
+    @Override
+    public Map<Service, Map<Capability, String>> getCapabilities() {
+        return capabilities;
+    }
+
+    @Override
+    public Provider getProvider() {
+        return Provider.CiscoVnmc;
+    }
+
+    private boolean createLogicalEdgeFirewall(long vlanId,
+            String gateway, String gatewayNetmask,
+            String publicIp, String publicNetmask,
+            List<String> publicGateways, long hostId) {
+        CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, publicIp, gateway, publicNetmask, gatewayNetmask);
+        for (String publicGateway : publicGateways) {
+            cmd.getPublicGateways().add(publicGateway);
+        }
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    private boolean configureNexusVsmForAsa(long vlanId, String gateway,
+            String vsmUsername, String vsmPassword, String vsmIp,
+            String asaInPortProfile, long hostId) {
+        ConfigureNexusVsmForAsaCommand cmd = new ConfigureNexusVsmForAsaCommand(vlanId, gateway, vsmUsername, vsmPassword, vsmIp, asaInPortProfile);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    private boolean configureSourceNat(long vlanId, String guestCidr,
+            PublicIp sourceNatIp, long hostId) {
+        boolean add = (sourceNatIp.getState() == IpAddress.State.Releasing ? false : true);
+        IpAddressTO ip = new IpAddressTO(sourceNatIp.getAccountId(), sourceNatIp.getAddress().addr(), add, false,
+                sourceNatIp.isSourceNat(), sourceNatIp.getVlanTag(), sourceNatIp.getGateway(), sourceNatIp.getNetmask(), sourceNatIp.getMacAddress(),
+                null, sourceNatIp.isOneToOneNat());
+        boolean addSourceNat = false;
+        if (sourceNatIp.isSourceNat()) {
+            addSourceNat = add;
+        }
+
+        SetSourceNatCommand cmd = new SetSourceNatCommand(ip, addSourceNat);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, guestCidr);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    private boolean associateAsaWithLogicalEdgeFirewall(long vlanId,
+            String asaMgmtIp, long hostId) {
+        AssociateAsaWithLogicalEdgeFirewallCommand cmd = 
+                new AssociateAsaWithLogicalEdgeFirewallCommand(vlanId, asaMgmtIp);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    @Override
+    public boolean implement(Network network, NetworkOffering offering,
+            DeployDestination dest, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException,
+            InsufficientCapacityException {
+        DataCenter zone = _configMgr.getZone(network.getDataCenterId());
+
+        if (zone.getNetworkType() == NetworkType.Basic) {
+            s_logger.debug("Not handling network implement in zone of type " + NetworkType.Basic);
+            return false;
+        }
+
+        if (!canHandle(network)) {
+            return false;
+        }
+
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (asaList.isEmpty()) {
+            s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
+            return false;
+        }
+
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork != null) {
+            s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
+            return true;
+        }
+
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
+            s_logger.error("SourceNat service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        Transaction txn = Transaction.currentTxn();
+        boolean status = false;
+        try {
+            txn.start();
+
+            // ensure that there is an ASA 1000v assigned to this network
+            CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
+            if (assignedAsa == null) {
+                s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
+                return false;
+            }
+
+            ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
+            ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
+            if (clusterVsmMap == null) {
+                s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
+                return false;
+            }
+
+            CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
+            if (vsmDevice == null) {
+                s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
+                return false;
+            }
+
+            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+            _hostDao.loadDetails(ciscoVnmcHost);
+            Account owner = context.getAccount();
+            PublicIp sourceNatIp = _networkMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
+            String vlan = network.getBroadcastUri().getHost();
+            long vlanId = Long.parseLong(vlan);
+
+            List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
+            List<String> publicGateways = new ArrayList<String>();
+            for (VlanVO vlanVO : vlanVOList) {
+                publicGateways.add(vlanVO.getVlanGateway());
+            }
+
+            // create logical edge firewall in VNMC
+            String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
+            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
+                    sourceNatIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
+                s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
+                return false;
+            }
+
+            // create stuff in VSM for ASA device
+            if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
+                    vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
+                    assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
+                s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
+                        " for ASA device for network " + network.getName());
+                return false;
+            }
+
+            // configure source NAT
+            //if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
+            //    s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
+            //    return false;
+            //}
+
+            // associate Asa 1000v instance with logical edge firewall
+            if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
+                s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
+                        ") with logical edge firewall in VNMC for network " + network.getName());
+                return false;
+            }
+
+            status = true;
+            txn.commit();
+        } finally {
+            if (!status) {
+                txn.rollback();
+                //FIXME: also undo changes in VNMC, VSM if anything failed
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean prepare(Network network, NicProfile nic,
+            VirtualMachineProfile<? extends VirtualMachine> vm,
+            DeployDestination dest, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException,
+            InsufficientCapacityException {
+        if (vm.getType() != Type.User) {
+            return false;
+        }
+
+        // ensure that there is an ASA 1000v assigned to this network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean release(Network network, NicProfile nic,
+            VirtualMachineProfile<? extends VirtualMachine> vm,
+            ReservationContext context) throws ConcurrentOperationException,
+            ResourceUnavailableException {
+        return true;
+    }
+
+    private boolean cleanupLogicalEdgeFirewall(long vlanId, long hostId) {
+        CleanupLogicalEdgeFirewallCommand cmd = new CleanupLogicalEdgeFirewallCommand(vlanId);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    @Override
+    public boolean shutdown(Network network, ReservationContext context,
+            boolean cleanup) throws ConcurrentOperationException,
+            ResourceUnavailableException {
+
+        unassignAsa1000vFromNetwork(network);
+
+        String vlan = network.getBroadcastUri().getHost();
+        long vlanId = Long.parseLong(vlan);
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (!devices.isEmpty()) {
+            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+            cleanupLogicalEdgeFirewall(vlanId, ciscoVnmcHost.getId());
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean isReady(PhysicalNetworkServiceProvider provider) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean shutdownProviderInstances(
+            PhysicalNetworkServiceProvider provider, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canEnableIndividualServices() {
+        return true;
+    }
+
+    @Override
+    public boolean verifyServicesCombination(Set<Service> services) {
+        if (!services.contains(Service.Firewall)) {
+            s_logger.warn("CiscoVnmc must be used as Firewall Service Provider in the network");
+            return false;
+        }
+        return true;
+    }
+
+    @Override
+    public boolean destroy(Network network, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException {
+        return true;
+    }
+
+    @Override
+    public List<Class<?>> getCommands() {
+        List<Class<?>> cmdList = new ArrayList<Class<?>>();
+        cmdList.add(AddCiscoVnmcResourceCmd.class);
+        cmdList.add(DeleteCiscoVnmcResourceCmd.class);
+        cmdList.add(ListCiscoVnmcResourcesCmd.class);
+        cmdList.add(AddCiscoAsa1000vResourceCmd.class);
+        cmdList.add(DeleteCiscoAsa1000vResourceCmd.class);
+        cmdList.add(ListCiscoAsa1000vResourcesCmd.class);
+        return cmdList;
+    }
+
+    @Override
+    public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
+        String deviceName = Provider.CiscoVnmc.getName();
+        NetworkDevice networkDevice = NetworkDevice.getNetworkDevice(deviceName);
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        CiscoVnmcController ciscoVnmcResource = null;
+
+        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+        if (physicalNetwork == null) {
+            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
+        }
+        long zoneId = physicalNetwork.getDataCenterId();
+
+        PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(physicalNetwork.getId(), networkDevice.getNetworkServiceProvder());
+        if (ntwkSvcProvider == null) {
+            throw new CloudRuntimeException("Network Service Provider: " + networkDevice.getNetworkServiceProvder() +
+                    " is not enabled in the physical network: " + physicalNetworkId + "to add this device");
+        } else if (ntwkSvcProvider.getState() == PhysicalNetworkServiceProvider.State.Shutdown) {
+            throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() +
+                    " is in shutdown state in the physical network: " + physicalNetworkId + "to add this device");
+        }
+
+        if (_ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId).size() != 0) {
+            throw new CloudRuntimeException("A Cisco Vnmc device is already configured on this physical network");
+        }
+
+        Map<String, String> params = new HashMap<String,String>();
+        params.put("guid", UUID.randomUUID().toString());
+        params.put("zoneId", String.valueOf(physicalNetwork.getDataCenterId()));
+        params.put("physicalNetworkId", String.valueOf(physicalNetwork.getId()));
+        params.put("name", "Cisco VNMC Controller - " + cmd.getHost());
+        params.put("ip", cmd.getHost());
+        params.put("username", cmd.getUsername());
+        params.put("password", cmd.getPassword());
+        params.put("transportzoneisotype", physicalNetwork.getIsolationMethods().get(0).toLowerCase()); // FIXME What to do with multiple isolation types
+
+        Map<String, Object> hostdetails = new HashMap<String,Object>();
+        hostdetails.putAll(params);
+
+        ServerResource resource = new CiscoVnmcResource();
+        Transaction txn = Transaction.currentTxn();
+        try {
+            resource.configure(cmd.getHost(), hostdetails);
+
+            Host host = _resourceMgr.addHost(zoneId, resource, Host.Type.ExternalFirewall, params);
+            if (host != null) {
+                txn.start();
+
+                ciscoVnmcResource = new CiscoVnmcControllerVO(host.getId(), physicalNetworkId, ntwkSvcProvider.getProviderName(), deviceName);
+                _ciscoVnmcDao.persist((CiscoVnmcControllerVO)ciscoVnmcResource);
+                
+                DetailVO detail = new DetailVO(host.getId(), "deviceid", String.valueOf(ciscoVnmcResource.getId()));
+                _hostDetailsDao.persist(detail);
+
+                txn.commit();
+                return ciscoVnmcResource;
+            } else {
+                throw new CloudRuntimeException("Failed to add Cisco Vnmc device due to internal error.");
+            }
+        } catch (ConfigurationException e) {
+            txn.rollback();
+            throw new CloudRuntimeException(e.getMessage());
+        }
+    }
+
+    @Override
+    public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
+            CiscoVnmcController ciscoVnmcResourceVO) {
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcResourceVO.getHostId());
+
+        CiscoVnmcResourceResponse response = new CiscoVnmcResourceResponse();
+        response.setId(ciscoVnmcResourceVO.getUuid());
+        response.setPhysicalNetworkId(ciscoVnmcResourceVO.getPhysicalNetworkId());
+        response.setProviderName(ciscoVnmcResourceVO.getProviderName());
+        response.setResourceName(ciscoVnmcHost.getName());
+
+        return response;
+    }
+
+    @Override
+    public boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd) {
+        Long vnmcResourceId = cmd.getCiscoVnmcResourceId();
+        CiscoVnmcControllerVO vnmcResource = _ciscoVnmcDao.findById(vnmcResourceId);
+        if (vnmcResource == null) {
+            throw new InvalidParameterValueException(
+                    "Could not find a Cisco VNMC appliance with id " + vnmcResourceId);
+        }
+
+        // Check if there any ASA 1000v appliances
+        Long physicalNetworkId = vnmcResource.getPhysicalNetworkId();
+        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+        if (physicalNetwork != null) {
+            List<CiscoAsa1000vDeviceVO> responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
+            if (responseList.size() > 0) {
+                throw new CloudRuntimeException(
+                        "Cisco VNMC appliance with id " + vnmcResourceId +
+                        " cannot be deleted as there Cisco ASA 1000v appliances using it");
+            }
+        }
+
+        HostVO vnmcHost = _hostDao.findById(vnmcResource.getHostId());
+        Long hostId = vnmcHost.getId();
+        vnmcHost.setResourceState(ResourceState.Maintenance);
+        _hostDao.update(hostId, vnmcHost);
+        _resourceMgr.deleteHost(hostId, false, false);
+        _ciscoVnmcDao.remove(vnmcResourceId);
+
+        return true;
+    }
+
+    @Override
+    public List<CiscoVnmcControllerVO> listCiscoVnmcResources(
+            ListCiscoVnmcResourcesCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        Long ciscoVnmcResourceId = cmd.getCiscoVnmcResourceId();
+        List<CiscoVnmcControllerVO> responseList = new ArrayList<CiscoVnmcControllerVO>();
