From e94c70254be7a593b9c30931948621a86b35455f Mon Sep 17 00:00:00 2001
From: Koushik Das <koushik.das@citrix.com>
Date: Mon, 15 Apr 2013 18:58:43 +0530
Subject: [PATCH] Squashed commit of the following:

commit 7ce45ea1087407b87ff14d0f9ae5a7647c3f3ccc
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 18:36:33 2013 +0530

    Fixed indentation and line ending

commit 0232048f904b850700899d65ded089d8d7e7ab83
Merge: 735c4c8 97911e9
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 17:05:59 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

    Conflicts:
    	api/src/org/apache/cloudstack/api/ApiConstants.java
    	client/tomcatconf/commands.properties.in
    	setup/db/db/schema-410to420.sql
    	tools/marvin/marvin/integration/lib/base.py

commit 735c4c895515a7d3acd59c97d98de95cc5935353
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 15:20:37 2013 +0530

    Fixed unit tests based on recent changes in the Vnmc resource code

commit f166f2d0bf9e341316c74ef8de4b52b3d5e14f4d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 15 14:50:25 2013 +0530

    added tests to register vnmc and asa appliance in cloudstack

commit f38be4810e2e1349260ee262b85db81f60252d9e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 18:42:06 2013 +0530

    Removed unwanted files

commit 902ce426c1ebba2d826744123edd971819f73763
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 17:59:30 2013 +0530

    Fixed auto-wiring of components for Cisco Vnmc

commit 08467ee30709268b536e649b24ad029db792934c
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 16:04:54 2013 +0530

    Fixed compilation issues, incorrect merges from last commit

commit 67f11d46ad8c13f371fe94c57fb287cb9d6005d1
Merge: 3422cee c9c68e1
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 15:11:10 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

commit 3422ceefb6d1f5a92ec0868c1261a22e2cfbc54e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 8 14:42:32 2013 +0530

    Correctly associating nat, acl policy sets to edge security profile in VNMC

commit 9c1e193fca6f5e7687634fe27a98616362267fbf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sun Apr 7 21:22:22 2013 +0530

    Passing correct subnet mask while creating edge firewall in VNMC

commit 05e3d04b55549ef098a769509171b24ca4a62957
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Apr 2 17:50:57 2013 +0530

    Added changes related to icmp

commit bcecb589de84caa570754c246565dfaa1cb1c2bf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Apr 1 13:57:21 2013 +0530

    Some xml file renames

commit 9c1ee93f2e74ea785ca06cb25f62fad4ad10c69e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sat Mar 30 15:54:25 2013 +0530

    Fixed PF and static NAT rule creation in VNMC

commit 7e6159fa054ec13c8f70fb58af2fdae2f55a0c70
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 18:53:49 2013 +0530

    Added more unit tests for Cisco Vnmc element

commit fc0ed9adb6eaecbe5abbce1088eb80b98953f5cf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 16:48:28 2013 +0530

    Cleaning up VNMC config as part of network shutdown

commit 5a427d48e20f50260b80c57f6e4c3bc6d9057c3f
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 02:22:54 2013 +0530

    Added unit test for Vnmc network element implement() method

commit 48cbf34d3bf44a5601842fa8bbc41be6beea3b07
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 27 02:20:45 2013 +0530

    Passing correct gateway ip while creating vservice node and guest port profile in Nexus

commit 2c386c61ef48a7cf9b282952152ecb7cedd21977
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 22 13:50:52 2013 +0530

    Nexus 1000v fix

commit 4d2168bfa980f1fa4b8a0d10aaf4bdd2395de7cf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 22 00:30:01 2013 +0530

    Egress firewall rule

commit e81ab3a2f443cf0c032a1fae6ed8e0697865b69e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Mar 21 10:50:29 2013 +0530

    More tests for VnmcResource class

commit 9e9c179212e8c0896972c1f19a3327f97832697e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Mar 21 00:25:10 2013 +0530

    Fixed build issue from master merge

commit f0c1af2b5c037bf49bfc2775108600e2fbdc720f
Merge: 4f305c2 873ec27
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 16:20:10 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

    Conflicts:
    	api/src/com/cloud/network/Network.java
    	api/src/org/apache/cloudstack/api/ApiConstants.java
    	client/tomcatconf/components-nonoss.xml.in
    	client/tomcatconf/nonossComponentContext.xml.in
    	plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
    	plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
    	setup/db/db/schema-410to420.sql
    	vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java

commit 4f305c2beb02f836b5ece4e897bf812cd1e03751
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 15:09:34 2013 +0530

    Initial set of tests, will add more in subsequent commits

commit 50bfcc1f752e9ca9b8330d2c4e3b8c5c9dd33155
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 15:02:14 2013 +0530

    Updated pom to copy xmls to target location during build

commit 45bc92b8262e715fdead9411666cbe3274d3ee02
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 20 14:58:59 2013 +0530

    Fixed cpmpilation issue as missed out adding this file

commit 2ce7cdc756bd43adec006b877cb41da6f3e9dd57
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sun Mar 17 17:02:25 2013 +0530

    Creating vservice node and associating it with port profile in nexus for guest VMs

commit 387545caff60541bda5eb67e7fd91e61df5fde3e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Sat Mar 16 11:14:43 2013 +0530

    Added license headers to XML files

commit 43e29974215a73788b249f246d7e62825cf8b4e6
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Mar 13 11:51:59 2013 +0530

    Changes related to instantiating the dao components

commit 99e88ecbf9980abe86fce89807b089a8c1a1a549
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Mar 12 23:40:35 2013 +0530

    Fix build errors after merge from master

commit 7c20b120c294fec4456a7052b630207eb0383458
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Mar 12 23:31:46 2013 +0530

    Fixing poms and other xmls

commit ee868759a8817ec66364ddd9f87b37b3fb8efd08
Merge: 9c94b6d a1b33ca
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Mar 12 14:44:59 2013 +0530

    Merge branch 'master' into cisco-vnmc-api-integration

    Conflicts:
    	api/src/com/cloud/network/Network.java
    	api/src/org/apache/cloudstack/api/ApiConstants.java
    	plugins/pom.xml
    	setup/db/create-schema.sql

commit 9c94b6d231d851c24e6605b6645931f39caff548
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 22:20:23 2013 +0530

    Fixed XML to create static route in VNMC correctly

commit ef069b33235c9d9864749fcfec878c2c255b8c10
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 15:26:26 2013 +0530

    Added logic for revoking ACL, PF and Static NAT rules

commit 4c65b70668bf994adc8c55096dfefde98eb18180
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 13:51:37 2013 +0530

    Renamed delete-acl-rule -> delete-rule

commit aa94eca516836949da40f1c0672c0aad9699c759
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 8 00:38:52 2013 +0530

    - Creating static routes in VNMC as part of edge firewall configuration
    - Passing order parameter while creating rules so that they are evaluated in a specific order
    - Added methods in VnmcResource for listing acl policies and rules belonging to variouos policies. This is used to compute order while creation of various rules in VNMC

commit cc824e8585dc011843125f070f9bbf8dbf985384
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Mar 7 12:16:29 2013 +0530

    Adding appropriate ACL rules for PF and static NAT

commit fb23c503655b29d33c6206dbf4df1ed7f64ff5e2
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 17:21:45 2013 +0530

    Added logic for deleting various VNMC artifacts. Added/updated relevant xmls as well.

commit 970c21a9a335a86c495553db3e1f86c3379bdb8e
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 01:54:10 2013 +0530

    Added implementation for delete of asa and vnmc apis

commit 22e1455142690acd7d5c5faed443cfb263d09dd9
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 01:19:43 2013 +0530

    List asa api to return guest network if associated. From this it can be inferred if asa is available or not

commit 32223736c9a52a73a3e401c301cf7dc3534639d2
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Mar 1 00:50:55 2013 +0530

    Added Vmware cluster info along with asa1kv appliance.
    This is used to select the correct n1kv vsm for configuring the guest network

commit deed3cc9510fee58a02d4f485e3625335f038a57
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 25 18:03:59 2013 +0530

    Added support for static NAT rules.
    - Xmls for creating static nat rules in VNMC
    - applyStaticNats implementation in VNMC network element
    - handler for static nat in resource class

commit 681f0b7b509446d32fb326cd425cd6a8618fc45d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 25 10:44:13 2013 +0530

    Added implementation for firewall and port forwarding rules in Cisco VNMC element class

commit 66b01a6589e0577ff6ba2a14f8df4f32f8c400fb
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 19:19:44 2013 +0530

    VNMC xml for deleting NAT policy

commit 5d9868676868c9f9555aa0e706a6f2f2430cd5cf
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 19:16:41 2013 +0530

    Added support for PF/DNAT rules.
    Created methods in VNMCConnection class to create PF rules. Also moved out common code for PF and source NAT in methods.
    Updated the corresponding VNMC resource class.

commit 8db2fbeb8f04b81399f0932a1f8fd782264fb181
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 18:21:45 2013 +0530

    Added xml for creating NAT policy set in VNMC

commit f2da0d50caf49efeb903b9abde9a4f996cf6cc1b
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 22 18:17:53 2013 +0530

    Added VNMC XMLs for supporting PF/DNAT rules.
    Also moved out some XMLs related to source NAT to common files so that these can be used for both source NAT and DNAT

commit 124a48819d34547d5355396c151279a23899ff65
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Feb 21 17:53:12 2013 +0530

    Separated out creation of ACL policy set and policy in VNMC

commit 1e38515f35f6e567e0118fbea1cdc0dc5ebf9965
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Feb 21 11:54:44 2013 +0530

    Added changes to create ingress fw rules in VNMC

commit cb2fba9e7c331634893b4597841ea13784844a84
Author: Koushik Das <koushik.das@citrix.com>
Date:   Thu Feb 14 16:23:05 2013 +0530

    Source NAT in VNMC

commit 720fe2f908895f2102c1cb00698568f4ddd4b8cd
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 14:16:47 2013 +0530

    Fix Vnmc test file

commit d6dbe790c6a569dceff1a598bec2522760695bdc
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 12:07:03 2013 +0530

    Added db. tables for asa1kv devices and their mapping with guest network

commit 3fd7e30f6e84adb607c3d61be32ecb889cfa73b3
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 11:52:12 2013 +0530

    Changes:
    - Added implementation for add/list asa1kv APIs
    - Added agent command for associating asa1kv appliance with logical edge firewall in VNMC
    - Added handler for the above agent command in VNMC resource class
    - Updated VNMC element class to support the above

commit d08e2a1fafdc68ea1c7d6327829aee5aa4c2c38d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Wed Feb 13 11:40:58 2013 +0530

    Added lifecycle APIs for Cisco Asa 1000v appliance.
    Added corresponding Dao and VO classes.
    Also added mapping Dao and VO for guest netwok and asa appliance

commit 6b999ec867bee2cd31aff5d495470b25af6d45f8
Author: Koushik Das <koushik.das@citrix.com>
Date:   Tue Feb 12 00:05:39 2013 +0530

    Changes:
    a. Added handlers for CreateLogicalEdgeFirewall and ConfigureNexusVSMForASA commands
    b. Logic for add/list vnmc device API
    c. Partial implementation for network element implement()

commit 0656250308f3dd8a6991ee124a0fa3781214b327
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 23:48:19 2013 +0530

    Moved VNMC provider creation to Network.java. The plugin code would have been the ideal place to keep it but current state of the code doesn't allow it.

commit dc402eaa7a67c1b457ccf2243a0e53371a0bcfa9
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 23:35:19 2013 +0530

    Added new commands for the following:
    a. Logical edge firewall creation in VNMC
    b. Asa1kv vservice node creation and updating asa1kv inside port profile with guest network vlan id in n1kv VSM

commit d6cdfe35f8bdb5a22759678da1cf6f1835debecc
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 23:06:36 2013 +0530

    Added helper method to create port profile in n1kv VSM with additional parameters VDC tenant and edge security profile
    Added helper method to create a vservice node in n1kv VSM

commit db42da17e9d3cf7466e0f755d5046d710a5f5356
Author: Koushik Das <koushik.das@citrix.com>
Date:   Mon Feb 11 22:44:01 2013 +0530

    Added database table for storing VNMC devices

commit f991436335254eae4dc11a9f089a5c6e94403cd3
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 8 16:00:15 2013 +0530

    Added support for network offering creation with VNMC as provider for firewall, port forwarding, source nat

commit 74de210359396b1ac880aa0ffa3a38df6574e07d
Author: Koushik Das <koushik.das@citrix.com>
Date:   Fri Feb 8 15:06:11 2013 +0530

    Added name attribute for the VNMC lifecycle commands

commit 6ce25ef11dd7eb98b0ae999f9748e7ea907b7e10
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 16:44:28 2013 -0800

    Fix licensing

commit 392cd8ed631009590c0001e88a82b17294af2c3e
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 16:38:19 2013 -0800

    cisco-vnmc: Fix api to use new conventions

commit 6b142bbaabc1a00c94ec598bbd8e257274372d42
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:33:33 2013 -0800

    WIP: configure ASA port profile

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 1ae21ea49a5535a3e839aba0ccfe95c7e9d9abbd
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:33:01 2013 -0800

    WIP rename device to resource to better reflect nature of VNMC

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 84d218f972e48d5f92e6659282d6d1762070b108
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:32:54 2013 -0800

    WIP: fixes for associating ASA1000v to tenant

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit d74c6a9ac2efc939aa98c466bf0cd9bcf5e5563c
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:32:45 2013 -0800

    WIP: fixes for associating ASA1000v to tenant

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 9350d10849015c3bc710efff48045ca7bd9513f4
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:32:29 2013 -0800

    WIP: admin commands for adding / listing VNMC

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit a8031a0cfed08f59b9e22f5b914f7bc205e04104
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:41 2013 -0800

    WIP ASA 1000v listing"

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit f9cc674b9ce5a04f4cf1c17882c597fcc336b121
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:36 2013 -0800

    WIP : edge firewall

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 6a0964af00437e2175c95f76e913683393ee8988
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:30 2013 -0800

    WIP : edge security policy

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit e32295e8cf3baacb154b2a6cecf48dc3be74f505
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:24 2013 -0800

    WIP : dhcp server policy

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 446a9b84919e8e3d0ed9f131c675726c42ed6a4f
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:18 2013 -0800

    WIP : dhcp server policy

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit e35e0eb59ba3e011cad68155b06e96eaf257e91e
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:14 2013 -0800

    Move unit test

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 2b43a3e74ef0e448eb407d3a967f9d8cf2a1d71b
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:30:08 2013 -0800

    Move unit test

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>

commit 11b804a8940c17e105b25ac7f9dfd87651e4c55a
Author: Chiradeep Vittal <chiradeep@apache.org>
Date:   Wed Jan 16 15:29:54 2013 -0800

    WIP: XML control of VNMC

    Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
---
 api/src/com/cloud/network/Network.java        |    1 +
 .../apache/cloudstack/api/ApiConstants.java   |    1 +
 .../network/ExternalNetworkDeviceManager.java |    1 +
 client/pom.xml                                |   10 +
 client/tomcatconf/commands.properties.in      |   11 +
 .../tomcatconf/nonossComponentContext.xml.in  |   11 +
 .../com/cloud/hypervisor/guru/VMwareGuru.java |   18 +-
 .../vmware/manager/VmwareManagerImpl.java     |    3 +-
 .../vmware/resource/VmwareResource.java       |   13 +-
 plugins/network-elements/cisco-vnmc/pom.xml   |   42 +
 .../scripts/network/cisco/assoc-asa1000v.xml  |   34 +
 .../cisco/associate-acl-policy-set.xml        |   37 +
 .../network/cisco/associate-dhcp-policy.xml   |   34 +
 .../network/cisco/associate-dhcp-server.xml   |   32 +
 .../cisco/associate-nat-policy-set.xml        |   35 +
 .../network/cisco/associate-route-policy.xml  |   33 +
 .../network/cisco/create-acl-policy-ref.xml   |   38 +
 .../network/cisco/create-acl-policy-set.xml   |   36 +
 .../network/cisco/create-acl-policy.xml       |   35 +
 .../cisco/create-acl-rule-for-dnat.xml        |   82 +
 .../network/cisco/create-acl-rule-for-pf.xml  |  156 ++
 .../network/cisco/create-dhcp-policy.xml      |   72 +
 .../network/cisco/create-dnat-rule.xml        |   91 ++
 .../cisco/create-edge-device-profile.xml      |   32 +
 .../cisco/create-edge-device-route-policy.xml |   30 +
 .../cisco/create-edge-device-route.xml        |   35 +
 .../network/cisco/create-edge-firewall.xml    |   89 ++
 .../cisco/create-edge-security-profile.xml    |   41 +
 .../network/cisco/create-egress-acl-rule.xml  |  201 +++
 .../cisco/create-generic-egress-acl-rule.xml  |  122 ++
 .../cisco/create-generic-ingress-acl-rule.xml |  121 ++
 .../network/cisco/create-ingress-acl-rule.xml |  201 +++
 .../scripts/network/cisco/create-ip-pool.xml  |   58 +
 .../network/cisco/create-nat-policy-ref.xml   |   38 +
 .../network/cisco/create-nat-policy-set.xml   |   37 +
 .../network/cisco/create-nat-policy.xml       |   33 +
 .../scripts/network/cisco/create-pf-rule.xml  |  166 ++
 .../network/cisco/create-port-pool.xml        |   72 +
 .../network/cisco/create-source-nat-pool.xml  |   58 +
 .../network/cisco/create-source-nat-rule.xml  |  103 ++
 .../scripts/network/cisco/create-tenant.xml   |   29 +
 .../scripts/network/cisco/create-vdc.xml      |   30 +
 .../network/cisco/delete-acl-policy-set.xml   |   30 +
 .../network/cisco/delete-acl-policy.xml       |   33 +
 .../network/cisco/delete-edge-firewall.xml    |   30 +
 .../cisco/delete-edge-security-profile.xml    |   38 +
 .../network/cisco/delete-nat-policy-set.xml   |   30 +
 .../network/cisco/delete-nat-policy.xml       |   33 +
 .../scripts/network/cisco/delete-rule.xml     |   31 +
 .../scripts/network/cisco/delete-tenant.xml   |   30 +
 .../scripts/network/cisco/delete-vdc.xml      |   30 +
 .../network/cisco/disassoc-asa1000v.xml       |   30 +
 .../network/cisco/list-acl-policies.xml       |   31 +
 .../scripts/network/cisco/list-children.xml   |   27 +
 .../network/cisco/list-nat-policies.xml       |   31 +
 .../cisco/list-policyrefs-in-policyset.xml    |   31 +
 .../scripts/network/cisco/list-tenants.xml    |   26 +
 .../cisco/list-unassigned-asa1000v.xml        |   39 +
 .../scripts/network/cisco/login.xml           |   20 +
 ...iateAsaWithLogicalEdgeFirewallCommand.java |   53 +
 .../CleanupLogicalEdgeFirewallCommand.java    |   43 +
 .../api/ConfigureNexusVsmForAsaCommand.java   |   95 ++
 .../api/CreateLogicalEdgeFirewallCommand.java |   94 ++
 .../commands/AddCiscoAsa1000vResourceCmd.java |  116 ++
 .../api/commands/AddCiscoVnmcResourceCmd.java |  115 ++
 .../DeleteCiscoAsa1000vResourceCmd.java       |   93 ++
 .../commands/DeleteCiscoVnmcResourceCmd.java  |   93 ++
 .../ListCiscoAsa1000vResourcesCmd.java        |  110 ++
 .../commands/ListCiscoVnmcResourcesCmd.java   |  106 ++
 .../CiscoAsa1000vResourceResponse.java        |   88 +
 .../response/CiscoVnmcResourceResponse.java   |   75 +
 .../network/cisco/CiscoAsa1000vDevice.java    |   39 +
 .../network/cisco/CiscoAsa1000vDeviceVO.java  |  101 ++
 .../network/cisco/CiscoVnmcConnection.java    |  196 +++
 .../cisco/CiscoVnmcConnectionImpl.java        | 1415 +++++++++++++++++
 .../network/cisco/CiscoVnmcController.java    |   40 +
 .../network/cisco/CiscoVnmcControllerVO.java  |  102 ++
 .../network/cisco/NetworkAsa1000vMap.java     |   31 +
 .../network/cisco/NetworkAsa1000vMapVO.java   |   73 +
 .../cloud/network/dao/CiscoAsa1000vDao.java   |   33 +
 .../network/dao/CiscoAsa1000vDaoImpl.java     |   63 +
 .../com/cloud/network/dao/CiscoVnmcDao.java   |   32 +
 .../cloud/network/dao/CiscoVnmcDaoImpl.java   |   51 +
 .../network/dao/NetworkAsa1000vMapDao.java    |   28 +
 .../dao/NetworkAsa1000vMapDaoImpl.java        |   61 +
 .../network/element/CiscoAsa1000vService.java |   43 +
 .../network/element/CiscoVnmcElement.java     |  928 +++++++++++
 .../element/CiscoVnmcElementService.java      |   42 +
 .../network/resource/CiscoVnmcResource.java   |  780 +++++++++
 .../ssl/EasySSLProtocolSocketFactory.java     |  232 +++
 .../contrib/ssl/EasyX509TrustManager.java     |  114 ++
 .../cisco/CiscoVnmcConnectionTest.java        |  248 +++
 .../network/element/CiscoVnmcElementTest.java |  401 +++++
 .../resource/CiscoVnmcResourceTest.java       |  285 ++++
 plugins/pom.xml                               |    1 +
 .../src/com/cloud/api/ApiResponseHelper.java  |    4 +-
 .../ConfigurationManagerImpl.java             |    4 +-
 setup/db/db/schema-410to420.sql               |   38 +-
 .../integration/component/test_asa1000v_fw.py |  134 ++
 tools/marvin/marvin/integration/lib/base.py   |   65 +-
 .../utils/cisco/n1kv/vsm/NetconfHelper.java   |   22 +
 .../utils/cisco/n1kv/vsm/VsmCommand.java      |  213 +++
 .../vmware/mo/HypervisorHostHelper.java       |   45 +-
 103 files changed, 9751 insertions(+), 36 deletions(-)
 create mode 100644 plugins/network-elements/cisco-vnmc/pom.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml
 create mode 100644 plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java
 create mode 100755 plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
 create mode 100644 plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java
 create mode 100644 plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
 create mode 100755 plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java
 create mode 100755 plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
 create mode 100755 test/integration/component/test_asa1000v_fw.py

diff --git a/api/src/com/cloud/network/Network.java b/api/src/com/cloud/network/Network.java
index c0b0117fc7e..ffe70d19dc0 100644
--- a/api/src/com/cloud/network/Network.java
+++ b/api/src/com/cloud/network/Network.java
@@ -137,6 +137,7 @@ public interface Network extends ControlledEntity, StateObject<Network.State>, I
         public static final Provider None = new Provider("None", false);
         // NiciraNvp is not an "External" provider, otherwise we get in trouble with NetworkServiceImpl.providersConfiguredForExternalNetworking 
         public static final Provider NiciraNvp = new Provider("NiciraNvp", false);
+        public static final Provider CiscoVnmc = new Provider("CiscoVnmc", true);
 
         private String name;
         private boolean isExternal;
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index b08e992abd2..37cb59f3758 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -476,6 +476,7 @@ public class ApiConstants {
     public static final String AFFINITY_GROUP_IDS = "affinitygroupids";
     public static final String AFFINITY_GROUP_NAMES = "affinitygroupnames";
     public static final String DEPLOYMENT_PLANNER = "deploymentplanner";
+    public static final String ASA_INSIDE_PORT_PROFILE = "insideportprofile";
 
     public enum HostDetails {
         all, capacity, events, stats, min;
diff --git a/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java b/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
index aeed81d2011..29ce2e3971d 100644
--- a/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
+++ b/api/src/org/apache/cloudstack/network/ExternalNetworkDeviceManager.java
@@ -43,6 +43,7 @@ public interface ExternalNetworkDeviceManager extends Manager {
         public static final NetworkDevice F5BigIpLoadBalancer = new NetworkDevice("F5BigIpLoadBalancer", Network.Provider.F5BigIp.getName());
         public static final NetworkDevice JuniperSRXFirewall = new NetworkDevice("JuniperSRXFirewall", Network.Provider.JuniperSRX.getName());
         public static final NetworkDevice NiciraNvp = new NetworkDevice("NiciraNvp", Network.Provider.NiciraNvp.getName());
+        public static final NetworkDevice CiscoVnmc = new NetworkDevice("CiscoVnmc", Network.Provider.CiscoVnmc.getName());
 
         public NetworkDevice(String deviceName, String ntwkServiceprovider) {
             _name = deviceName;
diff --git a/client/pom.xml b/client/pom.xml
index 08946b6d905..743cd363005 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -455,6 +455,11 @@
                   file="${basedir}/target/generated-webapp/WEB-INF/web.xml"
                   match="classpath:componentContext.xml"
                   replace="classpath:nonossComponentContext.xml" byline="true" />
+                <exec executable="cp">
+                    <arg value="-r" />
+                    <arg value="${basedir}/../plugins/network-elements/cisco-vnmc/scripts" />
+                    <arg value="${basedir}/target/generated-webapp/WEB-INF/classes/" />
+                </exec>
               </target>
             </configuration>
           </execution>
@@ -639,6 +644,11 @@
           <artifactId>cloud-vmware-base</artifactId>
           <version>${project.version}</version>
         </dependency>
+        <dependency>
+          <groupId>org.apache.cloudstack</groupId>
+          <artifactId>cloud-plugin-network-cisco-vnmc</artifactId>
+          <version>${project.version}</version>
+        </dependency>
       </dependencies>
     </profile>
   </profiles>
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index 798d226ca96..10fcfe3f687 100644
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -577,3 +577,14 @@ deleteAffinityGroup=15
 listAffinityGroups=15
 updateVMAffinityGroup=15
 listAffinityGroupTypes=15
+
+#### Cisco Vnmc commands
+addCiscoVnmcResource=1
+deleteCiscoVnmcResource=1
+listCiscoVnmcResources=1
+
+#### Cisco Asa1000v commands
+addCiscoAsa1000vResource=1
+deleteCiscoAsa1000vResource=1
+listCiscoAsa1000vResources=1
+
diff --git a/client/tomcatconf/nonossComponentContext.xml.in b/client/tomcatconf/nonossComponentContext.xml.in
index 3ede2634285..aac3b893a8a 100644
--- a/client/tomcatconf/nonossComponentContext.xml.in
+++ b/client/tomcatconf/nonossComponentContext.xml.in
@@ -136,6 +136,16 @@
     <property name="name" value="CiscoNexus1000vVSM"/>
   </bean>
   