+
+        if (physicalNetworkId == null && ciscoVnmcResourceId == null) {
+            throw new InvalidParameterValueException("Either physical network Id or vnmc device Id must be specified");
+        }
+
+        if (ciscoVnmcResourceId != null) {
+            CiscoVnmcControllerVO ciscoVnmcResource = _ciscoVnmcDao.findById(ciscoVnmcResourceId);
+            if (ciscoVnmcResource == null) {
+                throw new InvalidParameterValueException("Could not find Cisco Vnmc device with id: " + ciscoVnmcResource);
+            }
+            responseList.add(ciscoVnmcResource);
+        }
+        else {
+            PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+            if (physicalNetwork == null) {
+                throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+            }
+            responseList = _ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId);
+        }
+
+        return responseList;
+    }
+
+    @Override
+    public IpDeployer getIpDeployer(Network network) {
+        return this;
+    }
+
+    @Override
+    public boolean applyFWRules(Network network,
+            List<? extends FirewallRule> rules)
+            throws ResourceUnavailableException {
+
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)) {
+            s_logger.error("Firewall service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        // Find VNMC host for physical network
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return true;
+        }
+
+        // Find if ASA 1000v is associated with network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
+            return true;
+        }
+
+        if (network.getState() == Network.State.Allocated) {
+            s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
+            return true;
+        }
+
+        CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+
+        List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
+        for (FirewallRule rule : rules) {
+            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+            FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getPurpose(), rule.getTrafficType());
+            rulesTO.add(ruleTO);
+        }
+
+        if (!rulesTO.isEmpty()) {
+            SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
+            cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
+            cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
+            Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
+            if (answer == null || !answer.getResult()) {
+                String details = (answer != null) ? answer.getDetails() : "details unavailable";
+                String msg = "Unable to apply firewall rules to Cisco ASA 1000v appliance due to: " + details + ".";
+                s_logger.error(msg);
+                throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
+            throws ResourceUnavailableException {
+
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)) {
+            s_logger.error("Port forwarding service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        // Find VNMC host for physical network
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return true;
+        }
+
+        // Find if ASA 1000v is associated with network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
+            return true;
+        }
+
+        if (network.getState() == Network.State.Allocated) {
+            s_logger.debug("External firewall was asked to apply port forwarding rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
+            return true;
+        }
+
+        CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+
+        List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
+        for (PortForwardingRule rule : rules) {
+            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+            Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
+            PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
+            rulesTO.add(ruleTO);
+        }
+
+        if (!rulesTO.isEmpty()) {
+            SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rulesTO);
+            cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
+            cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
+            Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
+            if (answer == null || !answer.getResult()) {
+                String details = (answer != null) ? answer.getDetails() : "details unavailable";
+                String msg = "Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: " + details + ".";
+                s_logger.error(msg);
+                throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean applyStaticNats(Network network,
+            List<? extends StaticNat> rules)
+            throws ResourceUnavailableException {
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, Provider.CiscoVnmc)) {
+            s_logger.error("Static NAT service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        // Find VNMC host for physical network
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return true;
+        }
+
+        // Find if ASA 1000v is associated with network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
+            return true;
+        }
+
+        if (network.getState() == Network.State.Allocated) {
+            s_logger.debug("External firewall was asked to apply static NAT rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
+            return true;
+        }
+
+        CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+
+        List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
+        for (StaticNat rule : rules) {
+            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+            StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, 
+                    null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
+            rulesTO.add(ruleTO);
+        }
+
+        if (!rulesTO.isEmpty()) {
+            SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
+            cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
+            cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
+            Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
+            if (answer == null || !answer.getResult()) {
+                String details = (answer != null) ? answer.getDetails() : "details unavailable";
+                String msg = "Unable to apply static NAT rules to Cisco ASA 1000v appliance due to: " + details + ".";
+                s_logger.error(msg);
+                throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean applyIps(Network network,
+            List<? extends PublicIpAddress> ipAddress, Set<Service> services)
+            throws ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public HostVO createHostVOForConnectedAgent(HostVO host,
+            StartupCommand[] cmd) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public HostVO createHostVOForDirectConnectAgent(HostVO host,
+            StartupCommand[] startup, ServerResource resource,
+            Map<String, String> details, List<String> hostTags) {
+        if (!(startup[0] instanceof StartupExternalFirewallCommand)) {
+            return null;
+        }
+        host.setType(Host.Type.ExternalFirewall);
+        return host;
+    }
+
+    @Override
+    public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
+            boolean isForceDeleteStorage) throws UnableDeleteHostException {
+        if (host.getType() != com.cloud.host.Host.Type.ExternalFirewall) {
+            return null;
+        }
+        return new DeleteHostAnswer(true);
+    }
+
+    @Override
+    public CiscoAsa1000vDevice addCiscoAsa1000vResource(
+            AddCiscoAsa1000vResourceCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        CiscoAsa1000vDevice ciscoAsa1000vResource = null;
+
+        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+        if (physicalNetwork == null) {
+            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
+        }
+
+        ciscoAsa1000vResource = new CiscoAsa1000vDeviceVO(physicalNetworkId, cmd.getManagementIp(), cmd.getInPortProfile(), cmd.getClusterId());
+        _ciscoAsa1000vDao.persist((CiscoAsa1000vDeviceVO)ciscoAsa1000vResource);
+
+        return ciscoAsa1000vResource;
+    }
+
+    @Override
+    public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
+            CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
+        CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
+        response.setId(ciscoAsa1000vDeviceVO.getUuid());
+        response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
+        response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());
+
+        NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(ciscoAsa1000vDeviceVO.getId());
+        if (networkAsaMap != null) {
+            response.setGuestNetworkId(networkAsaMap.getNetworkId());
+        }
+
+        return response;
+    }
+
+    @Override
+    public boolean deleteCiscoAsa1000vResource(
+            DeleteCiscoAsa1000vResourceCmd cmd) {
+        Long asaResourceId = cmd.getCiscoAsa1000vResourceId();
+        CiscoAsa1000vDeviceVO asaResource = _ciscoAsa1000vDao.findById(asaResourceId);
+        if (asaResource == null) {
+            throw new InvalidParameterValueException(
+                    "Could not find a Cisco ASA 1000v appliance with id " + asaResourceId);
+        }
+
+        NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(asaResource.getId());
+        if (networkAsaMap != null) {
+            throw new CloudRuntimeException(
+                    "Cisco ASA 1000v appliance with id " + asaResourceId +
+                    " cannot be deleted as it is associated with guest network");
+        }
+
+        _ciscoAsa1000vDao.remove(asaResourceId);
+
+        return true;
+    }
+
+    @Override
+    public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(
+            ListCiscoAsa1000vResourcesCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId();
+        List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>();
+
+        if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) {
+            throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified");
+        }
+
+        if (ciscoAsa1000vResourceId != null) {
+            CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId);
+            if (ciscoAsa1000vResource == null) {
+                throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId);
+            }
+            responseList.add(ciscoAsa1000vResource);
+        } else {
+            PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+            if (physicalNetwork == null) {
+                throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+            }
+            responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
+        }
+
+        return responseList;
+    }
+
+    @Override
+    public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
+        List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        for (CiscoAsa1000vDeviceVO asa : asaList) {
+            NetworkAsa1000vMapVO assignedToNetwork = _networkAsa1000vMapDao.findByAsa1000vId(asa.getId());
+            if (assignedToNetwork == null) {
+                NetworkAsa1000vMapVO networkAsaMap = new NetworkAsa1000vMapVO(network.getId(), asa.getId());
+                _networkAsa1000vMapDao.persist(networkAsaMap);
+                return asa;
+            }
+        }
+        return null;
+    }
+
+    private void unassignAsa1000vFromNetwork(Network network) {
+        NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (networkAsaMap != null) {
+            _networkAsa1000vMapDao.remove(networkAsaMap.getId());
+        }
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java
new file mode 100644
index 00000000000..e8eb473154a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java
@@ -0,0 +1,42 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.element;
+
+import java.util.List;
+
+import com.cloud.api.commands.AddCiscoVnmcResourceCmd;
+import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd;
+import com.cloud.api.commands.ListCiscoVnmcResourcesCmd;
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.utils.component.PluggableService;
+
+public interface CiscoVnmcElementService extends PluggableService {
+
+    //public static final Provider CiscoVnmc = new Provider("CiscoVnmc", true);
+
+    public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd);
+
+    public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
+            CiscoVnmcController CiscoVnmcResourceVO);
+
+    boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd);
+
+    List<CiscoVnmcControllerVO> listCiscoVnmcResources(ListCiscoVnmcResourcesCmd cmd);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
new file mode 100644
index 00000000000..91559782304
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -0,0 +1,780 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the 
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.resource;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import com.cloud.agent.IAgentControl;
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.Command;
+import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.ExternalNetworkResourceUsageAnswer;
+import com.cloud.agent.api.ExternalNetworkResourceUsageCommand;
+import com.cloud.agent.api.MaintainAnswer;
+import com.cloud.agent.api.MaintainCommand;
+import com.cloud.agent.api.PingCommand;
+import com.cloud.agent.api.ReadyAnswer;
+import com.cloud.agent.api.ReadyCommand;
+import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupExternalFirewallCommand;
+import com.cloud.agent.api.routing.IpAssocAnswer;
+import com.cloud.agent.api.routing.IpAssocCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
+import com.cloud.agent.api.to.PortForwardingRuleTO;
+import com.cloud.agent.api.to.StaticNatRuleTO;
+import com.cloud.host.Host;
+import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
+import com.cloud.network.rules.FirewallRule.TrafficType;
+import com.cloud.resource.ServerResource;
+import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.Pair;
+import com.cloud.utils.cisco.n1kv.vsm.NetconfHelper;
+import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.OperationType;
+import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.SwitchPortMode;
+import com.cloud.utils.exception.ExecutionException;
+import com.cloud.utils.net.NetUtils;
+
+public class CiscoVnmcResource implements ServerResource {
+
+    private String _name;
+    private String _zoneId;
+    private String _physicalNetworkId;
+    private String _ip;
+    private String _username;
+    private String _password;
+    private String _guid;
+    private Integer _numRetries;
+
+    private CiscoVnmcConnectionImpl _connection;
+
+    public void setConnection(CiscoVnmcConnectionImpl connection) {
+        this._connection = connection;
+    }
+
+    private final Logger s_logger = Logger.getLogger(CiscoVnmcResource.class);
+
+    public Answer executeRequest(Command cmd) {
+        if (cmd instanceof ReadyCommand) {
+            return execute((ReadyCommand) cmd);
+        } else if (cmd instanceof MaintainCommand) {
+            return execute((MaintainCommand) cmd);
+        } else if (cmd instanceof IpAssocCommand) {
+            return execute((IpAssocCommand) cmd);
+        } else if (cmd instanceof SetSourceNatCommand) {
+            return execute((SetSourceNatCommand) cmd);
+        } else if (cmd instanceof SetFirewallRulesCommand) {
+            return execute((SetFirewallRulesCommand) cmd);
+        } else if (cmd instanceof SetStaticNatRulesCommand) {
+            return execute((SetStaticNatRulesCommand) cmd);
+        } else if (cmd instanceof SetPortForwardingRulesCommand) {
+            return execute((SetPortForwardingRulesCommand) cmd);
+        } else if (cmd instanceof ExternalNetworkResourceUsageCommand) {
+            return execute((ExternalNetworkResourceUsageCommand) cmd);
+        } else if (cmd instanceof CreateLogicalEdgeFirewallCommand) {
+            return execute((CreateLogicalEdgeFirewallCommand)cmd);
+        } else if (cmd instanceof CleanupLogicalEdgeFirewallCommand) {
+            return execute((CleanupLogicalEdgeFirewallCommand)cmd);
+        } else if (cmd instanceof ConfigureNexusVsmForAsaCommand) {
+            return execute((ConfigureNexusVsmForAsaCommand)cmd);
+        } else if (cmd instanceof AssociateAsaWithLogicalEdgeFirewallCommand) {
+            return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd);
+        } else {
+            return Answer.createUnsupportedCommandAnswer(cmd);
+        }
+    }
+
+    public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+        try {
+            _name = (String) params.get("name");
+            if (_name == null) {
+                throw new ConfigurationException("Unable to find name");
+            }
+
+            _zoneId = (String) params.get("zoneId");
+            if (_zoneId == null) {
+                throw new ConfigurationException("Unable to find zone");
+            }
+
+            _physicalNetworkId = (String) params.get("physicalNetworkId");
+            if (_physicalNetworkId == null) {
+                throw new ConfigurationException("Unable to find physical network id in the configuration parameters");
+            }
+
+            _ip = (String) params.get("ip");
+            if (_ip == null) {
+                throw new ConfigurationException("Unable to find IP");
+            }
+
+            _username = (String) params.get("username");
+            if (_username == null) {
+                throw new ConfigurationException("Unable to find username");
+            }
+
+            _password = (String) params.get("password");
+            if (_password == null) {
+                throw new ConfigurationException("Unable to find password");
+            }
+
+            _guid = (String)params.get("guid");
+            if (_guid == null) {
+                throw new ConfigurationException("Unable to find the guid");
+            }
+
+            _numRetries = NumbersUtil.parseInt((String) params.get("numretries"), 1);
+
+            NumbersUtil.parseInt((String) params.get("timeout"), 300);
+
+            // Open a socket and login
+            _connection = new CiscoVnmcConnectionImpl(_ip, _username, _password);
+            //if (!refreshVnmcConnection()) {
+            //    throw new ConfigurationException("Unable to open a connection to the VNMC.");
+            //}
+
+            return true;
+        } catch (Exception e) {
+            throw new ConfigurationException(e.getMessage());
+        }
+
+    }
+
+    public StartupCommand[] initialize() {
+        StartupExternalFirewallCommand cmd = new StartupExternalFirewallCommand();
+        cmd.setName(_name);
+        cmd.setDataCenter(_zoneId);
+        cmd.setPod("");
+        cmd.setPrivateIpAddress(_ip);
+        cmd.setStorageIpAddress("");
+        cmd.setVersion("");
+        cmd.setGuid(_guid);
+        return new StartupCommand[] { cmd };
+    }
+
+    public Host.Type getType() {
+        return Host.Type.ExternalFirewall;
+    }
+
+    @Override
+    public String getName() {
+        return _name;
+    }
+
+    @Override
+    public boolean start() {
+        return true;
+    }
+
+    @Override
+    public boolean stop() {
+        return true;
+    }
+
+    @Override
+    public PingCommand getCurrentStatus(final long id) {
+        if (!refreshVnmcConnection()) {
+            return null;
+        }
+        return new PingCommand(Host.Type.ExternalFirewall, id);
+    }
+
+    @Override
+    public void disconnected() {
+    }
+
+    public IAgentControl getAgentControl() {
+        return null;
+    }
+
+    public void setAgentControl(IAgentControl agentControl) {
+        return;
+    }
+
+    private Answer execute(ReadyCommand cmd) {
+        return new ReadyAnswer(cmd);
+    }
+
+    private Answer execute(MaintainCommand cmd) {
+        return new MaintainAnswer(cmd);
+    }
+
+    private ExternalNetworkResourceUsageAnswer execute(ExternalNetworkResourceUsageCommand cmd) {
+        return new ExternalNetworkResourceUsageAnswer(cmd);
+    }
+
+    /*
+     * Login
+     */
+    private boolean refreshVnmcConnection() {
+        boolean ret = false;
+        try {
+            ret = _connection.login();
+        } catch (ExecutionException ex) {
+            s_logger.error("Login to Vnmc failed", ex);
+        }
+        return ret;
+    }
+
+    private synchronized Answer execute(IpAssocCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(IpAssocCommand cmd, int numRetries) {
+        String[] results = new String[cmd.getIpAddresses().length];
+        return new IpAssocAnswer(cmd, results);
+    }
+
+    private String[] getIpRangeFromCidr(String cidr) {
+        String[] result = new String[2];
+        String[] cidrData = cidr.split("\\/");
+        assert (cidrData.length == 2) : "Something is wrong with source cidr " + cidr;
+        long size = Long.valueOf(cidrData[1]);
+        result[0] = cidrData[0];
+        result[1] = cidrData[0];
+        if (size < 32) {
+            result[0] = NetUtils.getIpRangeStartIpFromCidr(cidrData[0], size);
+            result[1] = NetUtils.getIpRangeEndIpFromCidr(cidrData[0], size);
+        }
+        return result;
+    }
+
+    /*
+     * Source NAT
+     */
+    private synchronized Answer execute(SetSourceNatCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetSourceNatCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+        String policyIdentifier = cmd.getIpAddress().getPublicIp().replace('.', '-');
+        try {
+            if (!_connection.createTenantVDCNatPolicySet(tenant)) {
+                throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCSourceNatPolicy(tenant, policyIdentifier)) {
+                throw new Exception("Failed to create source NAT policy in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCSourceNatPolicyRef(tenant, policyIdentifier)) {
+                throw new Exception("Failed to associate source NAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCSourceNatIpPool(tenant, policyIdentifier, cmd.getIpAddress().getPublicIp())) {
+                throw new Exception("Failed to create source NAT ip pool in VNMC for guest network with vlan " + vlanId);
+            }
+
+            String[] ipRange = getIpRangeFromCidr(cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR));
+            if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, ipRange[0], ipRange[1])) {
+                throw new Exception("Failed to create source NAT rule in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.associateNatPolicySet(tenant)) {
+                throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Firewall rule
+     */
+    private synchronized Answer execute(SetFirewallRulesCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+
+        FirewallRuleTO[] rules = cmd.getRules();
+        Map<String, List<FirewallRuleTO>> publicIpRulesMap = new HashMap<String, List<FirewallRuleTO>>();
+        for (FirewallRuleTO rule : rules) {
+            String publicIp = rule.getSrcIp();
+            if (!publicIpRulesMap.containsKey(publicIp)) {
+                List<FirewallRuleTO> publicIpRulesList = new ArrayList<FirewallRuleTO>();
+                publicIpRulesMap.put(publicIp, publicIpRulesList);
+            }
+            publicIpRulesMap.get(publicIp).add(rule);
+        }
+
+        try {
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+            if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
+                throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            for (String publicIp : publicIpRulesMap.keySet()) {
+                String policyIdentifier = publicIp.replace('.', '-');
+
+                if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
+                    throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
+                    throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
+                    if (rule.revoked()) {
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL rule in VNMC for guest network with vlan " + vlanId);
+                        }
+                    } else {
+                        String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
+                        if (rule.getTrafficType() == TrafficType.Ingress) {
+                            if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+                                if (!_connection.createTenantVDCIngressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
+                                    throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            } else {
+                                if (!_connection.createTenantVDCIngressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], publicIp)) {
+                                    throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            }
+                        } else {
+                            if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+                                if (!_connection.createTenantVDCEgressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(),
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
+                                        externalIpRange[0], externalIpRange[1])) {
+                                    throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            } else {
+                                if (!_connection.createTenantVDCEgressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), publicIp, externalIpRange[0], externalIpRange[1])) {
+                                    throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            if (!_connection.associateAclPolicySet(tenant)) {
+                throw new Exception("Failed to associate ACL policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetFirewallRulesCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Static NAT
+     */
+    private synchronized Answer execute(SetStaticNatRulesCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+
+        StaticNatRuleTO[] rules = cmd.getRules();
+        Map<String, List<StaticNatRuleTO>> publicIpRulesMap = new HashMap<String, List<StaticNatRuleTO>>();
+        for (StaticNatRuleTO rule : rules) {
+            String publicIp = rule.getSrcIp();
+            if (!publicIpRulesMap.containsKey(publicIp)) {
+                List<StaticNatRuleTO> publicIpRulesList = new ArrayList<StaticNatRuleTO>();
+                publicIpRulesMap.put(publicIp, publicIpRulesList);
+            }
+            publicIpRulesMap.get(publicIp).add(rule);
+        }
+
+        try {
+            if (!_connection.createTenantVDCNatPolicySet(tenant)) {
+                throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
+                throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            for (String publicIp : publicIpRulesMap.keySet()) {
+                String policyIdentifier = publicIp.replace('.', '-');
+
+                if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCDNatPolicyRef(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
+                    throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
+                    throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
+                    if (rule.revoked()) {
+                        if (!_connection.deleteTenantVDCDNatRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete DNAT rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL ingress rule for DNAT in VNMC for guest network with vlan " + vlanId);
+                        }
+                    } else {
+                        if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
+                            throw new Exception("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCDNatRule(tenant,
+                                Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) {
+                            throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCAclRuleForDNat(tenant,
+                                Long.toString(rule.getId()), policyIdentifier, rule.getDstIp())) {
+                            throw new Exception("Failed to create ACL rule for DNAT in VNMC for guest network with vlan " + vlanId);
+                        }
+                    }
+                }
+            }
+
+            if (!_connection.associateAclPolicySet(tenant)) {
+                throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Destination NAT
+     */
+    private synchronized Answer execute(SetPortForwardingRulesCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetPortForwardingRulesCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+
+        PortForwardingRuleTO[] rules = cmd.getRules();
+        Map<String, List<PortForwardingRuleTO>> publicIpRulesMap = new HashMap<String, List<PortForwardingRuleTO>>();
+        for (PortForwardingRuleTO rule : rules) {
+            String publicIp = rule.getSrcIp();
+            if (!publicIpRulesMap.containsKey(publicIp)) {
+                List<PortForwardingRuleTO> publicIpRulesList = new ArrayList<PortForwardingRuleTO>();
+                publicIpRulesMap.put(publicIp, publicIpRulesList);
+            }
+            publicIpRulesMap.get(publicIp).add(rule);
+        }
+
+        try {
+            if (!_connection.createTenantVDCNatPolicySet(tenant)) {
+                throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
+                throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            for (String publicIp : publicIpRulesMap.keySet()) {
+                String policyIdentifier = publicIp.replace('.', '-');
+
+                if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create PF policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCPFPolicyRef(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
+                    throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
+                    throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
+                    if (rule.revoked()) {
+                        if (!_connection.deleteTenantVDCPFRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete PF rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL ingress rule for PF in VNMC for guest network with vlan " + vlanId);