+  <!--
+    Cisco VNMC support components
+  -->
+  <bean id="ciscoVnmcDaoImpl" class="com.cloud.network.dao.CiscoVnmcDaoImpl" />
+  <bean id="ciscoAsa1000vDaoImpl" class="com.cloud.network.dao.CiscoAsa1000vDaoImpl" />
+  <bean id="networkAsa1000vMapDaoImpl" class="com.cloud.network.dao.NetworkAsa1000vMapDaoImpl" />
+  <bean id="CiscoVNMC" class="com.cloud.network.element.CiscoVnmcElement">
+    <property name="name" value="CiscoVNMC"/>
+  </bean>
+  
   <!--
     BigSwitch support components
   -->  
@@ -324,6 +334,7 @@
           <ref bean="Netscaler"/>
           <ref bean="F5BigIP"/>
           <ref bean="CiscoNexus1000vVSM"/>
+          <ref bean="CiscoVNMC"/>
           <ref bean="NiciraNvp" />
           <ref bean="MidoNetElement" />
           <ref bean="bigSwitchVnsElement"/>
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
index f6f0923c7ae..122ba3b9dba 100644
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/guru/VMwareGuru.java
@@ -52,7 +52,9 @@ import com.cloud.hypervisor.HypervisorGuru;
 import com.cloud.hypervisor.HypervisorGuruBase;
 import com.cloud.hypervisor.vmware.manager.VmwareManager;
 import com.cloud.hypervisor.vmware.mo.VirtualEthernetCardType;
+import com.cloud.network.Network.Provider;
 import com.cloud.network.NetworkModel;
+import com.cloud.network.Network.Service;
 import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
@@ -143,13 +145,23 @@ public class VMwareGuru extends HypervisorGuruBase implements HypervisorGuru {
 		    details.put(VmDetailConstants.ROOK_DISK_CONTROLLER, _vmwareMgr.getRootDiskController());
             }
         }
-        
+
+        List<NicProfile> nicProfiles = vm.getNics();
+
+        for(NicProfile nicProfile : nicProfiles) {
+            if(nicProfile.getTrafficType() == TrafficType.Guest) {
+                if(_networkMgr.isProviderSupportServiceInNetwork(nicProfile.getNetworkId(), Service.Firewall, Provider.CiscoVnmc)) {
+                    details.put("ConfigureVServiceInNexus", Boolean.TRUE.toString());
+                }
+                break;
+            }
+        }
+
         to.setDetails(details);
 
         if(vm.getVirtualMachine() instanceof DomainRouterVO) {
-            List<NicProfile> nicProfiles = vm.getNics();
-            NicProfile publicNicProfile = null;
 
+            NicProfile publicNicProfile = null;
             for(NicProfile nicProfile : nicProfiles) {
                 if(nicProfile.getTrafficType() == TrafficType.Public) {
                     publicNicProfile = nicProfile;
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
index b2e37685d17..eb09af0d67e 100755
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/manager/VmwareManagerImpl.java
@@ -317,8 +317,7 @@ public class VmwareManagerImpl extends ManagerBase implements VmwareManager, Vmw
         }
 
         s_logger.info("Preparing network on host " + hostMo.getContext().toString() + " for " + privateTrafficLabel);
-            HypervisorHostHelper.prepareNetwork(vSwitchName, "cloud.private", hostMo, vlanId, null, null, 180000, false);
-
+        HypervisorHostHelper.prepareNetwork(vSwitchName, "cloud.private", hostMo, vlanId, null, null, 180000, false);
     }
 
     @Override
diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
index f569595b8b0..3dc23ccb060 100755
--- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
+++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
@@ -1329,7 +1329,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
 
             NicTO nicTo = cmd.getNic();
             VirtualDevice nic;
-            Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo);
+            Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo, false);
             if (VmwareHelper.isDvPortGroup(networkInfo.first())) {
                 String dvSwitchUuid;
                 ManagedObjectReference dcMor = hyperHost.getHyperHostDatacenter();
@@ -1571,7 +1571,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
                     vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, true);
         } else {
             networkInfo = HypervisorHostHelper.prepareNetwork(this._publicTrafficInfo.getVirtualSwitchName(), "cloud.public",
-                    vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, vSwitchType, _portsPerDvPortGroup);
+                    vmMo.getRunningHost(), vlanId, null, null, this._ops_timeout, vSwitchType, _portsPerDvPortGroup, null, false);
         }
 
         int nicIndex = allocPublicNicIndex(vmMo);
@@ -2304,7 +2304,8 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
             for (NicTO nicTo : sortNicsByDeviceId(nics)) {
                 s_logger.info("Prepare NIC device based on NicTO: " + _gson.toJson(nicTo));
 
-                Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo);
+                boolean configureVServiceInNexus = (nicTo.getType() == TrafficType.Guest) && (vmSpec.getDetails().containsKey("ConfigureVServiceInNexus"));
+                Pair<ManagedObjectReference, String> networkInfo = prepareNetworkFromNicInfo(vmMo.getRunningHost(), nicTo, configureVServiceInNexus);
                 if (VmwareHelper.isDvPortGroup(networkInfo.first())) {
                     String dvSwitchUuid;
                     ManagedObjectReference dcMor = hyperHost.getHyperHostDatacenter();
@@ -2504,7 +2505,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
         return defaultVlan;
     }
 
-    private Pair<ManagedObjectReference, String> prepareNetworkFromNicInfo(HostMO hostMo, NicTO nicTo) throws Exception {
+    private Pair<ManagedObjectReference, String> prepareNetworkFromNicInfo(HostMO hostMo, NicTO nicTo, boolean configureVServiceInNexus) throws Exception {
         Pair<String, String> switchName;
         TrafficType trafficType;
         VirtualSwitchType switchType;
@@ -2534,7 +2535,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
         }
         else {
             networkInfo = HypervisorHostHelper.prepareNetwork(switchName.first(), namePrefix, hostMo, getVlanInfo(nicTo, switchName.second()),
-                    nicTo.getNetworkRateMbps(), nicTo.getNetworkRateMulticastMbps(), _ops_timeout, switchType, _portsPerDvPortGroup);
+                    nicTo.getNetworkRateMbps(), nicTo.getNetworkRateMulticastMbps(), _ops_timeout, switchType, _portsPerDvPortGroup, nicTo.getGateway(), configureVServiceInNexus);
         }
 
         return networkInfo;
@@ -3024,7 +3025,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
             NicTO[] nics = vm.getNics();
             for (NicTO nic : nics) {
                 // prepare network on the host
-                prepareNetworkFromNicInfo(new HostMO(getServiceContext(), _morHyperHost), nic);
+                prepareNetworkFromNicInfo(new HostMO(getServiceContext(), _morHyperHost), nic, false);
             }
 