+                        }
+                    } else {
+                        if (!_connection.createTenantVDCPFIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
+                            throw new Exception("Failed to create PF ip pool in VNMC for guest network with vlan " + vlanId);
+                        }
+                        if (!_connection.createTenantVDCPFPortPool(tenant, policyIdentifier + "-" + rule.getId(),
+                                Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
+                            throw new Exception("Failed to create PF port pool in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCPFRule(tenant,
+                                Long.toString(rule.getId()), policyIdentifier,
+                                rule.getProtocol().toUpperCase(), rule.getSrcIp(),
+                                Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
+                            throw new Exception("Failed to create PF rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCAclRuleForPF(tenant,
+                                Long.toString(rule.getId()), policyIdentifier,
+                                rule.getProtocol().toUpperCase(), rule.getDstIp(),
+                                Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
+                            throw new Exception("Failed to create ACL rule for PF in VNMC for guest network with vlan " + vlanId);
+                        }
+                    }
+                }
+            }
+
+            if (!_connection.associateAclPolicySet(tenant)) {
+                throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Logical edge firewall
+     */
+    private synchronized Answer execute(CreateLogicalEdgeFirewallCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long vlanId) throws Exception {
+        // create edge device profile
+        if (!_connection.createTenantVDCEdgeDeviceProfile(tenant))
+            throw new Exception("Failed to create tenant edge device profile in VNMC for guest network with vlan " + vlanId);
+
+        // create edge static route policy
+        if (!_connection.createTenantVDCEdgeStaticRoutePolicy(tenant))
+            throw new Exception("Failed to create tenant edge static route policy in VNMC for guest network with vlan " + vlanId);
+
+        // create edge static route for all gateways
+        for (String gateway : gateways) {
+            if (!_connection.createTenantVDCEdgeStaticRoute(tenant, gateway, "0.0.0.0", "0.0.0.0"))
+                throw new Exception("Failed to create tenant edge static route in VNMC for guest network with vlan " + vlanId);
+        }
+
+        // associate edge 
+        if (!_connection.associateTenantVDCEdgeStaticRoutePolicy(tenant))
+            throw new Exception("Failed to associate edge static route policy with edge device profile in VNMC for guest network with vlan " + vlanId);
+    }
+
+    private Answer execute(CreateLogicalEdgeFirewallCommand cmd, int numRetries) {
+        String tenant = "vlan-" + cmd.getVlanId();
+        try {
+            // create tenant
+            if (!_connection.createTenant(tenant))
+                throw new Exception("Failed to create tenant in VNMC for guest network with vlan " + cmd.getVlanId());
+
+            // create tenant VDC
+            if (!_connection.createTenantVDC(tenant))
+                throw new Exception("Failed to create tenant VDC in VNMC for guest network with vlan " + cmd.getVlanId());
+
+            // create edge security profile
+            if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
+                throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());
+
+            // create edge device profile and associated route
+            createEdgeDeviceProfile(tenant, cmd.getPublicGateways(), cmd.getVlanId());
+
+            // create logical edge firewall
+            if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(), cmd.getPublicSubnet(), cmd.getInternalSubnet()))
+                throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
+        } catch (Throwable e) {
+            String msg = "CreateLogicalEdgeFirewallCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Create vservice node and update inside port profile for ASA appliance in VSM
+     */
+    private synchronized Answer execute(ConfigureNexusVsmForAsaCommand cmd) {
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(ConfigureNexusVsmForAsaCommand cmd, int numRetries) {
+        String vlanId = Long.toString(cmd.getVlanId());
+        NetconfHelper helper = null;
+        List<Pair<OperationType, String>> params = new ArrayList<Pair<OperationType, String>>();
+        params.add(new Pair<OperationType, String>(OperationType.addvlanid, vlanId));
+        try {
+            helper = new NetconfHelper(cmd.getVsmIp(), cmd.getVsmUsername(), cmd.getVsmPassword());
+            s_logger.debug("Connected to Cisco VSM " + cmd.getVsmIp());
+            helper.addVServiceNode(vlanId, cmd.getIpAddress());
+            s_logger.debug("Created vservice node for ASA appliance in Cisco VSM for vlan " + vlanId);
+            helper.updatePortProfile(cmd.getAsaInPortProfile(), SwitchPortMode.access, params);
+            s_logger.debug("Updated inside port profile for ASA appliance in Cisco VSM with new vlan " + vlanId);
+        } catch (Throwable e) {
+            String msg = "ConfigureVSMForASACommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        } finally {
+            helper.disconnect();
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Associates ASA 1000v with logical edge firewall in VNMC
+     */
+    private synchronized Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd) {
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd, int numRetries) {
+        String tenant = "vlan-" + cmd.getVlanId();
+        try {
+            Map<String, String> availableAsaAppliances = _connection.listUnAssocAsa1000v();
+            if (availableAsaAppliances.isEmpty()) {
+                throw new Exception("No ASA 1000v available to associate with logical edge firewall for guest vlan " + cmd.getVlanId());
+            }
+
+            String asaInstanceDn = availableAsaAppliances.get(cmd.getAsaMgmtIp());
+            if (asaInstanceDn == null) {
+                throw new Exception("Requested ASA 1000v (" + cmd.getAsaMgmtIp() + ") is not available");
+            }
+
+            if (!_connection.assignAsa1000v(tenant, asaInstanceDn)) {
+                throw new Exception("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp() + ") with logical edge firewall for guest vlan " + cmd.getVlanId());
+            }
+        } catch (Throwable e) {
+            String msg = "AssociateAsaWithLogicalEdgeFirewallCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Cleanup
+     */
+    private synchronized Answer execute(CleanupLogicalEdgeFirewallCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(CleanupLogicalEdgeFirewallCommand cmd, int numRetries) {
+        String tenant = "vlan-" + cmd.getVlanId();
+        try {
+            _connection.deleteTenant(tenant);
+        } catch (Throwable e) {
+            String msg = "CleanupLogicalEdgeFirewallCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    @Override
+    public void setName(String name) {
+        // TODO Auto-generated method stub
+    }
+
+    @Override
+    public void setConfigParams(Map<String, Object> params) {
+        // TODO Auto-generated method stub
+    }
+
+    @Override
+    public Map<String, Object> getConfigParams() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public int getRunLevel() {
+        // TODO Auto-generated method stub
+        return 0;
+    }
+
+    @Override
+    public void setRunLevel(int level) {
+        // TODO Auto-generated method stub
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
new file mode 100644
index 00000000000..52f0ea66f50
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
@@ -0,0 +1,232 @@
+/*
+ * $HeadURL$
+ * $Revision$
+ * $Date$
+ * 
+ * ====================================================================
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.UnknownHostException;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.HttpClientError;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * <p>
+ * EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s 
+ * that accept self-signed certificates. 
+ * </p>
+ * <p>
+ * This socket factory SHOULD NOT be used for productive systems 
+ * due to security reasons, unless it is a concious decision and 
+ * you are perfectly aware of security implications of accepting 
+ * self-signed certificates
+ * </p>
+ *
+ * <p>
+ * Example of using custom protocol socket factory for a specific host:
+ *     <pre>
+ *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ *
+ *     URI uri = new URI("https://localhost/", true);
+ *     // use relative url only
+ *     GetMethod httpget = new GetMethod(uri.getPathQuery());
+ *     HostConfiguration hc = new HostConfiguration();
+ *     hc.setHost(uri.getHost(), uri.getPort(), easyhttps);
+ *     HttpClient client = new HttpClient();
+ *     client.executeMethod(hc, httpget);
+ *     </pre>
+ * </p>
+ * <p>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ *     <pre>
+ *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ *     Protocol.registerProtocol("https", easyhttps);
+ *
+ *     HttpClient client = new HttpClient();
+ *     GetMethod httpget = new GetMethod("https://localhost/");
+ *     client.executeMethod(httpget);
+ *     </pre>
+ * </p>
+ * 
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ * 
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+    /** Log object for this class. */
+    private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);
+
+    private SSLContext sslcontext = null;
+
+    /**
+     * Constructor for EasySSLProtocolSocketFactory.
+     */
+    public EasySSLProtocolSocketFactory() {
+        super();
+    }
+
+    private static SSLContext createEasySSLContext() {
+        try {
+            SSLContext context = SSLContext.getInstance("SSL");
+            context.init(
+              null, 
+              new TrustManager[] {new EasyX509TrustManager(null)}, 
+              null);
+            return context;
+        } catch (Exception e) {
+            LOG.error(e.getMessage(), e);
+            throw new HttpClientError(e.toString());
+        }
+    }
+
+    private SSLContext getSSLContext() {
+        if (this.sslcontext == null) {
+            this.sslcontext = createEasySSLContext();
+        }
+        return this.sslcontext;
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+     */
+    public Socket createSocket(
+        String host,
+        int port,
+        InetAddress clientHost,
+        int clientPort)
+        throws IOException, UnknownHostException {
+
+        return getSSLContext().getSocketFactory().createSocket(
+            host,
+            port,
+            clientHost,
+            clientPort
+        );
+    }
+
+    /**
+     * Attempts to get a new socket connection to the given host within the given time limit.
+     * <p>
+     * To circumvent the limitations of older JREs that do not support connect timeout a 
+     * controller thread is executed. The controller thread attempts to create a new socket 
+     * within the given limit of time. If socket constructor does not return until the 
+     * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
+     * </p>
+     *  
+     * @param host the host name/IP
+     * @param port the port on the host
+     * @param clientHost the local host name/IP to bind the socket to
+     * @param clientPort the port on the local machine
+     * @param params {@link HttpConnectionParams Http connection parameters}
+     * 
+     * @return Socket a new socket
+     * 
+     * @throws IOException if an I/O error occurs while creating the socket
+     * @throws UnknownHostException if the IP address of the host cannot be
+     * determined
+     */
+    public Socket createSocket(
+        final String host,
+        final int port,
+        final InetAddress localAddress,
+        final int localPort,
+        final HttpConnectionParams params
+    ) throws IOException, UnknownHostException, ConnectTimeoutException {
+        if (params == null) {
+            throw new IllegalArgumentException("Parameters may not be null");
+        }
+        int timeout = params.getConnectionTimeout();
+        SocketFactory socketfactory = getSSLContext().getSocketFactory();
+        if (timeout == 0) {
+            return socketfactory.createSocket(host, port, localAddress, localPort);
+        } else {
+            Socket socket = socketfactory.createSocket();
+            SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
+            SocketAddress remoteaddr = new InetSocketAddress(host, port);
+            socket.bind(localaddr);
+            socket.connect(remoteaddr, timeout);
+            return socket;
+        }
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+     */
+    public Socket createSocket(String host, int port)
+        throws IOException, UnknownHostException {
+        return getSSLContext().getSocketFactory().createSocket(
+            host,
+            port
+        );
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+     */
+    public Socket createSocket(
+        Socket socket,
+        String host,
+        int port,
+        boolean autoClose)
+        throws IOException, UnknownHostException {
+        return getSSLContext().getSocketFactory().createSocket(
+            socket,
+            host,
+            port,
+            autoClose
+        );
+    }
+
+    public boolean equals(Object obj) {
+        return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
+    }
+
+    public int hashCode() {
+        return EasySSLProtocolSocketFactory.class.hashCode();
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java
new file mode 100644
index 00000000000..ae9f9380b31
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java
@@ -0,0 +1,114 @@
+/*
+ * ====================================================================
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import org.apache.commons.logging.Log; 
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * <p>
+ * EasyX509TrustManager unlike default {@link X509TrustManager} accepts 
+ * self-signed certificates. 
+ * </p>
+ * <p>
+ * This trust manager SHOULD NOT be used for productive systems 
+ * due to security reasons, unless it is a concious decision and 
+ * you are perfectly aware of security implications of accepting 
+ * self-signed certificates
+ * </p>
+ * 
+ * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
+ * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
+ * 
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class EasyX509TrustManager implements X509TrustManager
+{
+    private X509TrustManager standardTrustManager = null;
+
+    /** Log object for this class. */
+    private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);
+
+    /**
+     * Constructor for EasyX509TrustManager.
+     */
+    public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
+        super();
+        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        factory.init(keystore);
+        TrustManager[] trustmanagers = factory.getTrustManagers();
+        if (trustmanagers.length == 0) {
+            throw new NoSuchAlgorithmException("no trust manager found");
+        }
+        this.standardTrustManager = (X509TrustManager)trustmanagers[0];
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
+     */
+    public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
+        standardTrustManager.checkClientTrusted(certificates,authType);
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
+     */
+    public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
+        if ((certificates != null) && LOG.isDebugEnabled()) {
+            LOG.debug("Server certificate chain:");
+            for (int i = 0; i < certificates.length; i++) {
+                LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
+            }
+        }
+        if ((certificates != null) && (certificates.length == 1)) {
+            certificates[0].checkValidity();
+        } else {
+            standardTrustManager.checkServerTrusted(certificates,authType);
+        }
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
+     */
+    public X509Certificate[] getAcceptedIssuers() {
+        return this.standardTrustManager.getAcceptedIssuers();
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
new file mode 100644
index 00000000000..bf52356779e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
@@ -0,0 +1,248 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the 
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import static org.junit.Assert.assertTrue;
+
+import java.util.Map;
+
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
+import com.cloud.utils.exception.ExecutionException;
+
+
+@Ignore("Requires actual VNMC to connect to")
+public class CiscoVnmcConnectionTest {
+    static CiscoVnmcConnectionImpl connection;
+    static String tenantName = "TenantE";
+    static Map<String, String> fwDns = null;
+
+    @BeforeClass
+    public static void setUpClass() throws Exception {
+        connection = new CiscoVnmcConnectionImpl("10.223.56.5", "admin", "C1sco123");
+        try {
+            boolean response = connection.login();
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    
+    @Test
+    public void testLogin() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.login();
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    
+    @Test
+    public void testCreateTenant() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenant(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDC() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenantVDC(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceProfile() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenantVDCEdgeDeviceProfile(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
+        try {
+            boolean response = connection.createTenantVDCEdgeStaticRoutePolicy(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceRoute() {
+        try {
+            boolean response = connection.createTenantVDCEdgeStaticRoute(tenantName,
+                    "10.223.136.1", "0.0.0.0", "0.0.0.0");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateRoutePolicyWithEdgeProfile() {
+        try {
+            boolean response = connection.associateTenantVDCEdgeStaticRoutePolicy(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateTenantVDCEdgeDhcpPolicy() {
+        try {
+            boolean response = connection.associateTenantVDCEdgeDhcpPolicy(tenantName, "Edge_Inside");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDhcpPolicy() {
+        try {
+            boolean response = connection.createTenantVDCEdgeDhcpPolicy(tenantName,
+                    "10.1.1.2", "10.1.1.254", "255.255.255.0","4.4.4.4", tenantName+ ".net");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeSecurityProfile() {
+        try {
+            boolean response = connection.createTenantVDCEdgeSecurityProfile(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCSourceNatIpPool() {
+        try {
+            boolean response = connection.createTenantVDCSourceNatIpPool(tenantName, "1", "10.223.136.10");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCSourceNatPolicy() {
+        try {
+            boolean response = connection.createTenantVDCSourceNatPolicy(tenantName, "1");
+            assertTrue(response);
+            response = connection.createTenantVDCSourceNatPolicyRef(tenantName, "1");
+            assertTrue(response);
+            response = connection.createTenantVDCSourceNatRule(tenantName, "1", "10.1.1.2", "10.1.1.254");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCNatPolicySet() {
+        try {
+            boolean response = connection.createTenantVDCNatPolicySet(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateNatPolicySet() {
+        try {
+            boolean response = connection.associateNatPolicySet(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateEdgeFirewall() {
+        try {
+            boolean response = connection.createEdgeFirewall(tenantName,
+                    "44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testListUnassocAsa1000v() {
+        try {
+            Map<String, String> response = connection.listUnAssocAsa1000v();
+            assertTrue(response.size() >=0);
+            fwDns = response;
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void assocAsa1000v() {
+        try {
+            boolean result = connection.assignAsa1000v(tenantName, fwDns.get(0));
+            assertTrue(result);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java
new file mode 100755
index 00000000000..a16733b5135
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java
@@ -0,0 +1,401 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.element;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.naming.ConfigurationException;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.internal.matchers.Any;
+
+import com.cloud.agent.AgentManager;
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.configuration.ConfigurationManager;
+import com.cloud.dc.ClusterVSMMapVO;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.dao.ClusterVSMMapDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.deploy.DeployDestination;
+import com.cloud.domain.Domain;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.host.HostVO;
+import com.cloud.host.dao.HostDao;
+import com.cloud.network.Network;
+import com.cloud.network.Network.GuestType;
+import com.cloud.network.Network.Provider;
+import com.cloud.network.Network.Service;
+import com.cloud.network.CiscoNexusVSMDeviceVO;
+import com.cloud.network.IpAddress;
+import com.cloud.network.NetworkManager;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.Networks.BroadcastDomainType;
+import com.cloud.network.Networks.TrafficType;
+import com.cloud.network.addr.PublicIp;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.network.dao.CiscoAsa1000vDao;
+import com.cloud.network.dao.CiscoNexusVSMDeviceDao;
+import com.cloud.network.dao.CiscoVnmcDao;
+import com.cloud.network.dao.NetworkAsa1000vMapDao;
+import com.cloud.network.dao.NetworkServiceMapDao;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.rules.StaticNat;
+import com.cloud.network.rules.StaticNatRule;
+import com.cloud.offering.NetworkOffering;
+import com.cloud.resource.ResourceManager;
+import com.cloud.user.Account;
+import com.cloud.utils.net.Ip;
+import com.cloud.vm.ReservationContext;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
+
+public class CiscoVnmcElementTest {
+
+    CiscoVnmcElement _element = new CiscoVnmcElement();
+    AgentManager _agentMgr = mock(AgentManager.class);
+    NetworkManager _networkMgr = mock(NetworkManager.class);
+    NetworkModel _networkModel = mock(NetworkModel.class);
+    HostDao _hostDao = mock(HostDao.class);
+    NetworkServiceMapDao _ntwkSrvcDao = mock(NetworkServiceMapDao.class);
+    ConfigurationManager _configMgr = mock(ConfigurationManager.class);
+    CiscoVnmcDao _ciscoVnmcDao = mock(CiscoVnmcDao.class);
+    CiscoAsa1000vDao _ciscoAsa1000vDao = mock(CiscoAsa1000vDao.class);
+    NetworkAsa1000vMapDao _networkAsa1000vMapDao = mock(NetworkAsa1000vMapDao.class);
+    ClusterVSMMapDao _clusterVsmMapDao = mock(ClusterVSMMapDao.class);
+    CiscoNexusVSMDeviceDao _vsmDeviceDao = mock(CiscoNexusVSMDeviceDao.class);
+    VlanDao _vlanDao = mock(VlanDao.class);
+
+    @Before
+    public void setUp() throws ConfigurationException {
+        _element._resourceMgr = mock(ResourceManager.class);
+        _element._agentMgr = _agentMgr;
+        _element._networkMgr = _networkMgr;
+        _element._networkModel = _networkModel;
+        _element._hostDao = _hostDao;
+        _element._configMgr = _configMgr;
+        _element._ciscoVnmcDao = _ciscoVnmcDao;
+        _element._ciscoAsa1000vDao = _ciscoAsa1000vDao;
+        _element._networkAsa1000vMapDao = _networkAsa1000vMapDao;
+        _element._clusterVsmMapDao = _clusterVsmMapDao;
+        _element._vsmDeviceDao = _vsmDeviceDao;
+        _element._vlanDao = _vlanDao;
+
+        // Standard responses
+        when(_networkModel.isProviderForNetwork(Provider.CiscoVnmc, 1L)).thenReturn(true);
+
+        _element.configure("CiscoVnmcTestElement", Collections.<String, Object> emptyMap());
+    }
+
+    @Test
+    public void canHandleTest() {
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        assertTrue(_element.canHandle(network));
+
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.UnDecided);
+        assertFalse(_element.canHandle(network));
+    }
+
+    @Test
+    public void implementTest() throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getGateway()).thenReturn("1.1.1.1");
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+
+        NetworkOffering offering = mock(NetworkOffering.class);
+        when(offering.getId()).thenReturn(1L);
+        when(offering.getTrafficType()).thenReturn(TrafficType.Guest);
+        when(offering.getGuestType()).thenReturn(GuestType.Isolated);
+
+        DeployDestination dest = mock(DeployDestination.class);
+
+        Domain dom = mock(Domain.class);
+        when(dom.getName()).thenReturn("d1");
+        Account acc = mock(Account.class);
+        when(acc.getAccountName()).thenReturn("a1");
+        ReservationContext context = mock(ReservationContext.class);
+        when(context.getDomain()).thenReturn(dom);
+        when(context.getAccount()).thenReturn(acc);
+
+        DataCenter dc = mock(DataCenter.class);
+        when(dc.getNetworkType()).thenReturn(NetworkType.Advanced);
+        when(_configMgr.getZone(network.getDataCenterId())).thenReturn(dc);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        CiscoAsa1000vDeviceVO asaVO = mock(CiscoAsa1000vDeviceVO.class);
+        when(asaVO.getInPortProfile()).thenReturn("foo");
+        when(asaVO.getManagementIp()).thenReturn("1.2.3.4");
+
+        List<CiscoAsa1000vDeviceVO> asaList = new ArrayList<CiscoAsa1000vDeviceVO>();
+        asaList.add(asaVO);
+        when(_ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(asaList);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+        when(_networkAsa1000vMapDao.findByAsa1000vId(anyLong())).thenReturn(null);
+        when(_networkAsa1000vMapDao.persist(any(NetworkAsa1000vMapVO.class))).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)).thenReturn(true);
+
+        ClusterVSMMapVO clusterVsmMap = mock(ClusterVSMMapVO.class);
+        when(_clusterVsmMapDao.findByClusterId(anyLong())).thenReturn(clusterVsmMap);
+
+        CiscoNexusVSMDeviceVO vsmDevice = mock(CiscoNexusVSMDeviceVO.class);
+        when(vsmDevice.getUserName()).thenReturn("foo");
+        when(vsmDevice.getPassword()).thenReturn("bar");
+        when(vsmDevice.getipaddr()).thenReturn("1.2.3.4");
+        when(_vsmDeviceDao.findById(anyLong())).thenReturn(vsmDevice);
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        PublicIp publicIp = mock(PublicIp.class);
+        when(publicIp.getAddress()).thenReturn(ip);
+        when(publicIp.getState()).thenReturn(IpAddress.State.Releasing);
+        when(publicIp.getAccountId()).thenReturn(1L);
+        when(publicIp.isSourceNat()).thenReturn(true);
+        when(publicIp.getVlanTag()).thenReturn("123");
+        when(publicIp.getGateway()).thenReturn("1.1.1.1");
+        when(publicIp.getNetmask()).thenReturn("1.1.1.1");
+        when(publicIp.getMacAddress()).thenReturn(null);
+        when(publicIp.isOneToOneNat()).thenReturn(true);
+        when(_networkMgr.assignSourceNatIpAddressToGuestNetwork(acc, network)).thenReturn(publicIp);
+
+        VlanVO vlanVO = mock(VlanVO.class);
+        when(vlanVO.getVlanGateway()).thenReturn("1.1.1.1");
+        List<VlanVO> vlanVOList = new ArrayList<VlanVO>();
+        when(_vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId())).thenReturn(vlanVOList);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(CreateLogicalEdgeFirewallCommand.class))).thenReturn(answer);
+        when(_agentMgr.easySend(anyLong(), any(ConfigureNexusVsmForAsaCommand.class))).thenReturn(answer);
+        when(_agentMgr.easySend(anyLong(), any(SetSourceNatCommand.class))).thenReturn(answer);
+        when(_agentMgr.easySend(anyLong(), any(AssociateAsaWithLogicalEdgeFirewallCommand.class))).thenReturn(answer);
+        
+        assertTrue(_element.implement(network, offering, dest, context));
+    }
+
+    @Test
+    public void shutdownTest() throws ConcurrentOperationException, ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+
+        ReservationContext context = mock(ReservationContext.class);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(CleanupLogicalEdgeFirewallCommand.class))).thenReturn(answer);
+
+    	assertTrue(_element.shutdown(network, context, true));
+    }
+
+    @Test