             String secStoreUrl = mgr.getSecondaryStorageStoreUrl(Long.parseLong(_dcId));
diff --git a/plugins/network-elements/cisco-vnmc/pom.xml b/plugins/network-elements/cisco-vnmc/pom.xml
new file mode 100644
index 00000000000..1ac6bd8d8c9
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/pom.xml
@@ -0,0 +1,42 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>cloud-plugin-network-cisco-vnmc</artifactId>
+  <name>Apache CloudStack Plugin - Cisco VNMC</name>
+  <parent>
+    <groupId>org.apache.cloudstack</groupId>
+    <artifactId>cloudstack-plugins</artifactId>
+    <version>4.2.0-SNAPSHOT</version>
+    <relativePath>../../pom.xml</relativePath>
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.cloudstack</groupId>
+      <artifactId>cloud-plugin-hypervisor-vmware</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cloudstack</groupId>
+      <artifactId>cloud-vmware-base</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml
new file mode 100644
index 00000000000..b0249db741b
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/assoc-asa1000v.xml
@@ -0,0 +1,34 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <fwResourceBinding
+      assignedToDn="%fwdn%"
+      dn="%binddn%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
+
+<!--
+    assignedToDn="fw/inst-1007"
+    dn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD/binding"
+-->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
new file mode 100755
index 00000000000..e3113ae22c7
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
@@ -0,0 +1,37 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos 
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%espdn%">
+      <policyVirtualNetworkEdgeProfile
+        connTimeoutRef=""
+        descr="%descr%"
+        dn="%espdn%"
+        egressAclPsetRef="%egresspolicysetname%"
+        ingressAclPsetRef="%ingresspolicysetname%"
+        inspectRef=""
+        name="%name%"
+        natPsetRef="%natpolicysetname%"
+        status="modified"
+        vpnRef=""/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml
new file mode 100644
index 00000000000..e866f51e366
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-policy.xml
@@ -0,0 +1,34 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%dhcpdn%">
+      <policyDhcpPolicyAssoc
+        dn="%dhcpdn%"
+        interfaceName="%insideintf%"
+        policyRef=""
+        status="created"
+        type="server"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
+
+<!--dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile/dhcp-Edge_Inside"-->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml
new file mode 100644
index 00000000000..930e4ec77a2
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-dhcp-server.xml
@@ -0,0 +1,32 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%dhcpdn%">
+      <policyDhcpPolicyAssoc
+        dn="%dhcpdn%"
+        interfaceName="%insideintf%"
+        policyRef="%dhcpserverpolicyname%"
+        status="modified"
+        type="server"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
new file mode 100644
index 00000000000..6d67c31c5d6
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-nat-policy-set.xml
@@ -0,0 +1,35 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%espdn%">
+      <policyVirtualNetworkEdgeProfile
+        connTimeoutRef=""
+        descr="%descr%"
+        dn="%espdn%"
+        inspectRef=""
+        name="%name%"
+        natPsetRef="%natpolicysetname%"
+        status="modified"
+        vpnRef=""/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
new file mode 100644
index 00000000000..8884a1b9686
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-route-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <policyEdgeDeviceServiceProfile
+      addrTranslationTimeout="10800"
+      dn="%dn%"
+      ipAudit=""
+      name="%name%"
+      routing="%routepolicyname%"
+      status="modified"
+      vpn=""/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
new file mode 100755
index 00000000000..c534c327194
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-ref.xml
@@ -0,0 +1,38 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+
+  <inConfigs>
+    <pair key="%aclpolicyrefdn%">
+      <policyPolicyNameRef
+        dn="%aclpolicyrefdn%"
+        order="%order%"
+        policyName="%aclpolicyname%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclpolicyrefdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-Ingress-ACL-Policy-Set-vlan-123/polref-aaa"
+    aclpolicyname="aaa"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
new file mode 100755
index 00000000000..b475d2ca564
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
@@ -0,0 +1,36 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%aclpolicysetdn%">
+      <policyPolicySet
+        descr="%descr%"
+        dn="%aclpolicysetdn%"
+        name="%aclpolicysetname%"
+        status="created"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclpolicysetdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo"
+    aclpolicysetname="foo"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml
new file mode 100755
index 00000000000..e71cd429858
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml
@@ -0,0 +1,35 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfig>
+      <policyRuleBasedPolicy
+        descr=""
+        dn="%aclpolicydn%"
+        name="%aclpolicyname%"
+        status="created"/>
+    </inConfig>
+</configConfMo>
+
+<!--
+    aclpolicydn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy"
+    aclpolicyname="test_policy"
+--!>
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml
new file mode 100755
index 00000000000..5b6aaa3f59b
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-dnat.xml
@@ -0,0 +1,82 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    ip="public ip at destination"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml
new file mode 100755
index 00000000000..1a1d9cbf3e2
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-rule-for-pf.xml
@@ -0,0 +1,156 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%startport%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%endport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue="TCP" or "UDP"
+    ip="public ip at destination"
+    startport="start port at destination"
+    endport="end port at destination"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml
new file mode 100644
index 00000000000..5bb4abcd8e1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dhcp-policy.xml
@@ -0,0 +1,72 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%dhcpserverdn%">
+      <policyDhcpServerPolicy
+        descr="%dhcpserverdescr%"
+        dn="%dhcpserverdn%"
+        dnsDomainRef=""
+        leaseTime="1036799"
+        name="%dhcpservername%"
+        pingTimeout="50"
+        status="created"/>
+    </pair>
+
+    <pair key="%iprangedn%">
+      <policyIPAddressRange
+        dn="%iprangedn%"
+        endip="%endip%"
+        name="iprange"
+        startip="%startip%"
+        status="created"
+        subnet="%subnet%"/>
+    </pair>
+
+    <pair key="%dnsservicedn%">
+      <commDns
+        descr=""
+        dn="%dnsservicedn%"
+        domain="%domain%"
+        name="%dnsservicename%"
+        status="created"/>
+    </pair>
+
+    <pair key="%nameserverdn%">
+      <commDnsProvider
+        descr=""
+        dn="%nameserverdn%"
+        hostip="%nameserverip%"
+        order="100"
+        status="created"/>
+    </pair>
+
+  </inConfigs>  
+</configConfMos> 
+  
+<!--
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy" 
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/ip-range-iprange" 
+    "org-root/org-TenantC/org-VDC-TenantC/dhcp-server-TenantC-Dhcp-Policy/ip-range-iprange"
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/dns-svc-Tenant3-DNS" 
+    "org-root/org-TestTenant3/org-Tenant3-VDC/dhcp-server-Tenant3-DHCP-Policy/dns-svc-Tenant3-DNS/dns-8.8.8.8" 
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
new file mode 100755
index 00000000000..bd8dbff6d32
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml
@@ -0,0 +1,91 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%natruledn%"
+        name="%natrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/nat-action">
+      <natpolicyNatAction
+        actionType="static"
+        destTranslatedIpPool="%ippoolname%"
+        destTranslatedPortPool=""
+        dn="%natruledn%/nat-action"
+        id="0"
+        isBidirectionalEnabled="yes"
+        isDnsEnabled="no"
+        isNoProxyArpEnabled="no"
+        isRoundRobinIpEnabled="no"
+        srcTranslatedIpPatPool=""
+        srcTranslatedIpPool=""
+        srcTranslatedPortPool=""
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natruledn="org-root/org-vlan-123/org-VDC-vlan-123/natpol-aaa/rule-bbb"
+    natrulename="bbb"
+    descr=value
+    ippoolname="ccc"
+    ip="10.147.30.230"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
new file mode 100644
index 00000000000..c4bdd026186
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-profile.xml
@@ -0,0 +1,32 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <policyEdgeDeviceServiceProfile
+      addrTranslationTimeout="10800"
+      descr="%descr%"
+      dn="%dn%"
+      name="%name%"
+      status="created"
+      vpn=""/>
+  </inConfig>
+</configConfMo>
+<!-- dn="org-root/org-TestTenant3/org-Tenant3-VDC/edsp-Tenant3-Edge-Device-Profile" -->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
new file mode 100644
index 00000000000..69f4a5f7bfd
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route-policy.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <routeRoutingPolicy
+      descr="%descr%"
+      dn="%routepolicydn%"
+      name="%name%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
new file mode 100644
index 00000000000..126c188f979
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-device-route.xml
@@ -0,0 +1,35 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%routepolicydn%/sroute-2">
+      <routeStaticRoute
+        dn="%routepolicydn%/sroute-2"
+        id="2"
+        ipAddress="%destination%"
+        ipSubnet="%netmask%"
+        nextHopGWIp="%nexthop%"
+        nextHopIntf="%nexthopintf%"
+        routeMetric="1"
+        status="created"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
new file mode 100644
index 00000000000..e5447e39e63
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-firewall.xml
@@ -0,0 +1,89 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+      <pair key="%edgefwdn%" >
+        <fwEdgeFirewall
+          haMode="standalone"
+          descr="%edgefwdescr%"
+          dn="%edgefwdn%"
+          name="%edgefwname%"
+          status="created"/>
+      </pair>
+
+      <pair key="%insideintfdn%">
+        <fwDataInterface
+          descr="ASA Inside Interface"
+          dn="%insideintfdn%"
+          ipAddressPrimary="%insideip%"
+          ipAddressSecondary="0.0.0.0"
+          ipSubnet="%insidesubnet%"
+          isIpViaDHCP="no"
+          name="%insideintfname%"
+          role="inside"
+          status="created"/>
+      </pair>
+
+      <pair key="%outsideintfdn%">
+        <fwDataInterface
+          descr="ASA Outside interface "
+          dn="%outsideintfdn%"
+          ipAddressPrimary="%publicip%"
+          ipAddressSecondary="0.0.0.0"
+          ipSubnet="%outsidesubnet%"
+          isIpViaDHCP="no"
+          name="%outsideintfname%"
+          role="outside"
+          status="created"/>
+      </pair>
+
+      <pair key="%outsideintfsp%" >
+        <logicalInterfaceServiceProfileAssociation
+          descr=""
+          dn="%outsideintfsp%"
+          name=""
+          profileRef="%secprofileref%"
+          status="created"/>
+      </pair>
+
+      <pair key="%deviceserviceprofiledn%" >
+        <logicalDeviceServiceProfileAssociation
+          descr=""
+          dn="%deviceserviceprofiledn%"
+          name=""
+          profileRef="%deviceserviceprofile%"
+          status="created"/>
+      </pair>
+    </inConfigs>
+</configConfMos>
+  
+<!--
+    edgefwdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD"
+    insideintfdn="org-root/org-TenantD/org-VDC-TenantD/efw-ASA-1000v-TenantD/interface-Edge_Inside"
+    descr="%edgefwdescr%"
+    ipAddressPrimary="%insideip%"
+    ipSubnet="%insidesubnet%"
+    name="%insideintfname%"
+    outsideintfdn="%outsideintfdn%"
+    ipAddressPrimary="%publicip%"
+    ipSubnet="%outsidesubnet%"
+    name="%outsideintfname%
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
new file mode 100644
index 00000000000..e2f5eaf0686
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-edge-security-profile.xml
@@ -0,0 +1,41 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <policyVirtualNetworkEdgeProfile
+      descr="%descr%"
+      dn="%espdn%"
+      egressAclPsetRef="%egressref%"
+      ingressAclPsetRef="%ingressref%"
+      name="%name%"
+      status="created"
+      vpnRef=""/>
+  </inConfig>
+</configConfMo>
+
+<!--
+    descr="Edge Security Profile for Tenant3"
+    dn="org-root/org-TestTenant3/org-Tenant3-VDC/vnep-Tenant3-ESSP"
+    egressAclPsetRef="default-egress"
+    ingressAclPsetRef="default-ingress"
+    name="Tenant3-ESSP"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
new file mode 100755
index 00000000000..930272ed8ee
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
@@ -0,0 +1,201 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%sourceip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-5">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-5"
+        id="5"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-5/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartport%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP"
+    deststartip="destination start ip"
+    destendip="destination end ip"
+    sourcestartport="start port at source"
+    sourceendport="end port at source"
+    sourceip="source ip"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
new file mode 100755
index 00000000000..92c25043dad
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
@@ -0,0 +1,122 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP" or "ICMP"
+    deststartip="destination start ip"
+    destendip="destination end ip"
+    sourceip="source ip"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
new file mode 100755
index 00000000000..7c1164138bc
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
@@ -0,0 +1,121 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP" or "ICMP"
+    sourcestartip = "source start IP"
+    sourceendip = "source end IP"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
new file mode 100755
index 00000000000..1af30b44416
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@@ -0,0 +1,201 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%destip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-5">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-5"
+        id="5"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-5/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartport%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP"
+    sourcestartip="source start ip"
+    sourceendip="source end ip"
+    deststartport="start port at destination"
+    destendport="end port at destination"
+    destip="destination ip"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml
new file mode 100755
index 00000000000..4cf0451c33d
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ip-pool.xml
@@ -0,0 +1,58 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%ippooldn%">
+      <policyObjectGroup
+        descr="%descr%"
+        dn="%ippooldn%"
+        name="%ippoolname%"
+        status="created"/>
+    </pair>
+    <pair key="%ippooldn%/objgrp-expr-2">
+      <policyObjectGroupExpression
+        dn="%ippooldn%/objgrp-expr-2"
+        id="2"
+        opr="eq"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%ippooldn%/objgrp-expr-2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%ippooldn%/objgrp-expr-2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ipvalue%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    ippooldn="org-root/org-vlan-123/org-VDC-vlan-123/objgrp-ccc"
+    ippoolname="ccc"
+    ipvalue="10.1.1.20"
+--!>
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml
new file mode 100755
index 00000000000..450d40c9d6d
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-ref.xml
@@ -0,0 +1,38 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos 
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natpolicyrefdn%" >
+      <policyPolicyNameRef
+        dn="%natpolicyrefdn%"
+        order="%order%"
+        policyName="%natpolicyname%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natpolicyrefdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set/polref-Source-NAT-Policy-TenantD"
+    natpolicyname="Source-NAT-Policy-TenantD"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
new file mode 100644
index 00000000000..090caf15cb4
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy-set.xml
@@ -0,0 +1,37 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%natpolicysetdn%">
+      <natpolicyNatPolicySet
+        adminState="enabled"
+        descr="%descr%"
+        dn="%natpolicysetdn%"
+        name="%natpolicysetname%"
+        status="created"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natpolicysetdn="org-root/org-TenantD/org-VDC-TenantD/natpset-TenantD-NAT-Policy-Set"
+    natpolicysetname="Source-NAT-Policy-Set-TenantD"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml
new file mode 100755
index 00000000000..0b556f42a84
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-nat-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natpolicydn%">
+      <natpolicyNatRuleBasedPolicy
+        descr=""
+        dn="%natpolicydn%"
+        name="%natpolicyname%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
new file mode 100755
index 00000000000..a8a631f5d7f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml
@@ -0,0 +1,166 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%natruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%natruledn%"
+        name="%natrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/nat-action">
+      <natpolicyNatAction
+        actionType="static"
+        destTranslatedIpPool="%ippoolname%"
+        destTranslatedPortPool="%portpoolname%"
+        dn="%natruledn%/nat-action"
+        id="0"
+        isBidirectionalEnabled="yes"
+        isDnsEnabled="no"
+        isNoProxyArpEnabled="no"
+        isRoundRobinIpEnabled="no"
+        srcTranslatedIpPatPool=""
+        srcTranslatedIpPool=""
+        srcTranslatedPortPool=""
+        status="created"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%ip%"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%startport%"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%endport%"/>
+    </pair>
+
+    <pair key="%natruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%natruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%natruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    natruledn="org-root/org-vlan-123/org-VDC-vlan-123/natpol-aaa/rule-bbb"
+    natrulename="bbb"
+    descr=value
+    ippoolname="ccc"
+    portpoolname="ddd"
+    ip="10.147.30.230"
+    startport="22"
+    endport="22"
+    protocolvalue="TCP"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml
new file mode 100755
index 00000000000..e1b7be024f7
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-port-pool.xml
@@ -0,0 +1,72 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%portpooldn%">
+      <policyObjectGroup
+        descr="%descr%"
+        dn="%portpooldn%"
+        name="%portpoolname%"
+        status="created"/>
+    </pair>
+    <pair key="%portpooldn%/objgrp-expr-2">
+      <policyObjectGroupExpression
+        dn="%portpooldn%/objgrp-expr-2"
+        id="2"
+        opr="range"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%portpooldn%/objgrp-expr-2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%portpooldn%/objgrp-expr-2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%startport%"/>
+    </pair>
+    <pair key="%portpooldn%/objgrp-expr-2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%portpooldn%/objgrp-expr-2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%endport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    portpooldn="org-root/org-vlan-123/org-VDC-vlan-123/objgrp-ddd"
+    portpoolname="ddd"
+    startport="22"
+    endport="22"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
new file mode 100644
index 00000000000..2ad1e8798a5
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-pool.xml
@@ -0,0 +1,58 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%snatpoolexprdn%" >
+      <policyObjectGroupExpression
+        dn="%snatpoolexprdn%" 
+        opr="eq"
+        order="unspecified"
+        status="created"/>
+    </pair>
+
+    <pair key="%publicipdn%" >
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%publicipdn%"
+        name=""
+        placement="none"
+        status="created"
+        value="%publicip%"/>
+    </pair>
+
+    <pair key="%snatpooldn%">
+      <policyObjectGroup
+        descr="%descr%"
+        dn="%snatpooldn%"
+        name="%name%"
+        status="created"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    snatpoolexprdn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2"
+    publicipdn="org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3/objgrp-expr-2/nw-ip-2"
+    snatpooldn= "org-root/org-TestTenant3/org-Tenant3-VDC/objgrp-Source-NAT-Pool-For-Tenant3"
+    value="10.223.136.10"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
new file mode 100644
index 00000000000..a3ee9875e19
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-source-nat-rule.xml
@@ -0,0 +1,103 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos 
+  cookie="%cookie%" 
+  inHierarchical="false">
+    <inConfigs>
+
+      <pair key="%natruledn%">
+        <policyRule
+          descr="%descr%"
+          dn="%natruledn%"
+          name="%natrulename%"
+          order="%order%"
+          status="created"/>
+      </pair>
+
+      <pair key="%natruledn%/nat-action">
+        <natpolicyNatAction
+          actionType="static"
+          destTranslatedIpPool=""
+          destTranslatedPortPool=""
+          dn="%natruledn%/nat-action"
+          id="0"
+          isBidirectionalEnabled="yes"
+          isDnsEnabled="yes"
+          isNoProxyArpEnabled="no"
+          isRoundRobinIpEnabled="no"
+          srcTranslatedIpPatPool=""
+          srcTranslatedIpPool="%ippoolname%"
+          srcTranslatedPortPool=""
+          status="created"/>
+      </pair>
+
+      <pair key="%natruledn%/rule-cond-2">
+        <policyRuleCondition
+          dn="%natruledn%/rule-cond-2"
+          id="2"
+          order="unspecified"
+          status="created"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2">
+        <policyNetworkExpression
+          dn="%natruledn%/rule-cond-2/nw-expr2" 
+          id="2"
+          opr="range"
+          status="created"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual">
+        <policyNwAttrQualifier
+          attrEp="source"
+          dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"
+          status="created"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2">
+        <policyIPAddress
+          dataType="string"
+          descr=""
+          dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"
+          id="2"
+          name=""
+          placement="begin"
+          status="created"
+          value="%srcstartip%"/>
+      </pair>
+      <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-3">
+        <policyIPAddress
+          dataType="string"
+          descr=""
+          dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-3"
+          id="3"
+          name=""
+          placement="end"
+          status="created"
+          value="%srcendip%"/>
+      </pair>
+
+    </inConfigs>
+</configConfMos>
+
+<!--
+    natruledn="org-root/org-TestTenant3/org-Tenant3-VDC/natpol-Source-NAT-For-Tenant3/rule-Source-NAT-Policy-Rule"
+    natrulename="Source-NAT-Policy-Rule"
+    descr="Source NAT Policy Rule for Tenant3"
+    ippoolname=value
+    srcstartip=value
+    srcendip=value
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml
new file mode 100644
index 00000000000..085b7a2e533
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-tenant.xml
@@ -0,0 +1,29 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <orgTenant
+      descr="%descr%"
+      dn="%dn%"
+      name="%name%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml
new file mode 100644
index 00000000000..4cb805ecf7e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-vdc.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfig>
+    <orgDatacenter
+      descr="%descr%"
+      dn="%dn%"
+      name="%name%"
+      status="created"/>
+  </inConfig>
+</configConfMo>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml
new file mode 100755
index 00000000000..2c5578659c7
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy-set.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%aclpolicysetdn%">
+      <policyPolicySet
+        dn="%aclpolicysetdn%"
+        name="%aclpolicysetname%"
+        status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml
new file mode 100755
index 00000000000..b1a27650419
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+
+      <pair key="%aclpolicydn%">
+        <policyRuleBasedPolicy
+          descr=""
+          dn="%aclpolicydn%"
+          name="%aclpolicyname%"
+          status="deleted,modified"/>
+      </pair>
+
+    </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml
new file mode 100755
index 00000000000..992d6a1ab62
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-firewall.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%edgefwdn%">
+      <fwEdgeFirewall
+        dn="%edgefwdn%"
+        name="%edgefwname%"
+        status="deleted"/>
+      </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml
new file mode 100755
index 00000000000..f394fe91d9e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-edge-security-profile.xml
@@ -0,0 +1,38 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%espdn%">
+      <policyVirtualNetworkEdgeProfile
+        connTimeoutRef=""
+        dn="%espdn%"
+        egressAclPsetRef=""
+        ingressAclPsetRef=""
+        inspectRef=""
+        ipAuditRef=""
+        name="%name%"
+        natPsetRef=""
+        status="deleted,modified"
+        tcpInterceptRef=""
+        vpnRef=""/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml
new file mode 100755
index 00000000000..3f4c08d747f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy-set.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%natpolicysetdn%">
+      <natpolicyNatPolicySet
+        dn="%natpolicysetdn%"
+        name="%natpolicysetname%"
+        status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml
new file mode 100755
index 00000000000..6c3ed7b9f48
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-nat-policy.xml
@@ -0,0 +1,33 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+
+      <pair key="%natpolicydn%">
+        <natpolicyNatRuleBasedPolicy
+          descr=""
+          dn="%natpolicydn%"
+          name="%natpolicyname%"
+          status="deleted,modified"/>
+      </pair>
+
+    </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
new file mode 100755
index 00000000000..e56e9190496
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-rule.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%ruledn%">
+      <policyRule
+        descr=""
+        dn="%ruledn%"
+        name="%rulename%"
+        status="deleted"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml
new file mode 100755
index 00000000000..05bef9a2906
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-tenant.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%dn%">
+      <orgTenant
+        dn="%dn%"
+        name="%name%"
+        status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml
new file mode 100755
index 00000000000..fbc2312c208
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-vdc.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+  <pair key="%dn%">
+    <orgDatacenter
+      dn="%dn%"
+      name="%name%"
+      status="deleted,modified"/>
+    </pair>
+  </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml
new file mode 100755
index 00000000000..448b65f0d53
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/disassoc-asa1000v.xml
@@ -0,0 +1,30 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+    <pair key="%binddn%">
+      <fwResourceBinding
+        assignedToDn="%fwdn%"
+        dn="%binddn%"
+        status="deleted"/>
+      </pair>
+    </inConfigs>
+</configConfMos>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
new file mode 100755
index 00000000000..aec800e9f4a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-acl-policies.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<orgResolveInScope
+  dn="%vdcdn%"
+  cookie="%cookie%"
+  inClass="policyRuleBasedPolicy"
+  inSingleLevel="false"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</orgResolveInScope>
+
+<!--
+    vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
new file mode 100755
index 00000000000..f272999a76c
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-children.xml
@@ -0,0 +1,27 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configResolveChildren
+  cookie="%cookie%"
+  inDn="%dn%"
+  inHierarchical="true">
+  <inFilter>
+  </inFilter>
+</configResolveChildren>
+
+<!--dn="org-root/org-vlan-517/org-VDC-vlan-517/natpol-DNAT-vlan-517-10-147-30-235"--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml
new file mode 100755
index 00000000000..720ced06d8a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-nat-policies.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<orgResolveInScope
+  dn="%vdcdn%"
+  cookie="%cookie%"
+  inClass="natpolicyNatRuleBasedPolicy"
+  inSingleLevel="false"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</orgResolveInScope>
+
+<!--
+    vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml
new file mode 100755
index 00000000000..c53af90369d
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-policyrefs-in-policyset.xml
@@ -0,0 +1,31 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<orgResolveInScope
+  dn="%vdcdn%"
+  cookie="%cookie%"
+  inClass="policyPolicyNameRef"
+  inSingleLevel="false"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</orgResolveInScope>
+
+<!--
+    vdcdn="org-root/org-vlan-123/org-VDC-vlan-123"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml
new file mode 100644