+    public void applyFWRulesTest() throws ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+        when(network.getState()).thenReturn(Network.State.Implemented);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        IpAddress ipAddress = mock(IpAddress.class);
+        when(ipAddress.getAddress()).thenReturn(ip);
+
+        when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)).thenReturn(true);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        FirewallRule rule = mock(FirewallRule.class);
+        when(rule.getSourceIpAddressId()).thenReturn(1L);
+        List<FirewallRule> rules = new ArrayList<FirewallRule>();
+        rules.add(rule);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(SetFirewallRulesCommand.class))).thenReturn(answer);
+
+        assertTrue(_element.applyFWRules(network, rules));
+    }
+
+    @Test
+    public void applyPRulesTest() throws ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+        when(network.getState()).thenReturn(Network.State.Implemented);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        IpAddress ipAddress = mock(IpAddress.class);
+        when(ipAddress.getAddress()).thenReturn(ip);
+        when(ipAddress.getVlanId()).thenReturn(1L);
+
+        when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)).thenReturn(true);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        VlanVO vlanVO = mock(VlanVO.class);
+        when(vlanVO.getVlanTag()).thenReturn(null);
+        when(_vlanDao.findById(anyLong())).thenReturn(vlanVO);
+
+        PortForwardingRule rule = mock(PortForwardingRule.class);
+        when(rule.getSourceIpAddressId()).thenReturn(1L);
+        when(rule.getDestinationIpAddress()).thenReturn(ip);
+        List<PortForwardingRule> rules = new ArrayList<PortForwardingRule>();
+        rules.add(rule);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(SetPortForwardingRulesCommand.class))).thenReturn(answer);
+
+        assertTrue(_element.applyPFRules(network, rules));
+    }
+
+    @Test
+    public void applyStaticNatsTest() throws ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+        when(network.getState()).thenReturn(Network.State.Implemented);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        IpAddress ipAddress = mock(IpAddress.class);
+        when(ipAddress.getAddress()).thenReturn(ip);
+        when(ipAddress.getVlanId()).thenReturn(1L);
+
+        when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, Provider.CiscoVnmc)).thenReturn(true);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        VlanVO vlanVO = mock(VlanVO.class);
+        when(vlanVO.getVlanTag()).thenReturn(null);
+        when(_vlanDao.findById(anyLong())).thenReturn(vlanVO);
+
+        StaticNat rule = mock(StaticNat.class);
+        when(rule.getSourceIpAddressId()).thenReturn(1L);
+        when(rule.getDestIpAddress()).thenReturn("1.2.3.4");
+        when(rule.isForRevoke()).thenReturn(false);
+        List<StaticNat> rules = new ArrayList<StaticNat>();
+        rules.add(rule);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(SetStaticNatRulesCommand.class))).thenReturn(answer);
+
+        assertTrue(_element.applyStaticNats(network, rules));
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
new file mode 100755
index 00000000000..e814fdcd4d5
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
@@ -0,0 +1,285 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.resource;
+
+import static org.junit.Assert.*;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.PingCommand;
+import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
+import com.cloud.agent.api.to.IpAddressTO;
+import com.cloud.agent.api.to.PortForwardingRuleTO;
+import com.cloud.agent.api.to.StaticNatRuleTO;
+import com.cloud.dc.Vlan;
+import com.cloud.host.Host;
+import com.cloud.network.IpAddress;
+import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.rules.StaticNat;
+import com.cloud.network.rules.FirewallRule.Purpose;
+import com.cloud.network.rules.FirewallRule.TrafficType;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.utils.exception.ExecutionException;
+
+public class CiscoVnmcResourceTest {
+    CiscoVnmcConnectionImpl _connection = mock(CiscoVnmcConnectionImpl.class);
+    CiscoVnmcResource _resource;
+    Map<String,Object> _parameters;
+
+    @Before
+    public void setUp() throws ConfigurationException {
+        _resource = new CiscoVnmcResource();
+
+        _parameters = new HashMap<String, Object>();
+        _parameters.put("name", "CiscoVnmc");
+        _parameters.put("zoneId", "1");
+        _parameters.put("physicalNetworkId", "100");
+        _parameters.put("ip", "1.2.3.4");
+        _parameters.put("username", "admin");
+        _parameters.put("password", "pass");
+        _parameters.put("guid", "e8e13097-0a08-4e82-b0af-1101589ec3b8");
+        _parameters.put("numretries", "3");
+        _parameters.put("timeout", "300");
+    }
+
+    @Test(expected=ConfigurationException.class)
+    public void resourceConfigureFailure() throws ConfigurationException {
+        _resource.configure("CiscoVnmcResource", Collections.<String,Object>emptyMap());
+    }
+
+    @Test
+    public void resourceConfigure() throws ConfigurationException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        assertTrue("CiscoVnmc".equals(_resource.getName()));
+        assertTrue(_resource.getType() == Host.Type.ExternalFirewall);
+    }
+
+    @Test
+    public void testInitialization() throws ConfigurationException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        StartupCommand[] sc = _resource.initialize();
+        assertTrue(sc.length ==1);
+        assertTrue("e8e13097-0a08-4e82-b0af-1101589ec3b8".equals(sc[0].getGuid()));
+        assertTrue("CiscoVnmc".equals(sc[0].getName()));
+        assertTrue("1".equals(sc[0].getDataCenter()));
+    }
+
+    @Test
+    public void testPingCommandStatusOk() throws ConfigurationException, ExecutionException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.login()).thenReturn(true);
+        PingCommand ping = _resource.getCurrentStatus(1);
+        assertTrue(ping != null);
+        assertTrue(ping.getHostId() == 1);
+        assertTrue(ping.getHostType() == Host.Type.ExternalFirewall);
+    }
+
+    @Test
+    public void testPingCommandStatusFail() throws ConfigurationException, ExecutionException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.login()).thenReturn(false);
+        PingCommand ping = _resource.getCurrentStatus(1);
+        assertTrue(ping == null);
+    }
+
+    @Test
+    public void testSourceNat() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        IpAddressTO ip = new IpAddressTO(1, "1.2.3.4", true, false,
+                false, null, "1.2.3.1", "255.255.255.0", null, null, false);
+        SetSourceNatCommand cmd = new SetSourceNatCommand(ip, true);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.login()).thenReturn(true);
+        when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatPolicyRef(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatIpPool(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatRule(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateNatPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testFirewall() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
+        List<String> cidrList = new ArrayList<String>();
+        cidrList.add("2.3.2.3/32");
+        FirewallRuleTO active = new FirewallRuleTO(1,
+                null, "1.2.3.4", "tcp", 22, 22, false, false,
+                FirewallRule.Purpose.Firewall, cidrList, null, null);
+        rules.add(active);
+        FirewallRuleTO revoked = new FirewallRuleTO(1,
+                null, "1.2.3.4", "tcp", 22, 22, true, false,
+                FirewallRule.Purpose.Firewall, null, null, null);
+        rules.add(revoked);
+
+        SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCIngressAclRule(
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEgressAclRule(
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testStaticNat() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        List<StaticNatRuleTO> rules = new ArrayList<StaticNatRuleTO>();
+        StaticNatRuleTO active = new StaticNatRuleTO(0, "1.2.3.4", null,
+                null, "5.6.7.8", null, null, null, false, false);
+        rules.add(active);
+        StaticNatRuleTO revoked = new StaticNatRuleTO(0, "1.2.3.4", null, 
+                null, "5.6.7.8", null, null, null, true, false);
+        rules.add(revoked);
+
+        SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rules, null);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.createTenantVDCDNatPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCDNatPolicyRef(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.deleteTenantVDCDNatRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCDNatIpPool(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCDNatRule(anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclRuleForDNat(anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testPortForwarding() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        List<PortForwardingRuleTO> rules = new ArrayList<PortForwardingRuleTO>();
+        PortForwardingRuleTO active = new PortForwardingRuleTO(1, "1.2.3.4", 22, 22,
+                "5.6.7.8", 22, 22, "tcp", false, false);
+        rules.add(active);
+        PortForwardingRuleTO revoked = new PortForwardingRuleTO(1, "1.2.3.4", 22, 22,
+                "5.6.7.8", 22, 22, "tcp", false, false);
+        rules.add(revoked);
+
+        SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rules);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.createTenantVDCPFPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFPolicyRef(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.deleteTenantVDCPFRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFIpPool(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFPortPool(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFRule(anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclRuleForPF(anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testCreateEdgeFirewall() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, "1.2.3.4", "5.6.7.8", "255.255.255.0", "255.255.255.0");
+        cmd.getPublicGateways().add("1.1.1.1");
+        cmd.getPublicGateways().add("2.2.2.2");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenant(anyString())).thenReturn(true);
+        when(_connection.createTenantVDC(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeSecurityProfile(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeDeviceProfile(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeStaticRoutePolicy(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeStaticRoute(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateTenantVDCEdgeStaticRoutePolicy(anyString())).thenReturn(true);
+        when(_connection.createEdgeFirewall(anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+}
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 12c85fff38b..471253f0728 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -138,6 +138,7 @@
       </activation>
       <modules>
         <module>hypervisors/vmware</module>
+        <module>network-elements/cisco-vnmc</module>
       </modules>
     </profile>
     <profile>
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index 50c137ae81f..cfe0e00d8ba 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -2717,8 +2717,8 @@ public class ApiResponseHelper implements ResponseGenerator {
         List<? extends Network.Provider> serviceProviders = ApiDBUtils.getProvidersForService(service);
         List<ProviderResponse> serviceProvidersResponses = new ArrayList<ProviderResponse>();
         for (Network.Provider serviceProvider : serviceProviders) {
-            // return only Virtual Router/JuniperSRX as a provider for the firewall
-            if (service == Service.Firewall && !(serviceProvider == Provider.VirtualRouter || serviceProvider == Provider.JuniperSRX)) {
+            // return only Virtual Router/JuniperSRX/CiscoVnmc as a provider for the firewall
+            if (service == Service.Firewall && !(serviceProvider == Provider.VirtualRouter || serviceProvider == Provider.JuniperSRX || serviceProvider == Provider.CiscoVnmc)) {
                 continue;
             }
 
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index fce3c010df4..5b6d81e8df8 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -3302,8 +3302,8 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
                             throw new InvalidParameterValueException("Invalid service provider: " + prvNameStr);
                         }
 
-                        if (provider == Provider.JuniperSRX) {
-                            firewallProvider = Provider.JuniperSRX;
+                        if (provider == Provider.JuniperSRX || provider == Provider.CiscoVnmc) {
+                            firewallProvider = provider;
                         }
                         
                         if ((service == Service.PortForwarding || service == Service.StaticNat) && provider == Provider.VirtualRouter){
diff --git a/setup/db/db/schema-410to420.sql b/setup/db/db/schema-410to420.sql
index 92b2d9c863c..fb760bf4824 100644
--- a/setup/db/db/schema-410to420.sql
+++ b/setup/db/db/schema-410to420.sql
@@ -680,7 +680,41 @@ CREATE VIEW `cloud`.`affinity_group_view` AS
             left join
         `cloud`.`vm_instance` ON vm_instance.id = affinity_group_vm_map.instance_id
             left join
-		`cloud`.`user_vm` ON user_vm.id = vm_instance.id;
-		
+        `cloud`.`user_vm` ON user_vm.id = vm_instance.id;
+
+CREATE TABLE `cloud`.`external_cisco_vnmc_devices` (
+  `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
+  `uuid` varchar(255) UNIQUE,
+  `physical_network_id` bigint unsigned NOT NULL COMMENT 'id of the physical network in to which cisco vnmc device is added',
+  `provider_name` varchar(255) NOT NULL COMMENT 'Service Provider name corresponding to this cisco vnmc device',