index 00000000000..63ae848b3e1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-tenants.xml
@@ -0,0 +1,26 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configResolveChildren
+  cookie="%cookie%"
+  classId="orgTenant"
+  inDn="org-root"
+  inHierarchical="false">
+  <inFilter>
+  </inFilter>
+</configResolveChildren>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml
new file mode 100644
index 00000000000..539f330da8a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/list-unassigned-asa1000v.xml
@@ -0,0 +1,39 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configResolveChildren
+  cookie="%cookie%"
+  classId="fwInstance"
+  inDn="fw"
+  inHierarchical="false">
+  <inFilter>
+    <and>
+      <eq class="fwInstance" property="capability" value="infra-fw"/>
+      <eq class="fwInstance" property="assoc" value="none"/>
+    </and>
+  </inFilter>
+</configResolveChildren>
+
+<!-- resource-mgr -->
+<!--
+<configResolveChildren cookie="1349366974/592be573-8a27-48d3-aab1-cf6cb94f23ab" commCookie="5/12/0/1cae" srcExtSys="10.223.56.5" destExtSys="10.223.56.5" srcSvc="sam_extXMLApi" destSvc="resource-mgr_dme" response="yes" classId="fwInstance">
+  <outConfigs>
+    <fwInstance assignedToDn="" assoc="none" capability="infra-fw" descr="" dn="fw/inst-1007" fltAggr="0" fsmDescr="" fsmPrev="DisassociateSuccess" fsmProgr="100" fsmRmtInvErrCode="none" fsmRmtInvErrDescr="" fsmRmtInvRslt="" fsmStageDescr="" fsmStamp="2012-10-04T16:07:40.110" fsmStatus="nop" fsmTry="0" intId="11818" mgmtIp="10.223.56.7" model="" name="ASA 1000V" pooled="0" registeredClientDn="extpol/reg/clients/client-1007" revision="0" serial="" svcId="1007" vendor=""/>
+  </outConfigs>
+</configResolveChildren>
+-->
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml
new file mode 100644
index 00000000000..8e1c435ea15
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/login.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="us-ascii"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<aaaLogin inName="%username%" inPassword="%password%" />
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java
new file mode 100755
index 00000000000..a438cbc0e59
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/AssociateAsaWithLogicalEdgeFirewallCommand.java
@@ -0,0 +1,53 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+/**
+ * Associates an ASA 1000v appliance with logical edge firewall in VNMC
+ */
+public class AssociateAsaWithLogicalEdgeFirewallCommand extends Command {
+    private long _vlanId;
+    private String _asaMgmtIp;
+
+    public AssociateAsaWithLogicalEdgeFirewallCommand(long vlanId, String asaMgmtIp) {
+        super();
+        this._vlanId = vlanId;
+        this._asaMgmtIp = asaMgmtIp;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long vlanId) {
+        this._vlanId = vlanId;
+    }
+
+    public String getAsaMgmtIp() {
+        return _asaMgmtIp;
+    }
+
+    public void setAsaMgmtIp(String asaMgmtIp) {
+        this._asaMgmtIp = asaMgmtIp;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java
new file mode 100755
index 00000000000..c9f7f8c4c83
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CleanupLogicalEdgeFirewallCommand.java
@@ -0,0 +1,43 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+/**
+ * Command for cleaning up logical edge firewall in VNMC
+ */
+public class CleanupLogicalEdgeFirewallCommand extends Command {
+    private long _vlanId;
+
+    public CleanupLogicalEdgeFirewallCommand(long vlanId) {
+        super();
+        this._vlanId = vlanId;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long vlanId) {
+        this._vlanId = vlanId;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
new file mode 100755
index 00000000000..b20ad1f2df6
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/ConfigureNexusVsmForAsaCommand.java
@@ -0,0 +1,95 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+/**
+ * Command for configuring n1kv VSM for asa1kv device. It does the following in VSM:
+ * a. creating vservice node for asa1kv
+ * b. updating vlan of inside port profile associated with asa1kv
+ */
+public class ConfigureNexusVsmForAsaCommand extends Command {
+    private long _vlanId;
+    private String _ipAddress;
+    private String _vsmUsername;
+    private String _vsmPassword;
+    private String _vsmIp;
+    private String _asaInPortProfile;
+
+    public ConfigureNexusVsmForAsaCommand(long vlanId, String ipAddress,
+            String vsmUsername, String vsmPassword, String vsmIp, String asaInPortProfile) {
+        super();
+        this._vlanId = vlanId;
+        this._ipAddress = ipAddress;
+        this._vsmUsername = vsmUsername;
+        this._vsmPassword = vsmPassword;
+        this._vsmIp = vsmIp;
+        this._asaInPortProfile = asaInPortProfile;
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long _vlanId) {
+        this._vlanId = _vlanId;
+    }
+
+    public String getIpAddress() {
+        return _ipAddress;
+    }
+
+    public void setIpAddress(String _ipAddress) {
+        this._ipAddress = _ipAddress;
+    }
+
+    public String getVsmUsername() {
+        return _vsmUsername;
+    }
+
+    public void setVsmUsername(String _vsmUsername) {
+        this._vsmUsername = _vsmUsername;
+    }
+
+    public String getVsmPassword() {
+        return _vsmPassword;
+    }
+
+    public void setVsmPassword(String _vsmPassword) {
+        this._vsmPassword = _vsmPassword;
+    }
+
+    public String getVsmIp() {
+        return _vsmIp;
+    }
+
+    public void setVsmIp(String _vsmIp) {
+        this._vsmIp = _vsmIp;
+    }
+
+    public String getAsaInPortProfile() {
+        return _asaInPortProfile;
+    }
+
+    public void setAsaInPortProfile(String _asaInPortProfile) {
+        this._asaInPortProfile = _asaInPortProfile;
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
new file mode 100755
index 00000000000..def8225acf1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/agent/api/CreateLogicalEdgeFirewallCommand.java
@@ -0,0 +1,94 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+// 
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.agent.api;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Command for creating a logical edge firewall in VNMC
+ */
+public class CreateLogicalEdgeFirewallCommand extends Command {
+    private long _vlanId;
+    private String _publicIp;
+    private String _internalIp;
+    private String _publicSubnet;
+    private String _internalSubnet;
+    private List<String> _publicGateways;
+
+    public CreateLogicalEdgeFirewallCommand(long vlanId,
+            String publicIp, String internalIp,
+            String publicSubnet, String internalSubnet) {
+        super();
+        this._vlanId = vlanId;
+        this._publicIp = publicIp;
+        this._internalIp = internalIp;
+        this._publicSubnet = publicSubnet;
+        this.setInternalSubnet(internalSubnet);
+        _publicGateways = new ArrayList<String>();
+    }
+
+    @Override
+    public boolean executeInSequence() {
+        return false;
+    }
+
+    public long getVlanId() {
+        return _vlanId;
+    }
+
+    public void setVlanId(long vlanId) {
+        this._vlanId = vlanId;
+    }
+
+    public String getPublicIp() {
+        return _publicIp;
+    }
+
+    public void setPublicIp(String publicIp) {
+        this._publicIp = publicIp;
+    }
+
+    public String getInternalIp() {
+        return _internalIp;
+    }
+
+    public void setInternalIp(String internalIp) {
+        this._internalIp = internalIp;
+    }
+
+    public String getPublicSubnet() {
+        return _publicSubnet;
+    }
+
+    public void setPublicSubnet(String publicSubnet) {
+        this._publicSubnet = publicSubnet;
+    }
+
+    public String getInternalSubnet() {
+        return _internalSubnet;
+    }
+
+    public void setInternalSubnet(String _internalSubnet) {
+        this._internalSubnet = _internalSubnet;
+    }
+
+    public List<String> getPublicGateways() {
+        return _publicGateways;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java
new file mode 100755
index 00000000000..c880199f5c4
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoAsa1000vResourceCmd.java
@@ -0,0 +1,116 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ClusterResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.element.CiscoAsa1000vService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="addCiscoAsa1000vResource", responseObject=CiscoAsa1000vResourceResponse.class, description="Adds a Cisco Asa 1000v appliance")
+public class AddCiscoAsa1000vResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(AddCiscoAsa1000vResourceCmd.class.getName());
+    private static final String s_name = "addCiscoAsa1000vResource";
+    @Inject CiscoAsa1000vService _ciscoAsa1000vService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, required=true, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, required = true, description="Hostname or ip address of the Cisco ASA 1000v appliance.")
+    private String host;
+
+    @Parameter(name=ApiConstants.ASA_INSIDE_PORT_PROFILE, type=CommandType.STRING, required = true, description="Nexus port profile associated with inside interface of ASA 1000v")
+    private String inPortProfile;
+
+    @Parameter(name=ApiConstants.CLUSTER_ID, type=CommandType.UUID, entityType = ClusterResponse.class, required=true, description="the Cluster ID")
+    private Long clusterId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getManagementIp() {
+        return host;
+    }
+
+    public String getInPortProfile() {
+        return inPortProfile;
+    }
+
+    public Long getClusterId() {
+        return clusterId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            CiscoAsa1000vDevice ciscoAsa1000v = _ciscoAsa1000vService.addCiscoAsa1000vResource(this);
+            if (ciscoAsa1000v != null) {
+                CiscoAsa1000vResourceResponse response = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000v);
+                response.setObjectName("CiscoAsa1000vResource");
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Cisco ASA 1000v appliance due to internal error.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java
new file mode 100644
index 00000000000..bfd6db95434
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/AddCiscoVnmcResourceCmd.java
@@ -0,0 +1,115 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.element.CiscoVnmcElementService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="addCiscoVnmcResource", responseObject=CiscoVnmcResourceResponse.class, description="Adds a Cisco Vnmc Controller")
+public class AddCiscoVnmcResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(AddCiscoVnmcResourceCmd.class.getName());
+    private static final String s_name = "addCiscoVnmcResource";
+    @Inject CiscoVnmcElementService _ciscoVnmcElementService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, required=true, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, required = true, description="Hostname or ip address of the Cisco VNMC Controller.")
+    private String host;
+
+    @Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, required = true, description="Credentials to access the Cisco VNMC Controller API")
+    private String username;
+
+    @Parameter(name=ApiConstants.PASSWORD, type=CommandType.STRING, required = true, description="Credentials to access the Cisco VNMC Controller API")
+    private String password;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getHost() {
+        return host;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            CiscoVnmcController CiscoVnmcResourceVO = _ciscoVnmcElementService.addCiscoVnmcResource(this);
+            if (CiscoVnmcResourceVO != null) {
+                CiscoVnmcResourceResponse response = _ciscoVnmcElementService.createCiscoVnmcResourceResponse(CiscoVnmcResourceVO);
+                response.setObjectName("CiscoVnmcResource");
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add Cisco VNMC controller due to internal error.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java
new file mode 100755
index 00000000000..d4f86fa527a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoAsa1000vResourceCmd.java
@@ -0,0 +1,93 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.element.CiscoAsa1000vService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="deleteCiscoAsa1000vResource", responseObject=SuccessResponse.class, description="Deletes a Cisco ASA 1000v appliance")
+public class DeleteCiscoAsa1000vResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(DeleteCiscoAsa1000vResourceCmd.class.getName());
+    private static final String s_name = "deleteCiscoAsa1000vResource";
+    @Inject CiscoAsa1000vService _ciscoAsa1000vService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, required=true, entityType=CiscoAsa1000vResourceResponse.class, description="Cisco ASA 1000v resource ID")
+    private Long ciscoAsa1000vResourceId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoAsa1000vResourceId() {
+        return ciscoAsa1000vResourceId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            boolean result = _ciscoAsa1000vService.deleteCiscoAsa1000vResource(this);
+            if (result) {
+                SuccessResponse response = new SuccessResponse(getCommandName());
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete Cisco ASA 1000v appliance.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java
new file mode 100644
index 00000000000..d2a37202f0a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/DeleteCiscoVnmcResourceCmd.java
@@ -0,0 +1,93 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.element.CiscoVnmcElementService;
+import com.cloud.user.UserContext;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="deleteCiscoVnmcResource", responseObject=SuccessResponse.class, description="Deletes a Cisco Vnmc controller")
+public class DeleteCiscoVnmcResourceCmd extends BaseCmd {
+    private static final Logger s_logger = Logger.getLogger(DeleteCiscoVnmcResourceCmd.class.getName());
+    private static final String s_name = "deleteCiscoVnmcResource";
+    @Inject CiscoVnmcElementService _ciscoVnmcElementService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, required=true, entityType=CiscoVnmcResourceResponse.class, description="Cisco Vnmc resource ID")
+    private Long ciscoVnmcResourceId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoVnmcResourceId() {
+        return ciscoVnmcResourceId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            boolean result = _ciscoVnmcElementService.deleteCiscoVnmcResource(this);
+            if (result) {
+                SuccessResponse response = new SuccessResponse(getCommandName());
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete Cisco Vnmc resource.");
+            }
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return UserContext.current().getCaller().getId();
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java
new file mode 100755
index 00000000000..509d39fb5f9
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoAsa1000vResourcesCmd.java
@@ -0,0 +1,110 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.network.element.CiscoAsa1000vService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="listCiscoAsa1000vResources", responseObject=CiscoAsa1000vResourceResponse.class, description="Lists Cisco ASA 1000v appliances")
+public class ListCiscoAsa1000vResourcesCmd extends BaseListCmd {
+    private static final Logger s_logger = Logger.getLogger(ListCiscoAsa1000vResourcesCmd.class.getName());
+    private static final String s_name = "listCiscoAsa1000vResources";
+    @Inject CiscoAsa1000vService _ciscoAsa1000vService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID, entityType=CiscoAsa1000vResourceResponse.class, description="Cisco ASA 1000v resource ID")
+    private Long ciscoAsa1000vResourceId;
+
+    @Parameter(name=ApiConstants.HOST_NAME, type=CommandType.STRING, description="Hostname or ip address of the Cisco ASA 1000v appliance.")
+    private String host;
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoAsa1000vResourceId() {
+        return ciscoAsa1000vResourceId;
+    }
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getManagementIp() {
+        return host;
+    }
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            List<CiscoAsa1000vDeviceVO> ciscoAsa1000vDevices = _ciscoAsa1000vService.listCiscoAsa1000vResources(this);
+            ListResponse<CiscoAsa1000vResourceResponse> response = new ListResponse<CiscoAsa1000vResourceResponse>();
+            List<CiscoAsa1000vResourceResponse> ciscoAsa1000vResourcesResponse = new ArrayList<CiscoAsa1000vResourceResponse>();
+
+            if (ciscoAsa1000vDevices != null && !ciscoAsa1000vDevices.isEmpty()) {
+                for (CiscoAsa1000vDevice ciscoAsa1000vDeviceVO : ciscoAsa1000vDevices) {
+                    CiscoAsa1000vResourceResponse ciscoAsa1000vResourceResponse = _ciscoAsa1000vService.createCiscoAsa1000vResourceResponse(ciscoAsa1000vDeviceVO);
+                    ciscoAsa1000vResourcesResponse.add(ciscoAsa1000vResourceResponse);
+                }
+            }
+
+            response.setResponses(ciscoAsa1000vResourcesResponse);
+            response.setResponseName(getCommandName());
+            this.setResponseObject(response);
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java
new file mode 100644
index 00000000000..ab553ee94ac
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/commands/ListCiscoVnmcResourcesCmd.java
@@ -0,0 +1,106 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.commands;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+import org.apache.log4j.Logger;
+
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.network.element.CiscoVnmcElementService;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name="listCiscoVnmcResources", responseObject=CiscoVnmcResourceResponse.class, description="Lists Cisco VNMC controllers")
+public class ListCiscoVnmcResourcesCmd extends BaseListCmd {
+    private static final Logger s_logger = Logger.getLogger(ListCiscoVnmcResourcesCmd.class.getName());
+    private static final String s_name = "listCiscoVnmcResources";
+    @Inject CiscoVnmcElementService _ciscoVnmcElementService;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name=ApiConstants.PHYSICAL_NETWORK_ID, type=CommandType.UUID, entityType = PhysicalNetworkResponse.class, description="the Physical Network ID")
+    private Long physicalNetworkId;
+
+    @Parameter(name=ApiConstants.RESOURCE_ID, type=CommandType.UUID,  entityType=CiscoVnmcResourceResponse.class, description="Cisco VNMC resource ID")
+    private Long ciscoVnmcResourceId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getCiscoVnmcResourceId() {
+        return ciscoVnmcResourceId;
+    }
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
+        try {
+            List<CiscoVnmcControllerVO> CiscoVnmcResources = _ciscoVnmcElementService.listCiscoVnmcResources(this);
+            ListResponse<CiscoVnmcResourceResponse> response = new ListResponse<CiscoVnmcResourceResponse>();
+            List<CiscoVnmcResourceResponse> CiscoVnmcResourcesResponse = new ArrayList<CiscoVnmcResourceResponse>();
+
+            if (CiscoVnmcResources != null && !CiscoVnmcResources.isEmpty()) {
+                for (CiscoVnmcController CiscoVnmcResourceVO : CiscoVnmcResources) {
+                    CiscoVnmcResourceResponse CiscoVnmcResourceResponse = _ciscoVnmcElementService.createCiscoVnmcResourceResponse(CiscoVnmcResourceVO);
+                    CiscoVnmcResourcesResponse.add(CiscoVnmcResourceResponse);
+                }
+            }
+
+            response.setResponses(CiscoVnmcResourcesResponse);
+            response.setResponseName(getCommandName());
+            this.setResponseObject(response);
+        }  catch (InvalidParameterValueException invalidParamExcp) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, invalidParamExcp.getMessage());
+        } catch (CloudRuntimeException runtimeExcp) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, runtimeExcp.getMessage());
+        }
+    }
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+    
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java
new file mode 100755
index 00000000000..9cd87da66a1
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoAsa1000vResourceResponse.java
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.response;
+
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.NetworkResponse;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.google.gson.annotations.SerializedName;
+
+@EntityReference(value = CiscoAsa1000vDevice.class)
+public class CiscoAsa1000vResourceResponse extends BaseResponse {
+    public static final String RESOURCE_NAME = "resourcename";
+
+    @SerializedName(ApiConstants.RESOURCE_ID) @Parameter(description="resource id of the Cisco ASA 1000v appliance")
+    private String id;
+
+    @SerializedName(ApiConstants.PHYSICAL_NETWORK_ID) 
+    @Parameter(description="the physical network to which this ASA 1000v belongs to", entityType = PhysicalNetworkResponse.class)
+    private Long physicalNetworkId ;
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    @SerializedName(ApiConstants.HOST_NAME)
+    @Parameter(description="management ip address of ASA 1000v")
+    private String managementIp;
+
+    public String getManagementIp() {
+        return managementIp;
+    }
+
+    @SerializedName(ApiConstants.ASA_INSIDE_PORT_PROFILE)
+    @Parameter(description="management ip address of ASA 1000v")
+    private String inPortProfile;
+
+    public String getInPortProfile() {
+        return inPortProfile;
+    }
+
+    @SerializedName(ApiConstants.NETWORK_ID)
+    @Parameter(description="the guest network to which ASA 1000v is associated", entityType = NetworkResponse.class)
+    private Long guestNetworkId;
+
+    public Long getGuestNetworkId() {
+        return guestNetworkId;
+    }
+
+    public void setId(String ciscoAsa1000vResourceId) {
+        this.id = ciscoAsa1000vResourceId;
+    }
+
+    public void setPhysicalNetworkId(Long physicalNetworkId) {
+        this.physicalNetworkId = physicalNetworkId;
+    }
+
+    public void setManagementIp(String managementIp) {
+        this.managementIp = managementIp;
+    }
+
+    public void setInPortProfile(String inPortProfile) {
+        this.inPortProfile = inPortProfile;
+    }     
+
+    public void setGuestNetworkId(Long guestNetworkId) {
+        this.guestNetworkId = guestNetworkId;
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java
new file mode 100644
index 00000000000..f5c9b727f8f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/api/response/CiscoVnmcResourceResponse.java
@@ -0,0 +1,75 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.response;
+
+
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.PhysicalNetworkResponse;
+
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.google.gson.annotations.SerializedName;
+@EntityReference(value = CiscoVnmcController.class)
+public class CiscoVnmcResourceResponse extends BaseResponse {
+    public static final String RESOURCE_NAME = "resourcename";
+
+    @SerializedName(ApiConstants.RESOURCE_ID)
+    @Parameter(description="resource id of the Cisco VNMC controller")
+    private String id;
+
+    @SerializedName(ApiConstants.PHYSICAL_NETWORK_ID) 
+    @Parameter(description="the physical network to which this VNMC belongs to", entityType = PhysicalNetworkResponse.class)
+    private Long physicalNetworkId;
+
+    public Long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    public String getProviderName() {
+        return providerName;
+    }
+
+    public String getResourceName() {
+        return resourceName;
+    }
+
+    @SerializedName(ApiConstants.PROVIDER) @Parameter(description="name of the provider")
+    private String providerName;
+
+    @SerializedName(RESOURCE_NAME) 
+    @Parameter(description="Cisco VNMC resource name")
+    private String resourceName;
+
+    public void setId(String ciscoVnmcResourceId) {
+        this.id = ciscoVnmcResourceId;
+    }
+
+    public void setPhysicalNetworkId(Long physicalNetworkId) {
+        this.physicalNetworkId = physicalNetworkId;
+    }
+
+    public void setProviderName(String providerName) {
+        this.providerName = providerName;
+    }
+
+    public void setResourceName(String resourceName) {
+        this.resourceName = resourceName;
+    }     
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java
new file mode 100755
index 00000000000..3c5f6827718
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDevice.java
@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.org.Grouping;
+
+public interface CiscoAsa1000vDevice extends Grouping, InternalIdentity, Identity {
+
+    long getId();
+
+    String getUuid();
+
+    void setUuid(String uuid);
+
+    long getPhysicalNetworkId();
+
+    String getManagementIp();
+
+    String getInPortProfile();
+
+    long getClusterId();
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java
new file mode 100755
index 00000000000..ba85fb105c8
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoAsa1000vDeviceVO.java
@@ -0,0 +1,101 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+@Entity
+@Table(name="external_cisco_asa1000v_devices")
+public class CiscoAsa1000vDeviceVO implements CiscoAsa1000vDevice {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name="id")
+    private long id;
+
+    @Column(name="uuid")
+    private String uuid;
+
+    @Column(name="physical_network_id")
+    private long physicalNetworkId;
+
+    @Column(name="management_ip")
+    private String managementIp;
+
+    @Column(name="in_Port_profile")
+    private String inPortProfile;
+
+    @Column(name="cluster_id")
+    private long clusterId;
+
+    public CiscoAsa1000vDeviceVO() {
+        this.uuid = UUID.randomUUID().toString();
+    }
+
+    public CiscoAsa1000vDeviceVO(long physicalNetworkId,
+            String managementIp, String inPortProfile, long clusterId) {
+        super();
+        this.physicalNetworkId = physicalNetworkId;
+        this.managementIp = managementIp;
+        this.inPortProfile = inPortProfile;
+        this.uuid = UUID.randomUUID().toString();
+        this.clusterId = clusterId;
+    }
+
+    @Override
+	public long getId() {
+        return id;
+    }
+
+    @Override
+	public String getUuid() {
+        return uuid;
+    }
+
+    @Override
+	public void setUuid(String uuid) {
+        this.uuid = uuid;
+    }
+
+    @Override
+	public long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    @Override
+	public String getManagementIp() {
+        return managementIp;
+    }
+
+    @Override
+	public String getInPortProfile() {
+        return inPortProfile;
+    }
+
+    @Override
+    public long getClusterId() {
+        return clusterId;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
new file mode 100644
index 00000000000..f137148ab48
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -0,0 +1,196 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.util.Map;
+
+import com.cloud.utils.exception.ExecutionException;
+
+public interface CiscoVnmcConnection {
+
+    public boolean createTenant(String tenantName) throws ExecutionException;
+
+    public boolean deleteTenant(String tenantName) throws ExecutionException;
+
+    public boolean createTenantVDC(String tenantName) throws ExecutionException;
+
+    public boolean deleteTenantVDC(String tenantName) throws ExecutionException;
+
+    public boolean createTenantVDCEdgeDeviceProfile(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEdgeStaticRoute(String tenantName,
+            String nextHopIp, String destination, String netmask) throws ExecutionException;
+
+    public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName)
+            throws ExecutionException;
+
+    public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName,
+            String intfName) throws ExecutionException;
+
+    public boolean createTenantVDCEdgeDhcpPolicy(String tenantName,
+            String startIp, String endIp, String subnet, String nameServerIp,
+            String domain) throws ExecutionException;
+
+    public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName,
+            String intfName) throws ExecutionException;
+
+    public boolean createTenantVDCEdgeSecurityProfile(String tenantName)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCEdgeSecurityProfile(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatIpPool(String tenantName, String identifier,
+            String publicIp) throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatRule(String tenantName, String identifier,
+            String startSourceIp, String endSourceIp) throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCSourceNatPolicyRef(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCDNatIpPool(String tenantName, String identifier,
+            String ipAddress) throws ExecutionException;
+
+    public boolean createTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String publicIp)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCAclRuleForDNat(String tenantName,
+            String identifier, String policyIdentifier,
+            String ipAddress)
+            throws ExecutionException;
+
+    public boolean createTenantVDCDNatPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCDNatPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCDNatPolicyRef(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFPortPool(String tenantName, String identifier,
+            String startPort, String endPort)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFIpPool(String tenantName, String identifier,
+            String ipAddress) throws ExecutionException;
+
+    public boolean createTenantVDCPFRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String publicIp,
+            String startPort, String endPort)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCPFRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCAclRuleForPF(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String ipAddress,
+            String startPort, String endPort)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCPFPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCNatPolicySet(String tenantName)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCNatPolicySet(String tenantName)
+            throws ExecutionException;
+    
+    public boolean associateNatPolicySet(String tenantName)
+            throws ExecutionException;
+
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destStartPort, String destEndPort, String destIp)
+            throws ExecutionException;
+
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp, String destIp)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
+            String destStartIp, String destEndIp)
+            throws ExecutionException;
+
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceIp, String destStartIp, String destEndIp)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCAclRule(String tenantName,
+            String identifier, String policyIdentifier) throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicy(String tenantName,
+            String identifier) throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier,
+            boolean ingress) throws ExecutionException;
+
+    public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier)
+            throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCAclPolicySet(String tenantName, boolean ingress)
+            throws ExecutionException;
+
+    public boolean associateAclPolicySet(String tenantName)
+            throws ExecutionException;
+
+    public boolean createEdgeFirewall(String tenantName, String publicIp,
+            String insideIp, String publicSubnet, String insideSubnet)
+            throws ExecutionException;
+
+    public boolean deleteEdgeFirewall(String tenantName) throws ExecutionException;
+
+    public Map<String, String> listUnAssocAsa1000v() throws ExecutionException;
+
+    public boolean assignAsa1000v(String tenantName, String firewallDn)
+            throws ExecutionException;
+
+    public boolean unassignAsa1000v(String tenantName, String firewallDn)
+            throws ExecutionException;
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
new file mode 100644
index 00000000000..527fb04698e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -0,0 +1,1415 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpStatus;
+import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.log4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+
+import com.cloud.utils.exception.ExecutionException;
+import com.cloud.utils.script.Script;
+
+public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
+
+    private String _ip;
+    private String _username;
+    private String _password;
+    private String _cookie;
+
+    private final Logger s_logger = Logger.getLogger(CiscoVnmcConnectionImpl.class);
+
+    private enum VnmcXml {
+        LOGIN("login.xml", "mgmt-controller"),
+
+        CREATE_TENANT("create-tenant.xml", "service-reg"),
+        DELETE_TENANT("delete-tenant.xml", "service-reg"),
+        CREATE_VDC("create-vdc.xml", "service-reg"),
+        DELETE_VDC("delete-vdc.xml", "service-reg"),
+
+        CREATE_EDGE_DEVICE_PROFILE("create-edge-device-profile.xml", "policy-mgr"),
+        CREATE_EDGE_ROUTE_POLICY("create-edge-device-route-policy.xml", "policy-mgr"),
+        CREATE_EDGE_ROUTE("create-edge-device-route.xml", "policy-mgr"),
+        RESOLVE_EDGE_ROUTE_POLICY("associate-route-policy.xml", "policy-mgr"),
+
+        CREATE_DHCP_POLICY("create-dhcp-policy.xml", "policy-mgr"),
+        RESOLVE_EDGE_DHCP_POLICY("associate-dhcp-policy.xml", "policy-mgr"),
+        RESOLVE_EDGE_DHCP_SERVER_POLICY("associate-dhcp-server.xml", "policy-mgr"),
+
+        CREATE_EDGE_SECURITY_PROFILE("create-edge-security-profile.xml", "policy-mgr"),
+        DELETE_EDGE_SECURITY_PROFILE("delete-edge-security-profile.xml", "policy-mgr"),
+
+        CREATE_NAT_POLICY_SET("create-nat-policy-set.xml", "policy-mgr"),
+        DELETE_NAT_POLICY_SET("delete-nat-policy-set.xml", "policy-mgr"),
+        RESOLVE_NAT_POLICY_SET("associate-nat-policy-set.xml", "policy-mgr"),
+        CREATE_NAT_POLICY("create-nat-policy.xml", "policy-mgr"),
+        DELETE_NAT_POLICY("delete-nat-policy.xml", "policy-mgr"),
+        LIST_NAT_POLICIES("list-nat-policies.xml", "policy-mgr"),
+        CREATE_NAT_POLICY_REF("create-nat-policy-ref.xml", "policy-mgr"),
+        CREATE_PORT_POOL("create-port-pool.xml", "policy-mgr"),
+        CREATE_IP_POOL("create-ip-pool.xml", "policy-mgr"),
+
+        CREATE_PF_RULE("create-pf-rule.xml", "policy-mgr"),
+        CREATE_ACL_RULE_FOR_PF("create-acl-rule-for-pf.xml", "policy-mgr"),
+        CREATE_DNAT_RULE("create-dnat-rule.xml", "policy-mgr"),
+        CREATE_ACL_RULE_FOR_DNAT("create-acl-rule-for-dnat.xml", "policy-mgr"),
+        CREATE_SOURCE_NAT_RULE("create-source-nat-rule.xml", "policy-mgr"),
+
+        CREATE_ACL_POLICY_SET("create-acl-policy-set.xml", "policy-mgr"),
+        DELETE_ACL_POLICY_SET("delete-acl-policy-set.xml", "policy-mgr"),
+        RESOLVE_ACL_POLICY_SET("associate-acl-policy-set.xml", "policy-mgr"),
+        CREATE_ACL_POLICY("create-acl-policy.xml", "policy-mgr"),
+        DELETE_ACL_POLICY("delete-acl-policy.xml", "policy-mgr"),
+        LIST_ACL_POLICIES("list-acl-policies.xml", "policy-mgr"),
+        CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
+        CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"),
+        CREATE_EGRESS_ACL_RULE("create-egress-acl-rule.xml", "policy-mgr"),
+        CREATE_GENERIC_INGRESS_ACL_RULE("create-generic-ingress-acl-rule.xml", "policy-mgr"),
+        CREATE_GENERIC_EGRESS_ACL_RULE("create-generic-egress-acl-rule.xml", "policy-mgr"),
+
+        DELETE_RULE("delete-rule.xml", "policy-mgr"),
+
+        LIST_CHILDREN("list-children.xml", "policy-mgr"),
+
+        CREATE_EDGE_FIREWALL("create-edge-firewall.xml", "resource-mgr"),
+        DELETE_EDGE_FIREWALL("delete-edge-firewall.xml", "resource-mgr"),
+
+        LIST_UNASSOC_ASA1000V("list-unassigned-asa1000v.xml", "resource-mgr"),
+        ASSIGN_ASA1000V("assoc-asa1000v.xml", "resource-mgr"),
+        UNASSIGN_ASA1000V("disassoc-asa1000v.xml", "resource-mgr");
+
+        private String scriptsDir = "scripts/network/cisco";
+        private String xml;
+        private String service;
+        private final Logger s_logger = Logger.getLogger(CiscoVnmcConnectionImpl.class);
+
+
+        private VnmcXml(String filename, String service) {
+            this.xml = getXml(filename);
+            this.service = service;
+        }
+
+        public String getXml() {
+            return xml;
+        }
+
+        private String getXml(String filename) {
+            try {
+                String xmlFilePath = Script.findScript(scriptsDir, filename);
+
+                if (xmlFilePath == null) {
+                    throw new Exception("Failed to find Cisco VNMC XML file: " + filename);
+                }
+
+                FileReader fr = new FileReader(xmlFilePath);
+                BufferedReader br = new BufferedReader(fr);
+
+                String xml = "";
+                String line;
+                while ((line = br.readLine()) != null) {
+                    //xml += line.replaceAll("\n"," ");
+                    xml += line;
+                }
+
+                return xml;
+            } catch (Exception e) {
+                s_logger.debug(e);
+                return null;
+            }
+        }
+
+        public String getService() {
+            return service;
+        }
+    }
+
+    public CiscoVnmcConnectionImpl(String hostIp, String userName, String password) {
+        this._ip = hostIp;
+        this._username = userName;
+        this._password = password;
+        
+    }
+
+    public boolean login() throws ExecutionException {
+        String xml = VnmcXml.LOGIN.getXml();
+        String service = VnmcXml.LOGIN.getService();
+        xml = replaceXmlValue(xml, "username", _username);
+        xml = replaceXmlValue(xml, "password", _password);
+        String response =  sendRequest(service, xml);
+        Map<String, String> checked = checkResponse(response, "outCookie", "errorCode", "response");
+
+        if (checked.get("errorCode") != null)
+            return false;
+        _cookie = checked.get("outCookie");
+        if (_cookie == null) {
+            return false;
+        }
+        return true;
+    }
+
+    private String getDnForTenant(String tenantName) {
+        return "org-root/org-" + tenantName;
+    }
+
+    private String getDnForTenantVDC(String tenantName) {
+        return getDnForTenant(tenantName) + "/org-VDC-" + tenantName;
+    }
+
+    private String getDnForTenantVDCEdgeDeviceProfile(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/edsp-" + getNameForEdgeDeviceServiceProfile(tenantName);
+    }
+
+    private String getDnForTenantVDCEdgeSecurityProfile(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/vnep-" + getNameForEdgeDeviceSecurityProfile(tenantName);
+    }
+
+    private String getDnForEdgeDeviceRoutingPolicy(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/routing-policy-" + getNameForEdgeDeviceRoutePolicy(tenantName);
+        //FIXME: any other construct is unreliable. why?
+    }
+
+    private String getDnForDhcpPolicy(String tenantName, String intfName) {
+        return getDnForTenantVDCEdgeDeviceProfile(tenantName) + "/dhcp-" + intfName;
+    }
+
+    private String getNameForDhcpPolicy(String tenantName) {
+        return tenantName + "-Dhcp-Policy";
+    }
+
+    private String getNameForDhcpServer(String tenantName) {
+        return tenantName + "-Dhcp-Server";
+    }
+
+    private String getDnForDhcpServerPolicy(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/dhcp-server-" + getNameForDhcpPolicy(tenantName);
+    }
+
+    private String getNameForIpRange() {
+        return "iprange";
+    }
+
+    private String getDnForDhcpIpRange(String tenantName) {
+        return getDnForDhcpServerPolicy(tenantName) + "/ip-range-" + getNameForIpRange();
+    }
+
+    private String getNameForDNSService(String tenantName) {
+        return tenantName + "-DNS";
+    }
+
+    private String getDnForDnsService(String tenantName) {
+        return getDnForDhcpServerPolicy(tenantName) + "/dns-svc-" + getNameForDNSService(tenantName); 
+    }
+
+    private String getDnForDnsServer(String tenantName, String dnsip) {
+        return getDnForDnsService(tenantName) + "/dns-" + dnsip; 
+    }
+
+    private String getNameForTenantVDC(String tenantName) {
+        return "VDC-" + tenantName;
+    }
+
+    private String getNameForEdgeDeviceServiceProfile(String tenantName) {
+        return "EDSP-" + tenantName;
+    }
+
+    private String getNameForEdgeDeviceSecurityProfile(String tenantName) {
+        return "ESP-" + tenantName;
+    }
+
+    private String getNameForEdgeDeviceRoutePolicy(String tenantName) {
+        return "EDSP-" + tenantName + "-Routes";
+    }
+
+    @Override
+    public boolean createTenant(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_TENANT.getXml();
+        String service = VnmcXml.CREATE_TENANT.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Tenant for account " + tenantName);
+        xml = replaceXmlValue(xml, "name", tenantName);
+        xml = replaceXmlValue(xml, "dn", getDnForTenant(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenant(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_TENANT.getXml();
+        String service = VnmcXml.DELETE_TENANT.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", tenantName);
+        xml = replaceXmlValue(xml, "dn", getDnForTenant(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDC(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_VDC.getXml();
+        String service = VnmcXml.CREATE_VDC.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "VDC for Tenant" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForTenantVDC(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDC(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDC(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_VDC.getXml();
+        String service = VnmcXml.DELETE_VDC.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForTenantVDC(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDC(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeDeviceProfile(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_DEVICE_PROFILE.getXml();
+        String service = VnmcXml.CREATE_EDGE_DEVICE_PROFILE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Device Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceServiceProfile(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getXml();
+        String service = VnmcXml.CREATE_EDGE_ROUTE_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceRoutePolicy(tenantName));
+        xml = replaceXmlValue(xml, "routepolicydn", getDnForEdgeDeviceRoutingPolicy(tenantName));
+        xml = replaceXmlValue(xml, "descr", "Routing Policy for Edge Device for Tenant " + tenantName);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+   }
+
+    @Override
+    public boolean createTenantVDCEdgeStaticRoute(String tenantName,
+            String nextHopIp, String destination, String netmask) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_ROUTE.getXml();
+        String service = VnmcXml.CREATE_EDGE_ROUTE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "routepolicydn", getDnForEdgeDeviceRoutingPolicy(tenantName));
+        xml = replaceXmlValue(xml, "nexthop", nextHopIp);
+        xml = replaceXmlValue(xml, "nexthopintf", getNameForEdgeOutsideIntf(tenantName));
+        xml = replaceXmlValue(xml, "destination", destination);
+        xml = replaceXmlValue(xml, "netmask", netmask);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getXml();
+        String service = VnmcXml.RESOLVE_EDGE_ROUTE_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceServiceProfile(tenantName));
+        xml = replaceXmlValue(xml, "dn", getDnForTenantVDCEdgeDeviceProfile(tenantName));
+        xml = replaceXmlValue(xml, "routepolicyname", getNameForEdgeDeviceRoutePolicy(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName, String intfName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_EDGE_DHCP_POLICY.getXml();
+        String service = VnmcXml.RESOLVE_EDGE_DHCP_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dhcpdn", getDnForDhcpPolicy(tenantName, intfName));
+        xml = replaceXmlValue(xml, "insideintf", intfName);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeDhcpPolicy(String tenantName, 
+            String startIp, String endIp, String subnet, String nameServerIp, String domain) throws ExecutionException {
+        String xml = VnmcXml.CREATE_DHCP_POLICY.getXml();
+        String service = VnmcXml.CREATE_DHCP_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dhcpserverdn", getDnForDhcpServerPolicy(tenantName));
+        xml = replaceXmlValue(xml, "dhcpserverdescr", "DHCP server for " + tenantName);
+        xml = replaceXmlValue(xml, "dhcpservername", getNameForDhcpPolicy(tenantName));
+        xml = replaceXmlValue(xml, "iprangedn", getDnForDhcpIpRange(tenantName));
+        xml = replaceXmlValue(xml, "startip", startIp);
+        xml = replaceXmlValue(xml, "endip", endIp);
+        xml = replaceXmlValue(xml, "subnet", subnet);
+        xml = replaceXmlValue(xml, "domain", domain);
+        xml = replaceXmlValue(xml, "dnsservicedn", getDnForDnsService(tenantName));
+        xml = replaceXmlValue(xml, "dnsservicename", getNameForDNSService(tenantName));
+        xml = replaceXmlValue(xml, "nameserverip", nameServerIp);
+        xml = replaceXmlValue(xml, "nameserverdn", getDnForDnsServer(tenantName, nameServerIp));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName, String intfName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_EDGE_DHCP_SERVER_POLICY.getXml();
+        String service = VnmcXml.RESOLVE_EDGE_DHCP_SERVER_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dhcpdn", getDnForDhcpPolicy(tenantName, intfName));
+        xml = replaceXmlValue(xml, "insideintf", intfName);
+        xml = replaceXmlValue(xml, "dhcpserverpolicyname", getNameForDhcpServer(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEdgeSecurityProfile(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_SECURITY_PROFILE.getXml();
+        String service = VnmcXml.CREATE_EDGE_SECURITY_PROFILE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "egressref", "default-egress");
+        xml = replaceXmlValue(xml, "ingressref", "default-ingress"); //FIXME: allows everything
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCEdgeSecurityProfile(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_EDGE_SECURITY_PROFILE.getXml();
+        String service = VnmcXml.DELETE_EDGE_SECURITY_PROFILE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private String getNameForSourceNatIpPool(String tenantName) {
+        return "SNATIp-" + tenantName;
+    }
+
+    private String getDnForSourceNatPool(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForSourceNatIpPool(tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatIpPool(String tenantName, String identifier,
+            String publicIp) throws ExecutionException {
+        return createTenantVDCIpPool(
+                getDnForSourceNatPool(tenantName),
+                getNameForSourceNatIpPool(tenantName),
+                "Source NAT ip pool for Tenant VDC " + tenantName,
+                publicIp);
+    }
+
+    private String getNameForSourceNatPolicy(String tenantName) {
+       return "SNAT-Policy-" + tenantName;
+    }
+
+    private String getDnForSourceNatPolicy(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForSourceNatPolicy(tenantName);
+    }
+
+    private String getNameForSourceNatRule(String tenantName) {
+        return "SNAT-Rule-" + tenantName;
+    }
+
+    private String getDnForSourceNatRule(String tenantName) {
+        return getDnForSourceNatPolicy(tenantName) + "/rule-" + getNameForSourceNatRule(tenantName);
+    }
+
+    private String getNameForNatPolicySet(String tenantName) {
+        return "NAT-PolicySet-" + tenantName;
+    }
+
+    private String getDnForNatPolicySet(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/natpset-" + getNameForNatPolicySet(tenantName) ;
+    }
+
+    private String getDnForSourceNatPolicyRef(String tenantName) {
+        return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForSourceNatPolicy(tenantName) ;
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatRule(String tenantName, String identifier,
+            String startSourceIp, String endSourceIp) throws ExecutionException {
+
+        String xml = VnmcXml.CREATE_SOURCE_NAT_RULE.getXml();
+        String service = VnmcXml.CREATE_SOURCE_NAT_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natruledn", getDnForSourceNatRule(tenantName));
+        xml = replaceXmlValue(xml, "natrulename", getNameForSourceNatRule(tenantName));
+        xml = replaceXmlValue(xml, "descr", "Source NAT rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "srcstartip", startSourceIp);
+        xml = replaceXmlValue(xml, "srcendip", endSourceIp);
+        xml = replaceXmlValue(xml, "ippoolname", getNameForSourceNatIpPool(tenantName));
+
+        List<String> rules = listChildren(getDnForSourceNatPolicy(tenantName));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatPolicyRef(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicyRef(
+                getDnForSourceNatPolicyRef(tenantName),
+                getNameForSourceNatPolicy(tenantName),
+                tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCSourceNatPolicy(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicy(
+                getDnForSourceNatPolicy(tenantName),
+                getNameForSourceNatPolicy(tenantName));
+    }
+
+    @Override
+    public boolean createTenantVDCNatPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_NAT_POLICY_SET.getXml();
+        String service = VnmcXml.CREATE_NAT_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "NAT policy set for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+        xml = replaceXmlValue(xml, "natpolicysetdn", getDnForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCNatPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_NAT_POLICY_SET.getXml();
+        String service = VnmcXml.DELETE_NAT_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+        xml = replaceXmlValue(xml, "natpolicysetdn", getDnForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateNatPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_NAT_POLICY_SET.getXml();
+        String service = VnmcXml.RESOLVE_NAT_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private String getNameForAclPolicySet(String tenantName, boolean ingress) {
+        return (ingress ? "Ingress-" : "Egress-") + "ACL-PolicySet-" + tenantName;
+    }
+
+    private String getDnForAclPolicySet(String tenantName, boolean ingress) {
+        return getDnForTenantVDC(tenantName) + "/pset-" + getNameForAclPolicySet(tenantName, ingress) ;
+    }
+
+    private String getNameForAclPolicy(String tenantName, String identifier) {
+        return "ACL-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForAclPolicy(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/pol-" + getNameForAclPolicy(tenantName, identifier);
+    }
+
+    private String getDnForAclPolicyRef(String tenantName, String identifier, boolean ingress) {
+        return getDnForAclPolicySet(tenantName, ingress) + "/polref-" + getNameForAclPolicy(tenantName, identifier);
+    }
+
+    private String getNameForAclRule(String tenantName, String identifier) {
+        return "Rule-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForAclRule(String tenantName, String identifier, String policyIdentifier) {
+        return getDnForAclPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForAclRule(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCAclPolicy(String tenantName, String identifier) throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_POLICY.getXml();
+        String service = VnmcXml.CREATE_ACL_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier) throws ExecutionException {
+        String xml = VnmcXml.DELETE_ACL_POLICY.getXml();
+        String service = VnmcXml.DELETE_ACL_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier, boolean ingress) throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_POLICY_REF.getXml();
+        String service = VnmcXml.CREATE_ACL_POLICY_REF.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicyname", getNameForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicydn", getDnForAclPolicy(tenantName, identifier));
+        xml = replaceXmlValue(xml, "aclpolicyrefdn", getDnForAclPolicyRef(tenantName, identifier, ingress));
+
+        List<String> policies = listAclPolicies(tenantName);
+        int order = 100;
+        if (policies != null) {
+            order += policies.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress) throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_POLICY_SET.getXml();
+        String service = VnmcXml.CREATE_ACL_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "ACL policy set for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "aclpolicysetname", getNameForAclPolicySet(tenantName, ingress));
+        xml = replaceXmlValue(xml, "aclpolicysetdn", getDnForAclPolicySet(tenantName, ingress));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCAclPolicySet(String tenantName, boolean ingress) throws ExecutionException {
+        String xml = VnmcXml.DELETE_ACL_POLICY_SET.getXml();
+        String service = VnmcXml.DELETE_ACL_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclpolicysetname", getNameForAclPolicySet(tenantName, ingress));
+        xml = replaceXmlValue(xml, "aclpolicysetdn", getDnForAclPolicySet(tenantName, ingress));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean associateAclPolicySet(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.RESOLVE_ACL_POLICY_SET.getXml();
+        String service = VnmcXml.RESOLVE_ACL_POLICY_SET.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "descr", "Edge Security Profile for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "name", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "espdn", getDnForTenantVDCEdgeSecurityProfile(tenantName));
+        //xml = replaceXmlValue(xml, "egresspolicysetname", getNameForAclPolicySet(tenantName, false));
+        xml = replaceXmlValue(xml, "egresspolicysetname", "default-egress");
+        xml = replaceXmlValue(xml, "ingresspolicysetname", getNameForAclPolicySet(tenantName, true));
+        xml = replaceXmlValue(xml, "natpolicysetname", getNameForNatPolicySet(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destStartPort, String destEndPort, String destIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_INGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_INGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+        xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
+        xml = replaceXmlValue(xml, "deststartport", destStartPort);
+        xml = replaceXmlValue(xml, "destendport", destEndPort);
+        xml = replaceXmlValue(xml, "destip", destIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+        xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
+            String destStartIp, String destEndIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_EGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "deststartip", destStartIp);
+        xml = replaceXmlValue(xml, "destendip", destEndIp);
+        xml = replaceXmlValue(xml, "sourcestartport", sourceStartPort);
+        xml = replaceXmlValue(xml, "sourceendport", sourceEndPort);
+        xml = replaceXmlValue(xml, "sourceip", sourceIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceIp,
+            String destStartIp, String destEndIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "deststartip", destStartIp);
+        xml = replaceXmlValue(xml, "destendip", destEndIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCAclRule(String tenantName, String identifier, String policyIdentifier) throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForAclRule(tenantName, identifier, policyIdentifier),
+                getNameForAclRule(tenantName, identifier));
+    }
+
+    private String getNameForPFPortPool(String tenantName, String identifier) {
+        return "PFPort-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFPortPool(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForPFPortPool(tenantName, identifier);
+    }
+
+    private String getNameForPFIpPool(String tenantName, String identifier) {
+        return "PFIp-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFIpPool(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForPFIpPool(tenantName, identifier);
+    }
+
+    private boolean createTenantVDCPortPool(String poolDn, String name,
+            String description, String startPort, String endPort) throws ExecutionException {
+        String xml = VnmcXml.CREATE_PORT_POOL.getXml();
+        String service = VnmcXml.CREATE_PORT_POOL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "portpooldn", poolDn);
+        xml = replaceXmlValue(xml, "portpoolname", name);
+        xml = replaceXmlValue(xml, "descr", description);
+        xml = replaceXmlValue(xml, "startport", startPort);
+        xml = replaceXmlValue(xml, "endport", endPort);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean createTenantVDCIpPool(String poolDn, String name,
+            String description, String ipAddress) throws ExecutionException {
+        String xml = VnmcXml.CREATE_IP_POOL.getXml();
+        String service = VnmcXml.CREATE_IP_POOL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "ippooldn", poolDn);
+        xml = replaceXmlValue(xml, "ippoolname", name);
+        xml = replaceXmlValue(xml, "descr", description);
+        xml = replaceXmlValue(xml, "ipvalue", ipAddress);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean createTenantVDCNatPolicyRef(String policyRefDn, String name, String tenantName) throws ExecutionException {
+        String xml = VnmcXml.CREATE_NAT_POLICY_REF.getXml();
+        String service = VnmcXml.CREATE_NAT_POLICY_REF.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicyrefdn", policyRefDn);
+        xml = replaceXmlValue(xml, "natpolicyname", name);
+
+        List<String> policies = listNatPolicies(tenantName);
+        int order = 100;
+        if (policies != null) {
+            order += policies.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean createTenantVDCNatPolicy(String policyDn, String name) throws ExecutionException {
+        String xml = VnmcXml.CREATE_NAT_POLICY.getXml();
+        String service = VnmcXml.CREATE_NAT_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicydn", policyDn);
+        xml = replaceXmlValue(xml, "natpolicyname", name);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean deleteTenantVDCNatPolicy(String policyDn, String name) throws ExecutionException {
+        String xml = VnmcXml.DELETE_NAT_POLICY.getXml();
+        String service = VnmcXml.DELETE_NAT_POLICY.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natpolicydn", policyDn);
+        xml = replaceXmlValue(xml, "natpolicyname", name);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private boolean deleteTenantVDCRule(String ruledn, String ruleName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_RULE.getXml();
+        String service = VnmcXml.DELETE_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "ruledn", ruledn);
+        xml = replaceXmlValue(xml, "rulename", ruleName);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private List<String> listNatPolicies(String tenantName) throws ExecutionException {
+
+        String xml = VnmcXml.LIST_NAT_POLICIES.getXml();
+        String service = VnmcXml.LIST_NAT_POLICIES.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("pair");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("key").getNodeValue());
+        }
+
+        return result;
+    }
+
+    private List<String> listAclPolicies(String tenantName) throws ExecutionException {
+
+        String xml = VnmcXml.LIST_ACL_POLICIES.getXml();
+        String service = VnmcXml.LIST_ACL_POLICIES.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "vdcdn", getDnForTenantVDC(tenantName));
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("pair");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("key").getNodeValue());
+        }
+
+        return result;
+    }
+
+    private List<String> listChildren(String dn) throws ExecutionException {
+
+        String xml = VnmcXml.LIST_CHILDREN.getXml();
+        String service = VnmcXml.LIST_CHILDREN.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "dn", dn);
+
+        String response = sendRequest(service, xml);
+
+        List<String> result = new ArrayList<String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList policyList = xmlDoc.getElementsByTagName("policyRule");
+        for (int i=0; i < policyList.getLength(); i++) {
+            Node policyNode = policyList.item(i);
+            result.add(policyNode.getAttributes().getNamedItem("name").getNodeValue());
+        }
+
+        return result;
+    }
+
+    @Override
+    public boolean createTenantVDCPFPortPool(String tenantName, String identifier,
+            String startPort, String endPort) throws ExecutionException {