+  `device_name` varchar(255) NOT NULL COMMENT 'name of the cisco vnmc device',
+  `host_id` bigint unsigned NOT NULL COMMENT 'host id coresponding to the external cisco vnmc device',
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_external_cisco_vnmc_devices__host_id` FOREIGN KEY (`host_id`) REFERENCES `host`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_external_cisco_vnmc_devices__physical_network_id` FOREIGN KEY (`physical_network_id`) REFERENCES `physical_network`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`external_cisco_asa1000v_devices` (
+  `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
+  `uuid` varchar(255) UNIQUE,
+  `physical_network_id` bigint unsigned NOT NULL COMMENT 'id of the physical network in to which cisco asa1kv device is added',
+  `management_ip` varchar(255) UNIQUE NOT NULL COMMENT 'mgmt. ip of cisco asa1kv device',
+  `in_port_profile` varchar(255) NOT NULL COMMENT 'inside port profile name of cisco asa1kv device',
+  `cluster_id` bigint unsigned NOT NULL COMMENT 'id of the Vmware cluster to which cisco asa1kv device is attached (cisco n1kv switch)',
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_external_cisco_asa1000v_devices__physical_network_id` FOREIGN KEY (`physical_network_id`) REFERENCES `physical_network`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_external_cisco_asa1000v_devices__cluster_id` FOREIGN KEY (`cluster_id`) REFERENCES `cluster`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`network_asa1000v_map` (
+  `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
+  `network_id` bigint unsigned NOT NULL UNIQUE COMMENT 'id of guest network',
+  `asa1000v_id` bigint unsigned NOT NULL UNIQUE COMMENT 'id of asa1000v device',
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_network_asa1000v_map__network_id` FOREIGN KEY (`network_id`) REFERENCES `networks`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_network_asa1000v_map__asa1000v_id` FOREIGN KEY (`asa1000v_id`) REFERENCES `external_cisco_asa1000v_devices`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 -- Re-enable foreign key checking, at the end of the upgrade path
 SET foreign_key_checks = 1;			
+
diff --git a/test/integration/component/test_asa1000v_fw.py b/test/integration/component/test_asa1000v_fw.py
new file mode 100755
index 00000000000..0b66f971946
--- /dev/null
+++ b/test/integration/component/test_asa1000v_fw.py
@@ -0,0 +1,134 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+""" Cisco ASA1000v external firewall
+"""
+#Import Local Modules
+import marvin
+from nose.plugins.attrib import attr
+from marvin.cloudstackTestCase import *
+from marvin.cloudstackAPI import *
+from marvin.integration.lib.utils import *
+from marvin.integration.lib.base import *
+from marvin.integration.lib.common import *
+from marvin.remoteSSHClient import remoteSSHClient
+import datetime
+
+
+class Services:
+    """Test Cisco ASA1000v services
+    """
+
+    def __init__(self):
+        self.services = {
+                        "vnmc": {
+                                    "ipaddress": '10.147.28.236',
+                                    "username": 'admin',
+                                    "password": 'Password_123',
+                        },
+                        "asa": {
+                                    "ipaddress": '10.147.28.238',
+                                    "insideportprofile": 'asa-in123',
+                        },
+                        "network_offering": {
+                                    "name": 'CiscoVnmc',
+                                    "displaytext": 'CiscoVnmc',
+                                    "guestiptype": 'Isolated',
+                                    "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Firewall,UserData,StaticNat',
+                                    "traffictype": 'GUEST',
+                                    "availability": 'Optional',
+                                    "serviceProviderList": {
+                                            "Dhcp": 'VirtualRouter',
+                                            "Dns": 'VirtualRouter',
+                                            "SourceNat": 'CiscoVnmc',
+                                            "PortForwarding": 'CiscoVnmc',
+                                            "Firewall": 'CiscoVnmc',
+                                            "UserData": 'VirtualRouter',
+                                            "StaticNat": 'CiscoVnmc',
+                                    },
+                        },
+                        "network": {
+                                    "name": "CiscoVnmc",
+                                    "displaytext": "CiscoVnmc",
+                        },
+                    }
+
+class TestASASetup(cloudstackTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        cls.apiclient = super(
+                            TestASASetup,
+                            cls
+                            ).getClsTestClient().getApiClient()
+        cls.services = Services().services
+        cls.network_offering = NetworkOffering.create(
+                            cls.apiclient,
+                            cls.services["network_offering"],
+                            conservemode=True)
+        # Enable network offering
+        cls.network_offering.update(cls.apiclient, state='Enabled')
+
+        cls._cleanup = [
+                        cls.network_offering,
+                      ]
+        return
+
+    @classmethod
+    def tearDownClass(cls):
+        try:
+            # Cleanup
+            cleanup_resources(cls.apiclient, cls._cleanup)
+        except Exception as e:
+            raise Exception("Warning: Exception during cleanup : %s" % e)
+        return
+
+    def setUp(self):
+        self.apiclient = self.testClient.getApiClient()
+        self.dbclient = self.testClient.getDbConnection()
+
+        self.zone = get_zone(self.apiclient, self.services)
+        self.physicalnetworks = PhysicalNetwork.list(self.apiclient, zoneid=self.zone.id)
+        self.assertNotEqual(len(self.physicalnetworks), 0, "Check if the list physical network API returns a non-empty response")
+        self.clusters = Cluster.list(self.apiclient, hypervisor='VMware')
+        self.assertNotEqual(len(self.clusters), 0, "Check if the list cluster API returns a non-empty response")
+
+        return
+
+    def tearDown(self):
+        try:
+            self.debug("Cleaning up the resources")
+            # Cleanup
+            cleanup_resources(self.apiclient, self._cleanup)
+            self.debug("Cleanup complete!")
+        except Exception as e:
+            raise Exception("Warning: Exception during cleanup : %s" % e)
+        return
+
+    def test_registerVnmc(self):
+        Vnmc = VNMC.create(self.apiclient, self.services["vnmc"]["ipaddress"], self.services["vnmc"]["username"], self.services["vnmc"]["password"], self.physicalnetworks[0].id)
+        self.debug("Cisco VNMC appliance with id %s deployed"%(Vnmc.id))
+        VnmcList = VNMC.list(self.apiclient, physicalnetworkid = self.physicalnetworks[0].id)
+        self.assertNotEqual(len(VnmcList), 0, "List VNMC API returned an empty response")
+        Vnmc.delete(self.apiclient)
+
+    def test_registerAsa1000v(self):
+        Asa = ASA1000V.create(self.apiclient, self.services["asa"]["ipaddress"], self.services["asa"]["insideportprofile"], self.clusters[0].id, self.physicalnetworks[0].id)
+        self.debug("Cisco ASA 1000v appliance with id %s deployed"%(Asa.id))
+        AsaList = ASA1000V.list(self.apiclient, physicalnetworkid = self.physicalnetworks[0].id)
+        self.assertNotEqual(len(AsaList), 0, "List ASA 1000v API returned an empty response")
+        Asa.delete(self.apiclient)
\ No newline at end of file
diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py
index 3df68ab7853..0185c87fed9 100755
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@ -2444,7 +2444,6 @@ class VPC:
         [setattr(cmd, k, v) for k, v in kwargs.items()]
         return(apiclient.listVPCs(cmd))
 
-
 class AffinityGroup:
     def __init__(self, items):
         self.__dict__.update(items)
@@ -2467,9 +2466,71 @@ class AffinityGroup:
         cmd.id = self.id
         return apiclient.deleteVPC(cmd)
 
-
     @classmethod
     def list(cls, apiclient, **kwargs):
         cmd = listAffinityGroups.listAffinityGroupsCmd()
         [setattr(cmd, k, v) for k, v in kwargs.items()]
         return(apiclient.listVPCs(cmd))
+
+class VNMC:
+    """Manage VNMC lifecycle"""
+
+    def __init__(self, items):
+        self.__dict__.update(items)
+
+    def create(cls, apiclient, hostname, username, password, physicalnetworkid):
+        """Registers VNMC appliance"""
+
+        cmd = addCiscoVnmcResource.addCiscoVnmcResourceCmd()
+        cmd.hostname = hostname
+        cmd.username = username
+        cmd.password = password
+        cmd.physicalnetworkid = physicalnetworkid
+        return VNMC(apiclient.addCiscoVnmcResource(cmd))
+
+    def delete(self, apiclient):
+        """Removes VNMC appliance"""
+
+        cmd = deleteCiscoVnmcResource.deleteCiscoVnmcResourceCmd()
+        cmd.resourceid = self.resourceid
+        return apiclient.deleteCiscoVnmcResource(cmd)
+
+    @classmethod
+    def list(cls, apiclient, **kwargs):
+        """List VNMC appliances"""
+
+        cmd = listCiscoVnmcResources.listCiscoVnmcResourcesCmd()
+        [setattr(cmd, k, v) for k, v in kwargs.items()]
+        return(apiclient.listCiscoVnmcResources(cmd))
+
+class ASA1000V:
+    """Manage ASA 1000v lifecycle"""
+
+    def __init__(self, items):
+        self.__dict__.update(items)
+
+    @classmethod
+    def create(cls, apiclient, hostname, insideportprofile, clusterid, physicalnetworkid):
+        """Registers ASA 1000v appliance"""
+
+        cmd = addCiscoAsa1000vResource.addCiscoAsa1000vResourceCmd()
+        cmd.hostname = hostname
+        cmd.insideportprofile = insideportprofile
+        cmd.clusterid = clusterid
+        cmd.physicalnetworkid = physicalnetworkid
+        return ASA1000V(apiclient.addCiscoAsa1000vResource(cmd))
+
+    def delete(self, apiclient):
+        """Removes ASA 1000v appliance"""
+
+        cmd = deleteCiscoAsa1000vResource.deleteCiscoAsa1000vResourceCmd()
+        cmd.resourceid = self.resourceid
+        return apiclient.deleteCiscoAsa1000vResource(cmd)
+
+    @classmethod
+    def list(cls, apiclient, **kwargs):
+        """List ASA 1000v appliances"""
+
+        cmd = listCiscoAsa1000vResources.listCiscoAsa1000vResourcesCmd()
+        [setattr(cmd, k, v) for k, v in kwargs.items()]
+        return(apiclient.listCiscoAsa1000vResources(cmd))
diff --git a/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java b/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java
index be8d68a5648..06718d0f35e 100644
--- a/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java
+++ b/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java
@@ -79,6 +79,17 @@ public class NetconfHelper {
         parseOkReply(receive());
     }
 
+    public void addPortProfile(String name, PortProfileType type, BindingType binding,
+            SwitchPortMode mode, int vlanid, String vdc, String espName) throws CloudRuntimeException {
+        String command = VsmCommand.getAddPortProfile(name, type, binding, mode, vlanid, vdc, espName);
+        if (command != null) {
+            command = command.concat(SSH_NETCONF_TERMINATOR);
+            parseOkReply(sendAndReceive(command));
+        } else {
+            throw new CloudRuntimeException("Error generating rpc request for adding port profile.");
+        }
+    }
+
     public void addPortProfile(String name, PortProfileType type, BindingType binding,
             SwitchPortMode mode, int vlanid) throws CloudRuntimeException {
         String command = VsmCommand.getAddPortProfile(name, type, binding, mode, vlanid);
@@ -160,6 +171,17 @@ public class NetconfHelper {
         }
     }
 
+    public void addVServiceNode(String vlanId, String ipAddr)
+            throws CloudRuntimeException {
+        String command = VsmCommand.getVServiceNode(vlanId, ipAddr);
+        if (command != null) {
+            command = command.concat(SSH_NETCONF_TERMINATOR);
+            parseOkReply(sendAndReceive(command));
+        } else {
+            throw new CloudRuntimeException("Error generating rpc request for adding vservice node for vlan " + vlanId);
+        }
+    }
+
     public PortProfile getPortProfileByName(String name) throws CloudRuntimeException {
         String command = VsmCommand.getPortProfile(name);
         if (command != null) {
diff --git a/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java b/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
index d1887f6417d..fdab390557d 100644
--- a/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
+++ b/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
@@ -69,6 +69,40 @@ public class VsmCommand {
         removevlanid
     }
 
+    public static String getAddPortProfile(String name, PortProfileType type,
+            BindingType binding, SwitchPortMode mode, int vlanid, String vdc, String espName) {
+        try {
+            // Create the document and root element.
+            DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+            DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
+            DOMImplementation domImpl = docBuilder.getDOMImplementation();
+            Document doc = createDocument(domImpl);
+
+            // Edit configuration command.
+            Element editConfig = doc.createElement("nf:edit-config");
+            doc.getDocumentElement().appendChild(editConfig);
+
+            // Command to get into exec configure mode.
+            Element target = doc.createElement("nf:target");
+            Element running = doc.createElement("nf:running");
+            target.appendChild(running);
+            editConfig.appendChild(target);
+
+            // Command to create the port profile with the desired configuration.