+        return createTenantVDCPortPool(
+                getDnForPFPortPool(tenantName, identifier),
+                getNameForPFPortPool(tenantName, identifier),
+                "PF port pool for " + getNameForPFPortPool(tenantName, identifier),
+                startPort, endPort);
+    }
+
+    @Override
+    public boolean createTenantVDCPFIpPool(String tenantName, String identifier,
+            String ipAddress) throws ExecutionException {
+        return createTenantVDCIpPool(
+                getDnForPFIpPool(tenantName, identifier),
+                getNameForPFIpPool(tenantName, identifier),
+                "PF ip pool for " + getNameForPFIpPool(tenantName, identifier),
+                ipAddress);
+    }
+
+    private String getNameForPFPolicy(String tenantName, String identifier) {
+        return "PF-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFPolicy(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForPFPolicy(tenantName, identifier);
+    }
+
+    private String getDnForPFPolicyRef(String tenantName, String identifier) {
+        return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForPFPolicy(tenantName, identifier);
+    }
+
+    private String getNameForPFRule(String tenantName, String identifier) {
+        return "Rule-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForPFRule(String tenantName, String identifier, String policyIdentifier) {
+        return getDnForPFPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForPFRule(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCPFRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String publicIp,
+            String startPort, String endPort) throws ExecutionException {
+        String xml = VnmcXml.CREATE_PF_RULE.getXml();
+        String service = VnmcXml.CREATE_PF_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natruledn", getDnForPFRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "natrulename", getNameForPFRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "PF rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "ippoolname", getNameForPFIpPool(tenantName, policyIdentifier + "-" + identifier));
+        xml = replaceXmlValue(xml, "portpoolname", getNameForPFPortPool(tenantName, policyIdentifier + "-" + identifier));
+        xml = replaceXmlValue(xml, "ip", publicIp);
+        xml = replaceXmlValue(xml, "startport", startPort);
+        xml = replaceXmlValue(xml, "endport", endPort);
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+
+        List<String> rules = listChildren(getDnForPFPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCPFRule(String tenantName, String identifier,
+            String policyIdentifier) throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForPFRule(tenantName, identifier, policyIdentifier),
+                getNameForPFRule(tenantName, identifier));
+    }
+
+    @Override
+    public boolean createTenantVDCAclRuleForPF(String tenantName,
+            String identifier, String policyIdentifier, String protocol,
+            String ipAddress, String startPort, String endPort)
+            throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_RULE_FOR_PF.getXml();
+        String service = VnmcXml.CREATE_ACL_RULE_FOR_PF.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "ip", ipAddress);
+        xml = replaceXmlValue(xml, "startport", startPort);
+        xml = replaceXmlValue(xml, "endport", endPort);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicyRef(
+                getDnForPFPolicyRef(tenantName, identifier),
+                getNameForPFPolicy(tenantName, identifier),
+                tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCPFPolicy(String tenantName, String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicy(
+                getDnForPFPolicy(tenantName, identifier),
+                getNameForPFPolicy(tenantName, identifier));
+    }
+
+    @Override
+    public boolean deleteTenantVDCPFPolicy(String tenantName, String identifier) throws ExecutionException {
+        return deleteTenantVDCNatPolicy(
+                getDnForPFPolicy(tenantName, identifier),
+                getNameForPFPolicy(tenantName, identifier));
+    }
+
+    private String getNameForDNatIpPool(String tenantName, String identifier) {
+        return "DNATIp-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForDNatIpPool(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForDNatIpPool(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatIpPool(String tenantName,
+            String identifier, String ipAddress) throws ExecutionException {
+        return createTenantVDCIpPool(
+                getDnForDNatIpPool(tenantName, identifier),
+                getNameForDNatIpPool(tenantName, identifier),
+                "DNAT ip pool for " + getNameForDNatIpPool(tenantName, identifier),
+                ipAddress);
+    }
+
+    private String getNameForDNatRule(String tenantName, String identifier) {
+        return "Rule-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForDNatRule(String tenantName, String identifier, String policyIdentifier) {
+        return getDnForDNatPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForDNatRule(tenantName, identifier);
+    }
+
+    private String getNameForDNatPolicy(String tenantName, String identifier) {
+        return "DNAT-" + tenantName + "-" + identifier;
+    }
+
+    private String getDnForDNatPolicy(String tenantName, String identifier) {
+        return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForDNatPolicy(tenantName, identifier);
+    }
+
+    private String getDnForDNatPolicyRef(String tenantName, String identifier) {
+        return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForDNatPolicy(tenantName, identifier);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier, String publicIp)
+            throws ExecutionException {
+        String xml = VnmcXml.CREATE_DNAT_RULE.getXml();
+        String service = VnmcXml.CREATE_DNAT_RULE.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "natruledn", getDnForDNatRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "natrulename", getNameForDNatRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "DNAT rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "ippoolname", getNameForDNatIpPool(tenantName, policyIdentifier + "-" + identifier));
+        xml = replaceXmlValue(xml, "ip", publicIp);
+
+        List<String> rules = listChildren(getDnForDNatPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteTenantVDCDNatRule(String tenantName,
+            String identifier, String policyIdentifier)
+            throws ExecutionException {
+        return deleteTenantVDCRule(
+                getDnForDNatRule(tenantName, identifier, policyIdentifier),
+                getNameForDNatRule(tenantName, identifier));
+    }
+
+    @Override
+    public boolean createTenantVDCAclRuleForDNat(String tenantName,
+            String identifier, String policyIdentifier, String ipAddress)
+            throws ExecutionException {
+        String xml = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getXml();
+        String service = VnmcXml.CREATE_ACL_RULE_FOR_DNAT.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "ip", ipAddress);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatPolicyRef(String tenantName,
+            String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicyRef(
+                getDnForDNatPolicyRef(tenantName, identifier),
+                getNameForDNatPolicy(tenantName, identifier),
+                tenantName);
+    }
+
+    @Override
+    public boolean createTenantVDCDNatPolicy(String tenantName,
+            String identifier) throws ExecutionException {
+        return createTenantVDCNatPolicy(
+                getDnForDNatPolicy(tenantName, identifier),
+                getNameForDNatPolicy(tenantName, identifier));
+    }
+
+    @Override
+    public boolean deleteTenantVDCDNatPolicy(String tenantName,
+            String identifier) throws ExecutionException {
+        return deleteTenantVDCNatPolicy(
+                getDnForDNatPolicy(tenantName, identifier),
+                getNameForDNatPolicy(tenantName, identifier));
+    }
+
+    private String getNameForEdgeFirewall(String tenantName) {
+        return "ASA-1000v-" + tenantName;
+    }
+
+    private String getDnForEdgeFirewall(String tenantName) {
+        return getDnForTenantVDC(tenantName) + "/efw-" + getNameForEdgeFirewall(tenantName);
+    }
+
+    private String getNameForEdgeInsideIntf(String tenantName) {
+        return "Edge_Inside"; //TODO: make this configurable
+    }
+
+    private String getNameForEdgeOutsideIntf(String tenantName) {
+        return "Edge_Outside"; //TODO: make this configurable
+    }
+
+    private String getDnForOutsideIntf(String tenantName) {
+        return getDnForEdgeFirewall(tenantName) + "/interface-" + getNameForEdgeOutsideIntf(tenantName);
+    }
+
+    private String getDnForInsideIntf(String tenantName) {
+        return getDnForEdgeFirewall(tenantName) + "/interface-" + getNameForEdgeInsideIntf(tenantName);
+    }
+
+    @Override
+    public boolean createEdgeFirewall(String tenantName, String publicIp, String insideIp, 
+            String publicSubnet, String insideSubnet) throws ExecutionException {
+        String xml = VnmcXml.CREATE_EDGE_FIREWALL.getXml();
+        String service = VnmcXml.CREATE_EDGE_FIREWALL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "edgefwdescr", "Edge Firewall for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "edgefwname", getNameForEdgeFirewall(tenantName));
+        xml = replaceXmlValue(xml, "edgefwdn", getDnForEdgeFirewall(tenantName));
+        xml = replaceXmlValue(xml, "insideintfname", getNameForEdgeInsideIntf(tenantName));
+        xml = replaceXmlValue(xml, "outsideintfname", getNameForEdgeOutsideIntf(tenantName));
+
+        xml = replaceXmlValue(xml, "insideintfdn", getDnForInsideIntf(tenantName));
+        xml = replaceXmlValue(xml, "outsideintfdn", getDnForOutsideIntf(tenantName));
+
+        xml = replaceXmlValue(xml, "deviceserviceprofiledn", getDnForEdgeFirewall(tenantName) + "/device-service-profile");
+        xml = replaceXmlValue(xml, "outsideintfsp", getDnForOutsideIntf(tenantName)  + "/interface-service-profile");
+
+        xml = replaceXmlValue(xml, "secprofileref", getNameForEdgeDeviceSecurityProfile(tenantName));
+        xml = replaceXmlValue(xml, "deviceserviceprofile", getNameForEdgeDeviceServiceProfile(tenantName));
+
+        xml = replaceXmlValue(xml, "insideip", insideIp);
+        xml = replaceXmlValue(xml, "publicip", publicIp);
+        xml = replaceXmlValue(xml, "insidesubnet", insideSubnet);
+        xml = replaceXmlValue(xml, "outsidesubnet", publicSubnet);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean deleteEdgeFirewall(String tenantName) throws ExecutionException {
+        String xml = VnmcXml.DELETE_EDGE_FIREWALL.getXml();
+        String service = VnmcXml.DELETE_EDGE_FIREWALL.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "edgefwname", getNameForEdgeFirewall(tenantName));
+        xml = replaceXmlValue(xml, "edgefwdn", getDnForEdgeFirewall(tenantName));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public Map<String, String> listUnAssocAsa1000v() throws ExecutionException {
+        String xml = VnmcXml.LIST_UNASSOC_ASA1000V.getXml();
+        String service = VnmcXml.LIST_UNASSOC_ASA1000V.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+
+        String response =  sendRequest(service, xml);
+
+        Map<String, String> result = new HashMap<String, String>();
+        Document xmlDoc = getDocument(response);
+        xmlDoc.normalize();
+        NodeList fwList = xmlDoc.getElementsByTagName("fwInstance");
+        for (int j=0; j < fwList.getLength(); j++) {
+            Node fwNode = fwList.item(j);
+            result.put(fwNode.getAttributes().getNamedItem("mgmtIp").getNodeValue(),
+                    fwNode.getAttributes().getNamedItem("dn").getNodeValue());
+        }
+
+        return result;
+    }
+
+    @Override
+    public boolean assignAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
+        String xml = VnmcXml.ASSIGN_ASA1000V.getXml();
+        String service = VnmcXml.ASSIGN_ASA1000V.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "binddn", getDnForEdgeFirewall(tenantName) + "/binding");
+        xml = replaceXmlValue(xml, "fwdn", firewallDn);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean unassignAsa1000v(String tenantName, String firewallDn) throws ExecutionException {
+        String xml = VnmcXml.UNASSIGN_ASA1000V.getXml();
+        String service = VnmcXml.UNASSIGN_ASA1000V.getService();
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "binddn", getDnForEdgeFirewall(tenantName) + "/binding");
+        xml = replaceXmlValue(xml, "fwdn", firewallDn);
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    private String sendRequest(String service, String xmlRequest) throws ExecutionException {
+        org.apache.commons.httpclient.protocol.Protocol myhttps = 
+                new org.apache.commons.httpclient.protocol.Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+        HttpClient client = new HttpClient();
+        client.getHostConfiguration().setHost(_ip, 443, myhttps);
+        byte[] response = null;
+        PostMethod method = new PostMethod("/xmlIM/" + service);
+        
+        method.setRequestBody(xmlRequest);
+        
+        try{
+            int statusCode = client.executeMethod(method);
+                     
+            if (statusCode != HttpStatus.SC_OK) {
+                throw new Exception("Error code : " + statusCode);
+            }
+            response = method.getResponseBody();
+        }catch(Exception e){
+            System.out.println(e.getMessage());
+            throw new ExecutionException(e.getMessage());
+        }
+        System.out.println(new String(response));
+        return new String(response);
+    }
+
+    private Map<String, String> checkResponse(String xmlResponse, String... keys) throws ExecutionException {
+        Document xmlDoc = getDocument(xmlResponse);
+        Map<String, String> result = new HashMap<String, String>();
+        Node topElement = xmlDoc.getChildNodes().item(0);
+        if (topElement != null) {
+            for (String key: keys){
+                Node valueNode = topElement.getAttributes().getNamedItem(key);
+                result.put(key, valueNode==null?null:valueNode.getNodeValue());
+            }
+        }
+        return result;
+    }
+
+    private boolean verifySuccess(String xmlResponse) throws ExecutionException {
+        Map<String, String> checked = checkResponse(xmlResponse, "errorCode", "errorDescr");
+
+        if (checked.get("errorCode") != null) {
+            String errorCode = checked.get("errorCode");
+            if (errorCode.equals("103")) {
+                //tenant already exists
+                return true;
+            }
+            String errorDescr = checked.get("errorDescr");
+            throw new ExecutionException(errorDescr);
+        }
+        return true;
+    }
+
+    /*
+     * XML utils
+     */
+    
+    private Document getDocument(String xml) throws ExecutionException {
+        StringReader xmlReader = new StringReader("<?xml version=\"1.0\"?> \n" + xml.trim());
+        InputSource xmlSource = new InputSource(xmlReader);
+        Document doc = null; 
+
+        try {
+            doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(xmlSource);
+            
+        } catch (Exception e) {
+            s_logger.error(e);
+            throw new ExecutionException(e.getMessage());
+        }
+
+        if (doc == null) {
+            throw new ExecutionException("Failed to parse xml " + xml);
+        } else {
+            return doc;
+        }
+    }    
+
+    private String replaceXmlTag(String xml, String oldTag, String newTag) {
+        return xml.replaceAll(oldTag, newTag);
+    }
+
+    private String replaceXmlValue(String xml, String marker, String value) {
+        marker = "\\s*%" + marker + "%\\s*";
+
+        if (value == null) {
+            value = "";
+        }
+
+        return xml.replaceAll(marker, value);
+    }
+
+    private String extractXml(String xml, String marker) {
+        String startMarker = "<" + marker + ">";
+        String endMarker = "</" + marker + ">";
+        if (xml.contains(startMarker) && xml.contains(endMarker)) {
+            return xml.substring(xml.indexOf(startMarker) + startMarker.length(), xml.indexOf(endMarker));
+        } else {
+            return null;
+        }
+
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java
new file mode 100644
index 00000000000..e756165bdaa
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcController.java
@@ -0,0 +1,40 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import org.apache.cloudstack.api.Identity;
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.org.Grouping;
+
+public interface CiscoVnmcController extends Grouping, InternalIdentity, Identity {
+
+    long getId();
+
+    String getUuid();
+
+    void setUuid(String uuid);
+
+    long getPhysicalNetworkId();
+
+    long getHostId();
+
+    String getProviderName();
+
+    String getDeviceName();
+
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java
new file mode 100644
index 00000000000..4207f1dac4c
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcControllerVO.java
@@ -0,0 +1,102 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import java.util.UUID;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+@Entity
+@Table(name="external_cisco_vnmc_devices")
+public class CiscoVnmcControllerVO implements CiscoVnmcController {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name="id")
+    private long id;
+
+    @Column(name="uuid")
+    private String uuid;
+
+    @Column(name="host_id")
+    private long hostId;
+
+    @Column(name="physical_network_id")
+    private long physicalNetworkId;
+
+    @Column(name="provider_name")
+    private String providerName;
+
+    @Column(name="device_name")
+    private String deviceName;
+
+
+    public CiscoVnmcControllerVO() {
+        this.uuid = UUID.randomUUID().toString();
+    }
+
+    public CiscoVnmcControllerVO(long hostId, long physicalNetworkId,
+            String providerName, String deviceName) {
+        super();
+        this.hostId = hostId;
+        this.physicalNetworkId = physicalNetworkId;
+        this.providerName = providerName;
+        this.deviceName = deviceName;
+        this.uuid = UUID.randomUUID().toString();
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+
+    @Override
+    public String getUuid() {
+        return uuid;
+    }
+
+    @Override
+    public void setUuid(String uuid) {
+        this.uuid = uuid;
+    }
+
+    @Override
+    public long getPhysicalNetworkId() {
+        return physicalNetworkId;
+    }
+
+    @Override
+    public long getHostId() {
+        return hostId;
+    }
+
+    @Override
+    public String getProviderName() {
+        return providerName;
+    }
+
+    @Override
+    public String getDeviceName() {
+        return deviceName;
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java
new file mode 100755
index 00000000000..2e004dccd41
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMap.java
@@ -0,0 +1,31 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.org.Grouping;
+
+public interface NetworkAsa1000vMap extends Grouping, InternalIdentity {
+
+    long getId();
+
+    long getNetworkId();
+
+    long getAsa1000vId();
+
+}
\ No newline at end of file
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java
new file mode 100755
index 00000000000..9638b6f8ae2
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/NetworkAsa1000vMapVO.java
@@ -0,0 +1,73 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+@Entity
+@Table(name="network_asa1000v_map")
+public class NetworkAsa1000vMapVO implements NetworkAsa1000vMap {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name="id")
+    private long id;
+
+    @Column(name="network_id")
+    private long networkId;
+
+    @Column(name="asa1000v_id")
+    private long asa1000vId;
+    
+    public NetworkAsa1000vMapVO() {
+    }
+
+    public NetworkAsa1000vMapVO(long networkId, long asa1000vId) {
+        super();
+        this.networkId = networkId;
+        this.asa1000vId = asa1000vId;
+    }
+
+	@Override
+	public long getId() {
+		return id;
+	}
+
+	@Override
+	public long getAsa1000vId() {
+		return asa1000vId;
+	}
+
+	public void setAsa1000vId(long asa1000vId) {
+		this.asa1000vId = asa1000vId;
+	}
+
+	@Override
+	public long getNetworkId() {
+		return networkId;
+	}
+
+	public void setNetworkId(long networkId) {
+		this.networkId = networkId;
+	}
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java
new file mode 100755
index 00000000000..1a380b13691
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDao.java
@@ -0,0 +1,33 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface CiscoAsa1000vDao extends GenericDao<CiscoAsa1000vDeviceVO, Long>{
+    /**
+     * list all the Cisco Asa 1000v devices added in to this physical network
+     * @param physicalNetworkId physical Network Id
+     * @return list of CiscoAsa1000vDeviceVO for this physical network.
+     */
+    List<CiscoAsa1000vDeviceVO> listByPhysicalNetwork(long physicalNetworkId);
+
+    CiscoAsa1000vDeviceVO findByManagementIp(String managementIp);
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java
new file mode 100755
index 00000000000..a5820dea48b
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoAsa1000vDaoImpl.java
@@ -0,0 +1,63 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+
+@Component
+@Local(value=CiscoAsa1000vDao.class)
+public class CiscoAsa1000vDaoImpl extends GenericDaoBase<CiscoAsa1000vDeviceVO, Long>
+        implements CiscoAsa1000vDao {
+
+    protected final SearchBuilder<CiscoAsa1000vDeviceVO> physicalNetworkIdSearch;
+    protected final SearchBuilder<CiscoAsa1000vDeviceVO> managementIpSearch;
+
+    public CiscoAsa1000vDaoImpl() {
+        physicalNetworkIdSearch = createSearchBuilder();
+        physicalNetworkIdSearch.and("physicalNetworkId", physicalNetworkIdSearch.entity().getPhysicalNetworkId(), Op.EQ);
+        physicalNetworkIdSearch.done();
+
+        managementIpSearch = createSearchBuilder();
+        managementIpSearch.and("managementIp", managementIpSearch.entity().getManagementIp(), Op.EQ);
+        managementIpSearch.done();
+    }
+
+    @Override
+    public List<CiscoAsa1000vDeviceVO> listByPhysicalNetwork(long physicalNetworkId) {
+        SearchCriteria<CiscoAsa1000vDeviceVO> sc = physicalNetworkIdSearch.create();
+        sc.setParameters("physicalNetworkId", physicalNetworkId);
+        return search(sc, null);
+    }
+
+    @Override
+    public CiscoAsa1000vDeviceVO findByManagementIp(String managementIp) {
+        SearchCriteria<CiscoAsa1000vDeviceVO> sc = managementIpSearch.create();
+        sc.setParameters("managementIp", managementIp);
+        return findOneBy(sc);
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java
new file mode 100644
index 00000000000..f0b394834a0
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDao.java
@@ -0,0 +1,32 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface CiscoVnmcDao extends GenericDao<CiscoVnmcControllerVO, Long>{
+    /**
+     * list all the Cisco VNMC devices added in to this physical network
+     * @param physicalNetworkId physical Network Id
+     * @return list of CiscoVnmcDeviceVO for this physical network.
+     */
+    List<CiscoVnmcControllerVO> listByPhysicalNetwork(long physicalNetworkId);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java
new file mode 100644
index 00000000000..89518104851
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/CiscoVnmcDaoImpl.java
@@ -0,0 +1,51 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import java.util.List;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+
+@Component
+@Local(value=CiscoVnmcDao.class)
+public class CiscoVnmcDaoImpl extends GenericDaoBase<CiscoVnmcControllerVO, Long>
+        implements CiscoVnmcDao {
+    
+    protected final SearchBuilder<CiscoVnmcControllerVO> physicalNetworkIdSearch;
+
+    public CiscoVnmcDaoImpl() {
+        physicalNetworkIdSearch = createSearchBuilder();
+        physicalNetworkIdSearch.and("physicalNetworkId", physicalNetworkIdSearch.entity().getPhysicalNetworkId(), Op.EQ);
+        physicalNetworkIdSearch.done();
+    }
+
+    @Override
+    public List<CiscoVnmcControllerVO> listByPhysicalNetwork(long physicalNetworkId) {
+        SearchCriteria<CiscoVnmcControllerVO> sc = physicalNetworkIdSearch.create();
+        sc.setParameters("physicalNetworkId", physicalNetworkId);
+        return search(sc, null);
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java
new file mode 100755
index 00000000000..053f4afef54
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDao.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface NetworkAsa1000vMapDao extends GenericDao<NetworkAsa1000vMapVO, Long>{
+
+    NetworkAsa1000vMapVO findByNetworkId(long networkId);
+
+    NetworkAsa1000vMapVO findByAsa1000vId(long asa1000vId);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java
new file mode 100755
index 00000000000..692b3d6fda6
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/dao/NetworkAsa1000vMapDaoImpl.java
@@ -0,0 +1,61 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import javax.ejb.Local;
+
+import org.springframework.stereotype.Component;
+
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.SearchCriteria.Op;
+
+@Component
+@Local(value=NetworkAsa1000vMapDao.class)
+public class NetworkAsa1000vMapDaoImpl extends GenericDaoBase<NetworkAsa1000vMapVO, Long>
+        implements NetworkAsa1000vMapDao {
+
+    protected final SearchBuilder<NetworkAsa1000vMapVO> networkSearch;
+    protected final SearchBuilder<NetworkAsa1000vMapVO> asa1000vSearch;
+
+    public NetworkAsa1000vMapDaoImpl() {
+        networkSearch = createSearchBuilder();
+        networkSearch.and("networkId", networkSearch.entity().getNetworkId(), Op.EQ);
+        networkSearch.done();
+
+        asa1000vSearch = createSearchBuilder();
+        asa1000vSearch.and("asa1000vId", asa1000vSearch.entity().getAsa1000vId(), Op.EQ);
+        asa1000vSearch.done();
+    }
+
+    @Override
+    public NetworkAsa1000vMapVO findByNetworkId(long networkId) {
+        SearchCriteria<NetworkAsa1000vMapVO> sc = networkSearch.create();
+        sc.setParameters("networkId", networkId);
+        return findOneBy(sc);
+    }
+
+    @Override
+    public NetworkAsa1000vMapVO findByAsa1000vId(long asa1000vId) {
+        SearchCriteria<NetworkAsa1000vMapVO> sc = asa1000vSearch.create();
+        sc.setParameters("asa1000vId", asa1000vId);
+        return findOneBy(sc);
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java
new file mode 100755
index 00000000000..dff9288b0ff
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoAsa1000vService.java
@@ -0,0 +1,43 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.element;
+
+import java.util.List;
+
+import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.ListCiscoAsa1000vResourcesCmd;
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.network.Network;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.utils.component.PluggableService;
+
+public interface CiscoAsa1000vService extends PluggableService {
+
+    public CiscoAsa1000vDevice addCiscoAsa1000vResource(AddCiscoAsa1000vResourceCmd cmd);
+
+    public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
+            CiscoAsa1000vDevice ciscoAsa1000vDeviceVO);
+
+    boolean deleteCiscoAsa1000vResource(DeleteCiscoAsa1000vResourceCmd cmd);
+
+    List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(ListCiscoAsa1000vResourcesCmd cmd);
+
+    CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
new file mode 100644
index 00000000000..443bb40f57f
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -0,0 +1,928 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.network.element;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import javax.naming.ConfigurationException;
+
+import org.apache.cloudstack.network.ExternalNetworkDeviceManager.NetworkDevice;
+import org.apache.log4j.Logger;
+
+import com.cloud.agent.AgentManager;
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupExternalFirewallCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
+import com.cloud.agent.api.to.IpAddressTO;
+import com.cloud.agent.api.to.PortForwardingRuleTO;
+import com.cloud.agent.api.to.StaticNatRuleTO;
+import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.AddCiscoVnmcResourceCmd;
+import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd;
+import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd;
+import com.cloud.api.commands.ListCiscoAsa1000vResourcesCmd;
+import com.cloud.api.commands.ListCiscoVnmcResourcesCmd;
+import com.cloud.api.response.CiscoAsa1000vResourceResponse;
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.configuration.ConfigurationManager;
+import com.cloud.dc.ClusterVO;
+import com.cloud.dc.ClusterVSMMapVO;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.Vlan;
+import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.dao.ClusterDao;
+import com.cloud.dc.dao.ClusterVSMMapDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.deploy.DeployDestination;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.host.DetailVO;
+import com.cloud.host.Host;
+import com.cloud.host.HostVO;
+import com.cloud.host.dao.HostDao;
+import com.cloud.host.dao.HostDetailsDao;
+import com.cloud.network.CiscoNexusVSMDeviceVO;
+import com.cloud.network.IpAddress;
+import com.cloud.network.Network;
+import com.cloud.network.NetworkManager;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.PhysicalNetworkServiceProvider;
+import com.cloud.network.dao.PhysicalNetworkVO;
+import com.cloud.network.Network.Capability;
+import com.cloud.network.Network.Provider;
+import com.cloud.network.Network.Service;
+import com.cloud.network.Networks.BroadcastDomainType;
+import com.cloud.network.PublicIpAddress;
+import com.cloud.network.addr.PublicIp;
+import com.cloud.network.cisco.CiscoAsa1000vDevice;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.network.dao.CiscoAsa1000vDao;
+import com.cloud.network.dao.CiscoNexusVSMDeviceDao;
+import com.cloud.network.dao.CiscoVnmcDao;
+import com.cloud.network.dao.NetworkAsa1000vMapDao;
+import com.cloud.network.dao.NetworkDao;
+import com.cloud.network.dao.PhysicalNetworkDao;
+import com.cloud.network.dao.PhysicalNetworkServiceProviderDao;
+import com.cloud.network.dao.PhysicalNetworkServiceProviderVO;
+import com.cloud.network.resource.CiscoVnmcResource;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.rules.StaticNat;