+            Element config = doc.createElement("nf:config");
+            config.appendChild(configPortProfileDetails(doc, name, type, binding, mode, vlanid, vdc, espName));
+            editConfig.appendChild(config);
+
+            return serialize(domImpl, doc);
+        } catch (ParserConfigurationException e) {
+            s_logger.error("Error while creating add port profile message : " + e.getMessage());
+            return null;
+        } catch (DOMException e) {
+            s_logger.error("Error while creating add port profile message : " + e.getMessage());
+            return null;
+        }
+    }
+
     public static String getAddPortProfile(String name, PortProfileType type,
             BindingType binding, SwitchPortMode mode, int vlanid) {
         try {
@@ -366,6 +400,184 @@ public class VsmCommand {
         }
     }
 
+    public static String getVServiceNode(String vlanId, String ipAddr) {
+        try {
+            // Create the document and root element.
+            DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+            DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
+            DOMImplementation domImpl = docBuilder.getDOMImplementation();
+            Document doc = createDocument(domImpl);
+
+            // Edit configuration command.
+            Element editConfig = doc.createElement("nf:edit-config");
+            doc.getDocumentElement().appendChild(editConfig);
+
+            // Command to get into exec configure mode.
+            Element target = doc.createElement("nf:target");
+            Element running = doc.createElement("nf:running");
+            target.appendChild(running);
+            editConfig.appendChild(target);
+
+            // Command to create the port profile with the desired configuration.
+            Element config = doc.createElement("nf:config");
+            config.appendChild(configVServiceNodeDetails(doc, vlanId, ipAddr));
+            editConfig.appendChild(config);
+
+            return serialize(domImpl, doc);
+        } catch (ParserConfigurationException e) {
+            s_logger.error("Error while adding vservice node for vlan " + vlanId + ", " + e.getMessage());
+            return null;
+        } catch (DOMException e) {
+            s_logger.error("Error while adding vservice node for vlan " + vlanId + ", " + e.getMessage());
+            return null;
+        }
+    }
+
+    private static Element configVServiceNodeDetails(Document doc, String vlanId, String ipAddr) {
+        // In mode, exec_configure.
+        Element configure = doc.createElementNS(s_ciscons, "nxos:configure");
+        Element modeConfigure = doc.createElement("nxos:" + s_configuremode);
+        configure.appendChild(modeConfigure);
+
+        // vservice node %name% type asa
+        Element vservice = doc.createElement("vservice");
+        vservice.appendChild(doc.createElement("node"))
+                .appendChild(doc.createElement("ASA_" + vlanId))
+                .appendChild(doc.createElement("type"))
+                .appendChild(doc.createElement("asa"));
+        modeConfigure.appendChild(vservice);
+
+        Element address = doc.createElement(s_paramvalue);
+        address.setAttribute("isKey", "true");
+        address.setTextContent(ipAddr);
+
+        // ip address %ipAddr%
+        modeConfigure.appendChild(doc.createElement("ip"))
+        		.appendChild(doc.createElement("address"))
+                .appendChild(doc.createElement("value"))
+        		.appendChild(address);
+
+        Element vlan = doc.createElement(s_paramvalue);
+        vlan.setAttribute("isKey", "true");
+        vlan.setTextContent(vlanId);
+
+        // adjacency l2 vlan %vlanId%
+        modeConfigure.appendChild(doc.createElement("adjacency"))
+                .appendChild(doc.createElement("l2"))
+                .appendChild(doc.createElement("vlan"))
+                .appendChild(doc.createElement("value"))
+                .appendChild(vlan);
+
+        // fail-mode close
+        modeConfigure.appendChild(doc.createElement("fail-mode"))
+                .appendChild(doc.createElement("close"));
+
+        // Persist the configuration across reboots.
+        modeConfigure.appendChild(persistConfiguration(doc));
+
+        return configure;
+    }
+
+    private static Element configPortProfileDetails(Document doc, String name, PortProfileType type,
+            BindingType binding, SwitchPortMode mode, int vlanid, String vdc, String espName) {
+
+        // In mode, exec_configure.
+        Element configure = doc.createElementNS(s_ciscons, "nxos:configure");
+        Element modeConfigure = doc.createElement("nxos:" + s_configuremode);
+        configure.appendChild(modeConfigure);
+
+        // Port profile name and type configuration.
+        Element portProfile = doc.createElement("port-profile");
+        modeConfigure.appendChild(portProfile);
+
+        // Port profile type.
+        Element portDetails = doc.createElement("name");
+        switch (type) {
+        case none:
+            portProfile.appendChild(portDetails);
+            break;
+        case ethernet:
+            {
+                Element typetag = doc.createElement("type");
+                Element ethernettype = doc.createElement("ethernet");
+                portProfile.appendChild(typetag);
+                typetag.appendChild(ethernettype);
+                ethernettype.appendChild(portDetails);
+            }
+            break;
+        case vethernet:
+            {
+                Element typetag = doc.createElement("type");
+                Element ethernettype = doc.createElement("vethernet");
+                portProfile.appendChild(typetag);
+                typetag.appendChild(ethernettype);
+                ethernettype.appendChild(portDetails);
+            }
+            break;
+        }
+
+        // Port profile name.
+        Element value = doc.createElement(s_paramvalue);
+        value.setAttribute("isKey", "true");
+        value.setTextContent(name);
+        portDetails.appendChild(value);
+
+        // element for port prof mode.
+        Element portProf = doc.createElement(s_portprofmode);
+        portDetails.appendChild(portProf);
+
+        // Binding type.
+        if (binding != BindingType.none) {
+            portProf.appendChild(getBindingType(doc, binding));
+        }
+
+        if (mode != SwitchPortMode.none) {
+            // Switchport mode.
+            portProf.appendChild(getSwitchPortMode(doc, mode));
+            // Adding vlan details.
+            if (vlanid > 0) {
+                portProf.appendChild(getAddVlanDetails(doc, mode, Integer.toString(vlanid)));
+            }
+        }
+
+        // Command "vmware port-group".
+        Element vmware = doc.createElement("vmware");
+        Element portgroup = doc.createElement("port-group");
+        vmware.appendChild(portgroup);
+        portProf.appendChild(vmware);
+
+        // org root/%vdc%
+        // vservice node <Node Name> profile <Edge Security Profile Name in VNMC>
+        Element org = doc.createElement("org");
+        org.appendChild(doc.createElement(vdc));
+        portProf.appendChild(org);
+
+        String asaNodeName = "ASA_" + vlanid;
+        Element vservice = doc.createElement("vservice");
+        vservice.appendChild(doc.createElement("node"))
+                .appendChild(doc.createElement(asaNodeName))
+                .appendChild(doc.createElement("profile"))
+                .appendChild(doc.createElement(espName));
+        portProf.appendChild(vservice);
+
+        // no shutdown.
+        Element no = doc.createElement("no");
+        Element shutdown = doc.createElement("shutdown");
+        no.appendChild(shutdown);
+        portProf.appendChild(no);
+
+        // Enable the port profile.
+        Element state = doc.createElement("state");
+        Element enabled = doc.createElement("enabled");
+        state.appendChild(enabled);
+        portProf.appendChild(state);
+
+        // Persist the configuration across reboots.
+        modeConfigure.appendChild(persistConfiguration(doc));
+
+        return configure;
+    }
+    
     private static Element configPortProfileDetails(Document doc, String name, PortProfileType type,
             BindingType binding, SwitchPortMode mode, int vlanid) {
 
@@ -433,6 +645,7 @@ public class VsmCommand {
         Element portgroup = doc.createElement("port-group");
         vmware.appendChild(portgroup);
         portProf.appendChild(vmware);
+        
 
         // no shutdown.
         Element no = doc.createElement("no");
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java
index 621c091481a..7f323c5e400 100755
--- a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java
@@ -163,7 +163,8 @@ public class HypervisorHostHelper {
     }
 
     public static void createPortProfile(VmwareContext context, String ethPortProfileName, String networkName,
-            Integer vlanId, Integer networkRateMbps, long peakBandwidth, long burstSize) throws Exception {
+            Integer vlanId, Integer networkRateMbps, long peakBandwidth, long burstSize,
+            String gateway, boolean configureVServiceInNexus) throws Exception {
         Map<String, String> vsmCredentials = getValidatedVsmCredentials(context);
         String vsmIp = vsmCredentials.get("vsmip");
         String vsmUserName = vsmCredentials.get("vsmusername");
@@ -233,8 +234,18 @@ public class HypervisorHostHelper {
                 s_logger.info("Adding port profile configured over untagged VLAN.");
                 netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, 0);
             } else {
-                s_logger.info("Adding port profile configured over VLAN : " + vlanId.toString());
-                netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, vlanId.intValue());
+                if (!configureVServiceInNexus) {
+                    s_logger.info("Adding port profile configured over VLAN : " + vlanId.toString());
+                    netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, vlanId.intValue());
+                } else {
+                    String tenant = "vlan-" + vlanId.intValue();
+                    String vdc = "root/" + tenant + "/VDC-" + tenant;
+                    String esp = "ESP-" + tenant;
+                    s_logger.info("Adding vservice node in Nexus VSM for VLAN : " + vlanId.toString());
+                    netconfClient.addVServiceNode(vlanId.toString(), gateway);
+                    s_logger.info("Adding port profile with vservice details configured over VLAN : " + vlanId.toString());
+                    netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, vlanId.intValue(), vdc, esp);
+                }
             }
         } catch (CloudRuntimeException e) {
             msg = "Failed to add vEthernet port profile " + networkName + "." + ". Exception: " + e.toString();
@@ -402,7 +413,7 @@ public class HypervisorHostHelper {
 
     public static Pair<ManagedObjectReference, String> prepareNetwork(String physicalNetwork, String namePrefix,
             HostMO hostMo, String vlanId, Integer networkRateMbps, Integer networkRateMulticastMbps, long timeOutMs,
-            VirtualSwitchType vSwitchType, int numPorts) throws Exception {
+            VirtualSwitchType vSwitchType, int numPorts, String gateway, boolean configureVServiceInNexus) throws Exception {
         ManagedObjectReference morNetwork = null;
         VmwareContext context = hostMo.getContext();
         ManagedObjectReference dcMor = hostMo.getHyperHostDatacenter();
@@ -504,22 +515,22 @@ public class HypervisorHostHelper {
             } else {
                 s_logger.info("Found Ethernet port profile " + ethPortProfileName);
             }
-        long averageBandwidth = 0L;
-        if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
-            averageBandwidth = (long) (networkRateMbps.intValue() * 1024L * 1024L);
-        }
-        // We chose 50% higher allocation than average bandwidth.
+            long averageBandwidth = 0L;
+            if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
+                averageBandwidth = (long) (networkRateMbps.intValue() * 1024L * 1024L);
+            }
+            // We chose 50% higher allocation than average bandwidth.
             // TODO(sateesh): Optionally let user specify the peak coefficient
-        long peakBandwidth = (long) (averageBandwidth * 1.5);
+            long peakBandwidth = (long) (averageBandwidth * 1.5);
             // TODO(sateesh): Optionally let user specify the burst coefficient
-        long burstSize = 5 * averageBandwidth / 8;
+            long burstSize = 5 * averageBandwidth / 8;
 
-        if (!dataCenterMo.hasDvPortGroup(networkName)) {
-            s_logger.info("Port profile " + networkName + " not found.");
-                createPortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize);
-            bWaitPortGroupReady = true;
-        } else {
-            s_logger.info("Port profile " + networkName + " found.");
+            if (!dataCenterMo.hasDvPortGroup(networkName)) {
+                s_logger.info("Port profile " + networkName + " not found.");
+                createPortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize, gateway, configureVServiceInNexus);
+                bWaitPortGroupReady = true;
+            } else {
+                s_logger.info("Port profile " + networkName + " found.");
                 updatePortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize);
             }
         }