+import com.cloud.offering.NetworkOffering;
+import com.cloud.resource.ResourceManager;
+import com.cloud.resource.ResourceState;
+import com.cloud.resource.ResourceStateAdapter;
+import com.cloud.resource.ServerResource;
+import com.cloud.resource.UnableDeleteHostException;
+import com.cloud.user.Account;
+import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.NicProfile;
+import com.cloud.vm.ReservationContext;
+import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.VirtualMachine.Type;
+import com.cloud.vm.VirtualMachineProfile;
+
+@Local(value = NetworkElement.class)
+public class CiscoVnmcElement extends AdapterBase implements SourceNatServiceProvider, FirewallServiceProvider,
+    PortForwardingServiceProvider, IpDeployer, StaticNatServiceProvider, ResourceStateAdapter, NetworkElement,
+    CiscoVnmcElementService, CiscoAsa1000vService {
+    private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class);
+    private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();
+
+    @Inject
+    AgentManager _agentMgr;
+    @Inject
+    ResourceManager _resourceMgr;
+    @Inject
+    ConfigurationManager _configMgr;
+    @Inject
+    NetworkManager _networkMgr;
+    @Inject
+    NetworkModel _networkModel;
+
+    @Inject
+    PhysicalNetworkDao _physicalNetworkDao;
+    @Inject
+    PhysicalNetworkServiceProviderDao _physicalNetworkServiceProviderDao;
+    @Inject 
+    HostDetailsDao _hostDetailsDao;
+    @Inject
+    HostDao _hostDao;
+    @Inject
+    NetworkDao _networkDao;
+    @Inject
+    ClusterDao _clusterDao;
+    @Inject
+    VlanDao _vlanDao;
+    @Inject
+    ClusterVSMMapDao _clusterVsmMapDao;
+    @Inject
+    CiscoNexusVSMDeviceDao _vsmDeviceDao;
+    @Inject
+    CiscoVnmcDao _ciscoVnmcDao;
+    @Inject
+    CiscoAsa1000vDao _ciscoAsa1000vDao;
+    @Inject
+    NetworkAsa1000vMapDao _networkAsa1000vMapDao;
+
+    protected boolean canHandle(Network network) {
+        if (network.getBroadcastDomainType() != BroadcastDomainType.Vlan) {
+            return false; //TODO: should handle VxLAN as well
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean configure(String name, Map<String, Object> params)
+            throws ConfigurationException {
+        super.configure(name, params);
+        _resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this);
+        return true;
+    }
+
+    private static Map<Service, Map<Capability, String>> setCapabilities() {
+        Map<Service, Map<Capability, String>> capabilities = new HashMap<Service, Map<Capability, String>>();
+        capabilities.put(Service.Gateway, null);
+
+        Map<Capability, String> firewallCapabilities = new HashMap<Capability, String>();
+        firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
+        firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress,egress");
+        firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
+        firewallCapabilities.put(Capability.SupportedEgressProtocols, "tcp,udp,icmp");
+        firewallCapabilities.put(Capability.MultipleIps, "true");
+        capabilities.put(Service.Firewall, firewallCapabilities);
+
+        capabilities.put(Service.StaticNat, null);
+        capabilities.put(Service.PortForwarding, null);
+
+        Map<Capability, String> sourceNatCapabilities = new HashMap<Capability, String>();
+        sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "peraccount");
+        sourceNatCapabilities.put(Capability.RedundantRouter, "false"); //TODO:
+        capabilities.put(Service.SourceNat, sourceNatCapabilities);
+        return capabilities;
+    }
+
+    @Override
+    public Map<Service, Map<Capability, String>> getCapabilities() {
+        return capabilities;
+    }
+
+    @Override
+    public Provider getProvider() {
+        return Provider.CiscoVnmc;
+    }
+
+    private boolean createLogicalEdgeFirewall(long vlanId,
+            String gateway, String gatewayNetmask,
+            String publicIp, String publicNetmask,
+            List<String> publicGateways, long hostId) {
+        CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, publicIp, gateway, publicNetmask, gatewayNetmask);
+        for (String publicGateway : publicGateways) {
+            cmd.getPublicGateways().add(publicGateway);
+        }
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    private boolean configureNexusVsmForAsa(long vlanId, String gateway,
+            String vsmUsername, String vsmPassword, String vsmIp,
+            String asaInPortProfile, long hostId) {
+        ConfigureNexusVsmForAsaCommand cmd = new ConfigureNexusVsmForAsaCommand(vlanId, gateway, vsmUsername, vsmPassword, vsmIp, asaInPortProfile);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    private boolean configureSourceNat(long vlanId, String guestCidr,
+            PublicIp sourceNatIp, long hostId) {
+        boolean add = (sourceNatIp.getState() == IpAddress.State.Releasing ? false : true);
+        IpAddressTO ip = new IpAddressTO(sourceNatIp.getAccountId(), sourceNatIp.getAddress().addr(), add, false,
+                sourceNatIp.isSourceNat(), sourceNatIp.getVlanTag(), sourceNatIp.getGateway(), sourceNatIp.getNetmask(), sourceNatIp.getMacAddress(),
+                null, sourceNatIp.isOneToOneNat());
+        boolean addSourceNat = false;
+        if (sourceNatIp.isSourceNat()) {
+            addSourceNat = add;
+        }
+
+        SetSourceNatCommand cmd = new SetSourceNatCommand(ip, addSourceNat);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, guestCidr);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    private boolean associateAsaWithLogicalEdgeFirewall(long vlanId,
+            String asaMgmtIp, long hostId) {
+        AssociateAsaWithLogicalEdgeFirewallCommand cmd = 
+                new AssociateAsaWithLogicalEdgeFirewallCommand(vlanId, asaMgmtIp);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    @Override
+    public boolean implement(Network network, NetworkOffering offering,
+            DeployDestination dest, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException,
+            InsufficientCapacityException {
+        DataCenter zone = _configMgr.getZone(network.getDataCenterId());
+
+        if (zone.getNetworkType() == NetworkType.Basic) {
+            s_logger.debug("Not handling network implement in zone of type " + NetworkType.Basic);
+            return false;
+        }
+
+        if (!canHandle(network)) {
+            return false;
+        }
+
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (asaList.isEmpty()) {
+            s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
+            return false;
+        }
+
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork != null) {
+            s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
+            return true;
+        }
+
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
+            s_logger.error("SourceNat service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        Transaction txn = Transaction.currentTxn();
+        boolean status = false;
+        try {
+            txn.start();
+
+            // ensure that there is an ASA 1000v assigned to this network
+            CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
+            if (assignedAsa == null) {
+                s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
+                return false;
+            }
+
+            ClusterVO asaCluster = _clusterDao.findById(assignedAsa.getClusterId());
+            ClusterVSMMapVO clusterVsmMap = _clusterVsmMapDao.findByClusterId(assignedAsa.getClusterId());
+            if (clusterVsmMap == null) {
+                s_logger.error("Vmware cluster " + asaCluster.getName() + " has no Cisco Nexus VSM device associated with it");
+                return false;
+            }
+
+            CiscoNexusVSMDeviceVO vsmDevice = _vsmDeviceDao.findById(clusterVsmMap.getVsmId());
+            if (vsmDevice == null) {
+                s_logger.error("Unable to load details of Cisco Nexus VSM device associated with cluster " + asaCluster.getName());
+                return false;
+            }
+
+            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+            _hostDao.loadDetails(ciscoVnmcHost);
+            Account owner = context.getAccount();
+            PublicIp sourceNatIp = _networkMgr.assignSourceNatIpAddressToGuestNetwork(owner, network);
+            String vlan = network.getBroadcastUri().getHost();
+            long vlanId = Long.parseLong(vlan);
+
+            List<VlanVO> vlanVOList = _vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId());
+            List<String> publicGateways = new ArrayList<String>();
+            for (VlanVO vlanVO : vlanVOList) {
+                publicGateways.add(vlanVO.getVlanGateway());
+            }
+
+            // create logical edge firewall in VNMC
+            String gatewayNetmask = NetUtils.getCidrNetmask(network.getCidr());
+            if (!createLogicalEdgeFirewall(vlanId, network.getGateway(), gatewayNetmask,
+                    sourceNatIp.getAddress().addr(), sourceNatIp.getNetmask(), publicGateways, ciscoVnmcHost.getId())) {
+                s_logger.error("Failed to create logical edge firewall in Cisco VNMC device for network " + network.getName());
+                return false;
+            }
+
+            // create stuff in VSM for ASA device
+            if (!configureNexusVsmForAsa(vlanId, network.getGateway(),
+                    vsmDevice.getUserName(), vsmDevice.getPassword(), vsmDevice.getipaddr(),
+                    assignedAsa.getInPortProfile(), ciscoVnmcHost.getId())) {
+                s_logger.error("Failed to configure Cisco Nexus VSM " + vsmDevice.getipaddr() +
+                        " for ASA device for network " + network.getName());
+                return false;
+            }
+
+            // configure source NAT
+            //if (!configureSourceNat(vlanId, network.getCidr(), sourceNatIp, ciscoVnmcHost.getId())) {
+            //    s_logger.error("Failed to configure source NAT in Cisco VNMC device for network " + network.getName());
+            //    return false;
+            //}
+
+            // associate Asa 1000v instance with logical edge firewall
+            if (!associateAsaWithLogicalEdgeFirewall(vlanId, assignedAsa.getManagementIp(), ciscoVnmcHost.getId())) {
+                s_logger.error("Failed to associate Cisco ASA 1000v (" + assignedAsa.getManagementIp() +
+                        ") with logical edge firewall in VNMC for network " + network.getName());
+                return false;
+            }
+
+            status = true;
+            txn.commit();
+        } finally {
+            if (!status) {
+                txn.rollback();
+                //FIXME: also undo changes in VNMC, VSM if anything failed
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean prepare(Network network, NicProfile nic,
+            VirtualMachineProfile<? extends VirtualMachine> vm,
+            DeployDestination dest, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException,
+            InsufficientCapacityException {
+        if (vm.getType() != Type.User) {
+            return false;
+        }
+
+        // ensure that there is an ASA 1000v assigned to this network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean release(Network network, NicProfile nic,
+            VirtualMachineProfile<? extends VirtualMachine> vm,
+            ReservationContext context) throws ConcurrentOperationException,
+            ResourceUnavailableException {
+        return true;
+    }
+
+    private boolean cleanupLogicalEdgeFirewall(long vlanId, long hostId) {
+        CleanupLogicalEdgeFirewallCommand cmd = new CleanupLogicalEdgeFirewallCommand(vlanId);
+        Answer answer = _agentMgr.easySend(hostId, cmd);
+        return answer.getResult();
+    }
+
+    @Override
+    public boolean shutdown(Network network, ReservationContext context,
+            boolean cleanup) throws ConcurrentOperationException,
+            ResourceUnavailableException {
+
+        unassignAsa1000vFromNetwork(network);
+
+        String vlan = network.getBroadcastUri().getHost();
+        long vlanId = Long.parseLong(vlan);
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (!devices.isEmpty()) {
+            CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+            HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+            cleanupLogicalEdgeFirewall(vlanId, ciscoVnmcHost.getId());
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean isReady(PhysicalNetworkServiceProvider provider) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean shutdownProviderInstances(
+            PhysicalNetworkServiceProvider provider, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean canEnableIndividualServices() {
+        return true;
+    }
+
+    @Override
+    public boolean verifyServicesCombination(Set<Service> services) {
+        if (!services.contains(Service.Firewall)) {
+            s_logger.warn("CiscoVnmc must be used as Firewall Service Provider in the network");
+            return false;
+        }
+        return true;
+    }
+
+    @Override
+    public boolean destroy(Network network, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException {
+        return true;
+    }
+
+    @Override
+    public List<Class<?>> getCommands() {
+        List<Class<?>> cmdList = new ArrayList<Class<?>>();
+        cmdList.add(AddCiscoVnmcResourceCmd.class);
+        cmdList.add(DeleteCiscoVnmcResourceCmd.class);
+        cmdList.add(ListCiscoVnmcResourcesCmd.class);
+        cmdList.add(AddCiscoAsa1000vResourceCmd.class);
+        cmdList.add(DeleteCiscoAsa1000vResourceCmd.class);
+        cmdList.add(ListCiscoAsa1000vResourcesCmd.class);
+        return cmdList;
+    }
+
+    @Override
+    public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
+        String deviceName = Provider.CiscoVnmc.getName();
+        NetworkDevice networkDevice = NetworkDevice.getNetworkDevice(deviceName);
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        CiscoVnmcController ciscoVnmcResource = null;
+
+        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+        if (physicalNetwork == null) {
+            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
+        }
+        long zoneId = physicalNetwork.getDataCenterId();
+
+        PhysicalNetworkServiceProviderVO ntwkSvcProvider = _physicalNetworkServiceProviderDao.findByServiceProvider(physicalNetwork.getId(), networkDevice.getNetworkServiceProvder());
+        if (ntwkSvcProvider == null) {
+            throw new CloudRuntimeException("Network Service Provider: " + networkDevice.getNetworkServiceProvder() +
+                    " is not enabled in the physical network: " + physicalNetworkId + "to add this device");
+        } else if (ntwkSvcProvider.getState() == PhysicalNetworkServiceProvider.State.Shutdown) {
+            throw new CloudRuntimeException("Network Service Provider: " + ntwkSvcProvider.getProviderName() +
+                    " is in shutdown state in the physical network: " + physicalNetworkId + "to add this device");
+        }
+
+        if (_ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId).size() != 0) {
+            throw new CloudRuntimeException("A Cisco Vnmc device is already configured on this physical network");
+        }
+
+        Map<String, String> params = new HashMap<String,String>();
+        params.put("guid", UUID.randomUUID().toString());
+        params.put("zoneId", String.valueOf(physicalNetwork.getDataCenterId()));
+        params.put("physicalNetworkId", String.valueOf(physicalNetwork.getId()));
+        params.put("name", "Cisco VNMC Controller - " + cmd.getHost());
+        params.put("ip", cmd.getHost());
+        params.put("username", cmd.getUsername());
+        params.put("password", cmd.getPassword());
+        params.put("transportzoneisotype", physicalNetwork.getIsolationMethods().get(0).toLowerCase()); // FIXME What to do with multiple isolation types
+
+        Map<String, Object> hostdetails = new HashMap<String,Object>();
+        hostdetails.putAll(params);
+
+        ServerResource resource = new CiscoVnmcResource();
+        Transaction txn = Transaction.currentTxn();
+        try {
+            resource.configure(cmd.getHost(), hostdetails);
+
+            Host host = _resourceMgr.addHost(zoneId, resource, Host.Type.ExternalFirewall, params);
+            if (host != null) {
+                txn.start();
+
+                ciscoVnmcResource = new CiscoVnmcControllerVO(host.getId(), physicalNetworkId, ntwkSvcProvider.getProviderName(), deviceName);
+                _ciscoVnmcDao.persist((CiscoVnmcControllerVO)ciscoVnmcResource);
+                
+                DetailVO detail = new DetailVO(host.getId(), "deviceid", String.valueOf(ciscoVnmcResource.getId()));
+                _hostDetailsDao.persist(detail);
+
+                txn.commit();
+                return ciscoVnmcResource;
+            } else {
+                throw new CloudRuntimeException("Failed to add Cisco Vnmc device due to internal error.");
+            }
+        } catch (ConfigurationException e) {
+            txn.rollback();
+            throw new CloudRuntimeException(e.getMessage());
+        }
+    }
+
+    @Override
+    public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
+            CiscoVnmcController ciscoVnmcResourceVO) {
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcResourceVO.getHostId());
+
+        CiscoVnmcResourceResponse response = new CiscoVnmcResourceResponse();
+        response.setId(ciscoVnmcResourceVO.getUuid());
+        response.setPhysicalNetworkId(ciscoVnmcResourceVO.getPhysicalNetworkId());
+        response.setProviderName(ciscoVnmcResourceVO.getProviderName());
+        response.setResourceName(ciscoVnmcHost.getName());
+
+        return response;
+    }
+
+    @Override
+    public boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd) {
+        Long vnmcResourceId = cmd.getCiscoVnmcResourceId();
+        CiscoVnmcControllerVO vnmcResource = _ciscoVnmcDao.findById(vnmcResourceId);
+        if (vnmcResource == null) {
+            throw new InvalidParameterValueException(
+                    "Could not find a Cisco VNMC appliance with id " + vnmcResourceId);
+        }
+
+        // Check if there any ASA 1000v appliances
+        Long physicalNetworkId = vnmcResource.getPhysicalNetworkId();
+        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+        if (physicalNetwork != null) {
+            List<CiscoAsa1000vDeviceVO> responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
+            if (responseList.size() > 0) {
+                throw new CloudRuntimeException(
+                        "Cisco VNMC appliance with id " + vnmcResourceId +
+                        " cannot be deleted as there Cisco ASA 1000v appliances using it");
+            }
+        }
+
+        HostVO vnmcHost = _hostDao.findById(vnmcResource.getHostId());
+        Long hostId = vnmcHost.getId();
+        vnmcHost.setResourceState(ResourceState.Maintenance);
+        _hostDao.update(hostId, vnmcHost);
+        _resourceMgr.deleteHost(hostId, false, false);
+        _ciscoVnmcDao.remove(vnmcResourceId);
+
+        return true;
+    }
+
+    @Override
+    public List<CiscoVnmcControllerVO> listCiscoVnmcResources(
+            ListCiscoVnmcResourcesCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        Long ciscoVnmcResourceId = cmd.getCiscoVnmcResourceId();
+        List<CiscoVnmcControllerVO> responseList = new ArrayList<CiscoVnmcControllerVO>();
+
+        if (physicalNetworkId == null && ciscoVnmcResourceId == null) {
+            throw new InvalidParameterValueException("Either physical network Id or vnmc device Id must be specified");
+        }
+
+        if (ciscoVnmcResourceId != null) {
+            CiscoVnmcControllerVO ciscoVnmcResource = _ciscoVnmcDao.findById(ciscoVnmcResourceId);
+            if (ciscoVnmcResource == null) {
+                throw new InvalidParameterValueException("Could not find Cisco Vnmc device with id: " + ciscoVnmcResource);
+            }
+            responseList.add(ciscoVnmcResource);
+        }
+        else {
+            PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+            if (physicalNetwork == null) {
+                throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+            }
+            responseList = _ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId);
+        }
+
+        return responseList;
+    }
+
+    @Override
+    public IpDeployer getIpDeployer(Network network) {
+        return this;
+    }
+
+    @Override
+    public boolean applyFWRules(Network network,
+            List<? extends FirewallRule> rules)
+            throws ResourceUnavailableException {
+
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)) {
+            s_logger.error("Firewall service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        // Find VNMC host for physical network
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return true;
+        }
+
+        // Find if ASA 1000v is associated with network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
+            return true;
+        }
+
+        if (network.getState() == Network.State.Allocated) {
+            s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
+            return true;
+        }
+
+        CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+
+        List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
+        for (FirewallRule rule : rules) {
+            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+            FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getPurpose(), rule.getTrafficType());
+            rulesTO.add(ruleTO);
+        }
+
+        if (!rulesTO.isEmpty()) {
+            SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rulesTO);
+            cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
+            cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
+            Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
+            if (answer == null || !answer.getResult()) {
+                String details = (answer != null) ? answer.getDetails() : "details unavailable";
+                String msg = "Unable to apply firewall rules to Cisco ASA 1000v appliance due to: " + details + ".";
+                s_logger.error(msg);
+                throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
+            throws ResourceUnavailableException {
+
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)) {
+            s_logger.error("Port forwarding service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        // Find VNMC host for physical network
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return true;
+        }
+
+        // Find if ASA 1000v is associated with network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
+            return true;
+        }
+
+        if (network.getState() == Network.State.Allocated) {
+            s_logger.debug("External firewall was asked to apply port forwarding rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
+            return true;
+        }
+
+        CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+
+        List<PortForwardingRuleTO> rulesTO = new ArrayList<PortForwardingRuleTO>();
+        for (PortForwardingRule rule : rules) {
+            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+            Vlan vlan = _vlanDao.findById(sourceIp.getVlanId());
+            PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, vlan.getVlanTag(), sourceIp.getAddress().addr());
+            rulesTO.add(ruleTO);
+        }
+
+        if (!rulesTO.isEmpty()) {
+            SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rulesTO);
+            cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
+            cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
+            Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
+            if (answer == null || !answer.getResult()) {
+                String details = (answer != null) ? answer.getDetails() : "details unavailable";
+                String msg = "Unable to apply port forwarding rules to Cisco ASA 1000v appliance due to: " + details + ".";
+                s_logger.error(msg);
+                throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean applyStaticNats(Network network,
+            List<? extends StaticNat> rules)
+            throws ResourceUnavailableException {
+        if (!_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, Provider.CiscoVnmc)) {
+            s_logger.error("Static NAT service is not provided by Cisco Vnmc device on network " + network.getName());
+            return false;
+        }
+
+        // Find VNMC host for physical network
+        List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        if (devices.isEmpty()) {
+            s_logger.error("No Cisco Vnmc device on network " + network.getName());
+            return true;
+        }
+
+        // Find if ASA 1000v is associated with network
+        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (asaForNetwork == null) {
+            s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName());
+            return true;
+        }
+
+        if (network.getState() == Network.State.Allocated) {
+            s_logger.debug("External firewall was asked to apply static NAT rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands.");
+            return true;
+        }
+
+        CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0);
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId());
+
+        List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
+        for (StaticNat rule : rules) {
+            IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
+            StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, 
+                    null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
+            rulesTO.add(ruleTO);
+        }
+
+        if (!rulesTO.isEmpty()) {
+            SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
+            cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost());
+            cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr());
+            Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd);
+            if (answer == null || !answer.getResult()) {
+                String details = (answer != null) ? answer.getDetails() : "details unavailable";
+                String msg = "Unable to apply static NAT rules to Cisco ASA 1000v appliance due to: " + details + ".";
+                s_logger.error(msg);
+                throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId());
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public boolean applyIps(Network network,
+            List<? extends PublicIpAddress> ipAddress, Set<Service> services)
+            throws ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public HostVO createHostVOForConnectedAgent(HostVO host,
+            StartupCommand[] cmd) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public HostVO createHostVOForDirectConnectAgent(HostVO host,
+            StartupCommand[] startup, ServerResource resource,
+            Map<String, String> details, List<String> hostTags) {
+        if (!(startup[0] instanceof StartupExternalFirewallCommand)) {
+            return null;
+        }
+        host.setType(Host.Type.ExternalFirewall);
+        return host;
+    }
+
+    @Override
+    public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
+            boolean isForceDeleteStorage) throws UnableDeleteHostException {
+        if (host.getType() != com.cloud.host.Host.Type.ExternalFirewall) {
+            return null;
+        }
+        return new DeleteHostAnswer(true);
+    }
+
+    @Override
+    public CiscoAsa1000vDevice addCiscoAsa1000vResource(
+            AddCiscoAsa1000vResourceCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        CiscoAsa1000vDevice ciscoAsa1000vResource = null;
+
+        PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+        if (physicalNetwork == null) {
+            throw new InvalidParameterValueException("Could not find phyical network with ID: " + physicalNetworkId);
+        }
+
+        ciscoAsa1000vResource = new CiscoAsa1000vDeviceVO(physicalNetworkId, cmd.getManagementIp(), cmd.getInPortProfile(), cmd.getClusterId());
+        _ciscoAsa1000vDao.persist((CiscoAsa1000vDeviceVO)ciscoAsa1000vResource);
+
+        return ciscoAsa1000vResource;
+    }
+
+    @Override
+    public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
+            CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
+        CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
+        response.setId(ciscoAsa1000vDeviceVO.getUuid());
+        response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
+        response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());
+
+        NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(ciscoAsa1000vDeviceVO.getId());
+        if (networkAsaMap != null) {
+            response.setGuestNetworkId(networkAsaMap.getNetworkId());
+        }
+
+        return response;
+    }
+
+    @Override
+    public boolean deleteCiscoAsa1000vResource(
+            DeleteCiscoAsa1000vResourceCmd cmd) {
+        Long asaResourceId = cmd.getCiscoAsa1000vResourceId();
+        CiscoAsa1000vDeviceVO asaResource = _ciscoAsa1000vDao.findById(asaResourceId);
+        if (asaResource == null) {
+            throw new InvalidParameterValueException(
+                    "Could not find a Cisco ASA 1000v appliance with id " + asaResourceId);
+        }
+
+        NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByAsa1000vId(asaResource.getId());
+        if (networkAsaMap != null) {
+            throw new CloudRuntimeException(
+                    "Cisco ASA 1000v appliance with id " + asaResourceId +
+                    " cannot be deleted as it is associated with guest network");
+        }
+
+        _ciscoAsa1000vDao.remove(asaResourceId);
+
+        return true;
+    }
+
+    @Override
+    public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(
+            ListCiscoAsa1000vResourcesCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId();
+        List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>();
+
+        if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) {
+            throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified");
+        }
+
+        if (ciscoAsa1000vResourceId != null) {
+            CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId);
+            if (ciscoAsa1000vResource == null) {
+                throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId);
+            }
+            responseList.add(ciscoAsa1000vResource);
+        } else {
+            PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+            if (physicalNetwork == null) {
+                throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+            }
+            responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
+        }
+
+        return responseList;
+    }
+
+    @Override
+    public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
+        List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
+        for (CiscoAsa1000vDeviceVO asa : asaList) {
+            NetworkAsa1000vMapVO assignedToNetwork = _networkAsa1000vMapDao.findByAsa1000vId(asa.getId());
+            if (assignedToNetwork == null) {
+                NetworkAsa1000vMapVO networkAsaMap = new NetworkAsa1000vMapVO(network.getId(), asa.getId());
+                _networkAsa1000vMapDao.persist(networkAsaMap);
+                return asa;
+            }
+        }
+        return null;
+    }
+
+    private void unassignAsa1000vFromNetwork(Network network) {
+        NetworkAsa1000vMapVO networkAsaMap = _networkAsa1000vMapDao.findByNetworkId(network.getId());
+        if (networkAsaMap != null) {
+            _networkAsa1000vMapDao.remove(networkAsaMap.getId());
+        }
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java
new file mode 100644
index 00000000000..e8eb473154a
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElementService.java
@@ -0,0 +1,42 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.element;
+
+import java.util.List;
+
+import com.cloud.api.commands.AddCiscoVnmcResourceCmd;
+import com.cloud.api.commands.DeleteCiscoVnmcResourceCmd;
+import com.cloud.api.commands.ListCiscoVnmcResourcesCmd;
+import com.cloud.api.response.CiscoVnmcResourceResponse;
+import com.cloud.network.cisco.CiscoVnmcController;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.utils.component.PluggableService;
+
+public interface CiscoVnmcElementService extends PluggableService {
+
+    //public static final Provider CiscoVnmc = new Provider("CiscoVnmc", true);
+
+    public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd);
+
+    public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
+            CiscoVnmcController CiscoVnmcResourceVO);
+
+    boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd);
+
+    List<CiscoVnmcControllerVO> listCiscoVnmcResources(ListCiscoVnmcResourcesCmd cmd);
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
new file mode 100644
index 00000000000..91559782304
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -0,0 +1,780 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the 
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.resource;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import com.cloud.agent.IAgentControl;
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.Command;
+import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.ExternalNetworkResourceUsageAnswer;
+import com.cloud.agent.api.ExternalNetworkResourceUsageCommand;
+import com.cloud.agent.api.MaintainAnswer;
+import com.cloud.agent.api.MaintainCommand;
+import com.cloud.agent.api.PingCommand;
+import com.cloud.agent.api.ReadyAnswer;
+import com.cloud.agent.api.ReadyCommand;
+import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.StartupExternalFirewallCommand;
+import com.cloud.agent.api.routing.IpAssocAnswer;
+import com.cloud.agent.api.routing.IpAssocCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
+import com.cloud.agent.api.to.PortForwardingRuleTO;
+import com.cloud.agent.api.to.StaticNatRuleTO;
+import com.cloud.host.Host;
+import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
+import com.cloud.network.rules.FirewallRule.TrafficType;
+import com.cloud.resource.ServerResource;
+import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.Pair;
+import com.cloud.utils.cisco.n1kv.vsm.NetconfHelper;
+import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.OperationType;
+import com.cloud.utils.cisco.n1kv.vsm.VsmCommand.SwitchPortMode;
+import com.cloud.utils.exception.ExecutionException;
+import com.cloud.utils.net.NetUtils;
+
+public class CiscoVnmcResource implements ServerResource {
+
+    private String _name;
+    private String _zoneId;
+    private String _physicalNetworkId;
+    private String _ip;
+    private String _username;
+    private String _password;
+    private String _guid;
+    private Integer _numRetries;
+
+    private CiscoVnmcConnectionImpl _connection;
+
+    public void setConnection(CiscoVnmcConnectionImpl connection) {
+        this._connection = connection;
+    }
+
+    private final Logger s_logger = Logger.getLogger(CiscoVnmcResource.class);
+
+    public Answer executeRequest(Command cmd) {
+        if (cmd instanceof ReadyCommand) {
+            return execute((ReadyCommand) cmd);
+        } else if (cmd instanceof MaintainCommand) {
+            return execute((MaintainCommand) cmd);
+        } else if (cmd instanceof IpAssocCommand) {
+            return execute((IpAssocCommand) cmd);
+        } else if (cmd instanceof SetSourceNatCommand) {
+            return execute((SetSourceNatCommand) cmd);
+        } else if (cmd instanceof SetFirewallRulesCommand) {
+            return execute((SetFirewallRulesCommand) cmd);
+        } else if (cmd instanceof SetStaticNatRulesCommand) {
+            return execute((SetStaticNatRulesCommand) cmd);
+        } else if (cmd instanceof SetPortForwardingRulesCommand) {
+            return execute((SetPortForwardingRulesCommand) cmd);
+        } else if (cmd instanceof ExternalNetworkResourceUsageCommand) {
+            return execute((ExternalNetworkResourceUsageCommand) cmd);
+        } else if (cmd instanceof CreateLogicalEdgeFirewallCommand) {
+            return execute((CreateLogicalEdgeFirewallCommand)cmd);
+        } else if (cmd instanceof CleanupLogicalEdgeFirewallCommand) {
+            return execute((CleanupLogicalEdgeFirewallCommand)cmd);
+        } else if (cmd instanceof ConfigureNexusVsmForAsaCommand) {
+            return execute((ConfigureNexusVsmForAsaCommand)cmd);
+        } else if (cmd instanceof AssociateAsaWithLogicalEdgeFirewallCommand) {
+            return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd);
+        } else {
+            return Answer.createUnsupportedCommandAnswer(cmd);
+        }
+    }
+
+    public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+        try {
+            _name = (String) params.get("name");
+            if (_name == null) {
+                throw new ConfigurationException("Unable to find name");
+            }
+
+            _zoneId = (String) params.get("zoneId");
+            if (_zoneId == null) {
+                throw new ConfigurationException("Unable to find zone");
+            }
+
+            _physicalNetworkId = (String) params.get("physicalNetworkId");
+            if (_physicalNetworkId == null) {
+                throw new ConfigurationException("Unable to find physical network id in the configuration parameters");
+            }
+
+            _ip = (String) params.get("ip");
+            if (_ip == null) {
+                throw new ConfigurationException("Unable to find IP");
+            }
+
+            _username = (String) params.get("username");
+            if (_username == null) {
+                throw new ConfigurationException("Unable to find username");
+            }
+
+            _password = (String) params.get("password");
+            if (_password == null) {
+                throw new ConfigurationException("Unable to find password");
+            }
+
+            _guid = (String)params.get("guid");
+            if (_guid == null) {
+                throw new ConfigurationException("Unable to find the guid");
+            }
+
+            _numRetries = NumbersUtil.parseInt((String) params.get("numretries"), 1);
+
+            NumbersUtil.parseInt((String) params.get("timeout"), 300);
+
+            // Open a socket and login
+            _connection = new CiscoVnmcConnectionImpl(_ip, _username, _password);
+            //if (!refreshVnmcConnection()) {
+            //    throw new ConfigurationException("Unable to open a connection to the VNMC.");
+            //}
+
+            return true;
+        } catch (Exception e) {
+            throw new ConfigurationException(e.getMessage());
+        }
+
+    }
+
+    public StartupCommand[] initialize() {
+        StartupExternalFirewallCommand cmd = new StartupExternalFirewallCommand();
+        cmd.setName(_name);
+        cmd.setDataCenter(_zoneId);
+        cmd.setPod("");
+        cmd.setPrivateIpAddress(_ip);
+        cmd.setStorageIpAddress("");
+        cmd.setVersion("");
+        cmd.setGuid(_guid);
+        return new StartupCommand[] { cmd };
+    }
+
+    public Host.Type getType() {
+        return Host.Type.ExternalFirewall;
+    }
+
+    @Override
+    public String getName() {
+        return _name;
+    }
+
+    @Override
+    public boolean start() {
+        return true;
+    }
+
+    @Override
+    public boolean stop() {
+        return true;
+    }
+
+    @Override
+    public PingCommand getCurrentStatus(final long id) {
+        if (!refreshVnmcConnection()) {
+            return null;
+        }
+        return new PingCommand(Host.Type.ExternalFirewall, id);
+    }
+
+    @Override
+    public void disconnected() {
+    }
+
+    public IAgentControl getAgentControl() {
+        return null;
+    }
+
+    public void setAgentControl(IAgentControl agentControl) {
+        return;
+    }
+
+    private Answer execute(ReadyCommand cmd) {
+        return new ReadyAnswer(cmd);
+    }
+
+    private Answer execute(MaintainCommand cmd) {
+        return new MaintainAnswer(cmd);
+    }
+
+    private ExternalNetworkResourceUsageAnswer execute(ExternalNetworkResourceUsageCommand cmd) {
+        return new ExternalNetworkResourceUsageAnswer(cmd);
+    }
+
+    /*
+     * Login
+     */
+    private boolean refreshVnmcConnection() {
+        boolean ret = false;
+        try {
+            ret = _connection.login();
+        } catch (ExecutionException ex) {
+            s_logger.error("Login to Vnmc failed", ex);
+        }
+        return ret;
+    }
+
+    private synchronized Answer execute(IpAssocCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(IpAssocCommand cmd, int numRetries) {
+        String[] results = new String[cmd.getIpAddresses().length];
+        return new IpAssocAnswer(cmd, results);
+    }
+
+    private String[] getIpRangeFromCidr(String cidr) {
+        String[] result = new String[2];
+        String[] cidrData = cidr.split("\\/");
+        assert (cidrData.length == 2) : "Something is wrong with source cidr " + cidr;
+        long size = Long.valueOf(cidrData[1]);
+        result[0] = cidrData[0];
+        result[1] = cidrData[0];
+        if (size < 32) {
+            result[0] = NetUtils.getIpRangeStartIpFromCidr(cidrData[0], size);
+            result[1] = NetUtils.getIpRangeEndIpFromCidr(cidrData[0], size);
+        }
+        return result;
+    }
+
+    /*
+     * Source NAT
+     */
+    private synchronized Answer execute(SetSourceNatCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetSourceNatCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+        String policyIdentifier = cmd.getIpAddress().getPublicIp().replace('.', '-');
+        try {
+            if (!_connection.createTenantVDCNatPolicySet(tenant)) {
+                throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCSourceNatPolicy(tenant, policyIdentifier)) {
+                throw new Exception("Failed to create source NAT policy in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCSourceNatPolicyRef(tenant, policyIdentifier)) {
+                throw new Exception("Failed to associate source NAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCSourceNatIpPool(tenant, policyIdentifier, cmd.getIpAddress().getPublicIp())) {
+                throw new Exception("Failed to create source NAT ip pool in VNMC for guest network with vlan " + vlanId);
+            }
+
+            String[] ipRange = getIpRangeFromCidr(cmd.getContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR));
+            if (!_connection.createTenantVDCSourceNatRule(tenant, policyIdentifier, ipRange[0], ipRange[1])) {
+                throw new Exception("Failed to create source NAT rule in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.associateNatPolicySet(tenant)) {
+                throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Firewall rule
+     */
+    private synchronized Answer execute(SetFirewallRulesCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+
+        FirewallRuleTO[] rules = cmd.getRules();
+        Map<String, List<FirewallRuleTO>> publicIpRulesMap = new HashMap<String, List<FirewallRuleTO>>();
+        for (FirewallRuleTO rule : rules) {
+            String publicIp = rule.getSrcIp();
+            if (!publicIpRulesMap.containsKey(publicIp)) {
+                List<FirewallRuleTO> publicIpRulesList = new ArrayList<FirewallRuleTO>();
+                publicIpRulesMap.put(publicIp, publicIpRulesList);
+            }
+            publicIpRulesMap.get(publicIp).add(rule);
+        }
+
+        try {
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+            if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
+                throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            for (String publicIp : publicIpRulesMap.keySet()) {
+                String policyIdentifier = publicIp.replace('.', '-');
+
+                if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
+                    throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
+                    throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
+                    if (rule.revoked()) {
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL rule in VNMC for guest network with vlan " + vlanId);
+                        }
+                    } else {
+                        String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
+                        if (rule.getTrafficType() == TrafficType.Ingress) {
+                            if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+                                if (!_connection.createTenantVDCIngressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
+                                    throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            } else {
+                                if (!_connection.createTenantVDCIngressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], publicIp)) {
+                                    throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            }
+                        } else {
+                            if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+                                if (!_connection.createTenantVDCEgressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(),
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
+                                        externalIpRange[0], externalIpRange[1])) {
+                                    throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            } else {
+                                if (!_connection.createTenantVDCEgressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), publicIp, externalIpRange[0], externalIpRange[1])) {
+                                    throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            if (!_connection.associateAclPolicySet(tenant)) {
+                throw new Exception("Failed to associate ACL policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetFirewallRulesCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Static NAT
+     */
+    private synchronized Answer execute(SetStaticNatRulesCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+
+        StaticNatRuleTO[] rules = cmd.getRules();
+        Map<String, List<StaticNatRuleTO>> publicIpRulesMap = new HashMap<String, List<StaticNatRuleTO>>();
+        for (StaticNatRuleTO rule : rules) {
+            String publicIp = rule.getSrcIp();
+            if (!publicIpRulesMap.containsKey(publicIp)) {
+                List<StaticNatRuleTO> publicIpRulesList = new ArrayList<StaticNatRuleTO>();
+                publicIpRulesMap.put(publicIp, publicIpRulesList);
+            }
+            publicIpRulesMap.get(publicIp).add(rule);
+        }
+
+        try {
+            if (!_connection.createTenantVDCNatPolicySet(tenant)) {
+                throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
+                throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            for (String publicIp : publicIpRulesMap.keySet()) {
+                String policyIdentifier = publicIp.replace('.', '-');
+
+                if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCDNatPolicyRef(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
+                    throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
+                    throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) {
+                    if (rule.revoked()) {
+                        if (!_connection.deleteTenantVDCDNatRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete DNAT rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL ingress rule for DNAT in VNMC for guest network with vlan " + vlanId);
+                        }
+                    } else {
+                        if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
+                            throw new Exception("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCDNatRule(tenant,
+                                Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) {
+                            throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCAclRuleForDNat(tenant,
+                                Long.toString(rule.getId()), policyIdentifier, rule.getDstIp())) {
+                            throw new Exception("Failed to create ACL rule for DNAT in VNMC for guest network with vlan " + vlanId);
+                        }
+                    }
+                }
+            }
+
+            if (!_connection.associateAclPolicySet(tenant)) {
+                throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Destination NAT
+     */
+    private synchronized Answer execute(SetPortForwardingRulesCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetPortForwardingRulesCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+
+        PortForwardingRuleTO[] rules = cmd.getRules();
+        Map<String, List<PortForwardingRuleTO>> publicIpRulesMap = new HashMap<String, List<PortForwardingRuleTO>>();
+        for (PortForwardingRuleTO rule : rules) {
+            String publicIp = rule.getSrcIp();
+            if (!publicIpRulesMap.containsKey(publicIp)) {
+                List<PortForwardingRuleTO> publicIpRulesList = new ArrayList<PortForwardingRuleTO>();
+                publicIpRulesMap.put(publicIp, publicIpRulesList);
+            }
+            publicIpRulesMap.get(publicIp).add(rule);
+        }
+
+        try {
+            if (!_connection.createTenantVDCNatPolicySet(tenant)) {
+                throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, true)) {
+                throw new Exception("Failed to create ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            if (!_connection.createTenantVDCAclPolicySet(tenant, false)) {
+                throw new Exception("Failed to create ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+            }
+
+            for (String publicIp : publicIpRulesMap.keySet()) {
+                String policyIdentifier = publicIp.replace('.', '-');
+
+                if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create PF policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCPFPolicyRef(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                if (!_connection.createTenantVDCAclPolicy(tenant, policyIdentifier)) {
+                    throw new Exception("Failed to create ACL policy in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, true)) {
+                    throw new Exception("Failed to associate ACL policy with ACL ingress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+                if (!_connection.createTenantVDCAclPolicyRef(tenant, policyIdentifier, false)) {
+                    throw new Exception("Failed to associate ACL policy with ACL egress policy set in VNMC for guest network with vlan " + vlanId);
+                }
+
+                for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) {
+                    if (rule.revoked()) {
+                        if (!_connection.deleteTenantVDCPFRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete PF rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
+                            throw new Exception("Failed to delete ACL ingress rule for PF in VNMC for guest network with vlan " + vlanId);
+                        }
+                    } else {
+                        if (!_connection.createTenantVDCPFIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) {
+                            throw new Exception("Failed to create PF ip pool in VNMC for guest network with vlan " + vlanId);
+                        }
+                        if (!_connection.createTenantVDCPFPortPool(tenant, policyIdentifier + "-" + rule.getId(),
+                                Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
+                            throw new Exception("Failed to create PF port pool in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCPFRule(tenant,
+                                Long.toString(rule.getId()), policyIdentifier,
+                                rule.getProtocol().toUpperCase(), rule.getSrcIp(),
+                                Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) {
+                            throw new Exception("Failed to create PF rule in VNMC for guest network with vlan " + vlanId);
+                        }
+
+                        if (!_connection.createTenantVDCAclRuleForPF(tenant,
+                                Long.toString(rule.getId()), policyIdentifier,
+                                rule.getProtocol().toUpperCase(), rule.getDstIp(),
+                                Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) {
+                            throw new Exception("Failed to create ACL rule for PF in VNMC for guest network with vlan " + vlanId);
+                        }
+                    }
+                }
+            }
+
+            if (!_connection.associateAclPolicySet(tenant)) {
+                throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId);
+            }
+        } catch (Throwable e) {
+            String msg = "SetSourceNatCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Logical edge firewall
+     */
+    private synchronized Answer execute(CreateLogicalEdgeFirewallCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private void createEdgeDeviceProfile(String tenant, List<String> gateways, Long vlanId) throws Exception {
+        // create edge device profile
+        if (!_connection.createTenantVDCEdgeDeviceProfile(tenant))
+            throw new Exception("Failed to create tenant edge device profile in VNMC for guest network with vlan " + vlanId);
+
+        // create edge static route policy
+        if (!_connection.createTenantVDCEdgeStaticRoutePolicy(tenant))
+            throw new Exception("Failed to create tenant edge static route policy in VNMC for guest network with vlan " + vlanId);
+
+        // create edge static route for all gateways
+        for (String gateway : gateways) {
+            if (!_connection.createTenantVDCEdgeStaticRoute(tenant, gateway, "0.0.0.0", "0.0.0.0"))
+                throw new Exception("Failed to create tenant edge static route in VNMC for guest network with vlan " + vlanId);
+        }
+
+        // associate edge 
+        if (!_connection.associateTenantVDCEdgeStaticRoutePolicy(tenant))
+            throw new Exception("Failed to associate edge static route policy with edge device profile in VNMC for guest network with vlan " + vlanId);
+    }
+
+    private Answer execute(CreateLogicalEdgeFirewallCommand cmd, int numRetries) {
+        String tenant = "vlan-" + cmd.getVlanId();
+        try {
+            // create tenant
+            if (!_connection.createTenant(tenant))
+                throw new Exception("Failed to create tenant in VNMC for guest network with vlan " + cmd.getVlanId());
+
+            // create tenant VDC
+            if (!_connection.createTenantVDC(tenant))
+                throw new Exception("Failed to create tenant VDC in VNMC for guest network with vlan " + cmd.getVlanId());
+
+            // create edge security profile
+            if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
+                throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());
+
+            // create edge device profile and associated route
+            createEdgeDeviceProfile(tenant, cmd.getPublicGateways(), cmd.getVlanId());
+
+            // create logical edge firewall
+            if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(), cmd.getPublicSubnet(), cmd.getInternalSubnet()))
+                throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
+        } catch (Throwable e) {
+            String msg = "CreateLogicalEdgeFirewallCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Create vservice node and update inside port profile for ASA appliance in VSM
+     */
+    private synchronized Answer execute(ConfigureNexusVsmForAsaCommand cmd) {
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(ConfigureNexusVsmForAsaCommand cmd, int numRetries) {
+        String vlanId = Long.toString(cmd.getVlanId());
+        NetconfHelper helper = null;
+        List<Pair<OperationType, String>> params = new ArrayList<Pair<OperationType, String>>();
+        params.add(new Pair<OperationType, String>(OperationType.addvlanid, vlanId));
+        try {
+            helper = new NetconfHelper(cmd.getVsmIp(), cmd.getVsmUsername(), cmd.getVsmPassword());
+            s_logger.debug("Connected to Cisco VSM " + cmd.getVsmIp());
+            helper.addVServiceNode(vlanId, cmd.getIpAddress());
+            s_logger.debug("Created vservice node for ASA appliance in Cisco VSM for vlan " + vlanId);
+            helper.updatePortProfile(cmd.getAsaInPortProfile(), SwitchPortMode.access, params);
+            s_logger.debug("Updated inside port profile for ASA appliance in Cisco VSM with new vlan " + vlanId);
+        } catch (Throwable e) {
+            String msg = "ConfigureVSMForASACommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        } finally {
+            helper.disconnect();
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Associates ASA 1000v with logical edge firewall in VNMC
+     */
+    private synchronized Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd) {
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(AssociateAsaWithLogicalEdgeFirewallCommand cmd, int numRetries) {
+        String tenant = "vlan-" + cmd.getVlanId();
+        try {
+            Map<String, String> availableAsaAppliances = _connection.listUnAssocAsa1000v();
+            if (availableAsaAppliances.isEmpty()) {
+                throw new Exception("No ASA 1000v available to associate with logical edge firewall for guest vlan " + cmd.getVlanId());
+            }
+
+            String asaInstanceDn = availableAsaAppliances.get(cmd.getAsaMgmtIp());
+            if (asaInstanceDn == null) {
+                throw new Exception("Requested ASA 1000v (" + cmd.getAsaMgmtIp() + ") is not available");
+            }
+
+            if (!_connection.assignAsa1000v(tenant, asaInstanceDn)) {
+                throw new Exception("Failed to associate ASA 1000v (" + cmd.getAsaMgmtIp() + ") with logical edge firewall for guest vlan " + cmd.getVlanId());
+            }
+        } catch (Throwable e) {
+            String msg = "AssociateAsaWithLogicalEdgeFirewallCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    /*
+     * Cleanup
+     */
+    private synchronized Answer execute(CleanupLogicalEdgeFirewallCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(CleanupLogicalEdgeFirewallCommand cmd, int numRetries) {
+        String tenant = "vlan-" + cmd.getVlanId();
+        try {
+            _connection.deleteTenant(tenant);
+        } catch (Throwable e) {
+            String msg = "CleanupLogicalEdgeFirewallCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd, true, "Success");
+    }
+
+    @Override
+    public void setName(String name) {
+        // TODO Auto-generated method stub
+    }
+
+    @Override
+    public void setConfigParams(Map<String, Object> params) {
+        // TODO Auto-generated method stub
+    }
+
+    @Override
+    public Map<String, Object> getConfigParams() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public int getRunLevel() {
+        // TODO Auto-generated method stub
+        return 0;
+    }
+
+    @Override
+    public void setRunLevel(int level) {
+        // TODO Auto-generated method stub
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
new file mode 100644
index 00000000000..52f0ea66f50
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java
@@ -0,0 +1,232 @@
+/*
+ * $HeadURL$
+ * $Revision$
+ * $Date$
+ * 
+ * ====================================================================
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.UnknownHostException;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.HttpClientError;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * <p>
+ * EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s 
+ * that accept self-signed certificates. 
+ * </p>
+ * <p>
+ * This socket factory SHOULD NOT be used for productive systems 
+ * due to security reasons, unless it is a concious decision and 
+ * you are perfectly aware of security implications of accepting 
+ * self-signed certificates
+ * </p>
+ *
+ * <p>
+ * Example of using custom protocol socket factory for a specific host:
+ *     <pre>
+ *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ *
+ *     URI uri = new URI("https://localhost/", true);
+ *     // use relative url only
+ *     GetMethod httpget = new GetMethod(uri.getPathQuery());
+ *     HostConfiguration hc = new HostConfiguration();
+ *     hc.setHost(uri.getHost(), uri.getPort(), easyhttps);
+ *     HttpClient client = new HttpClient();
+ *     client.executeMethod(hc, httpget);
+ *     </pre>
+ * </p>
+ * <p>
+ * Example of using custom protocol socket factory per default instead of the standard one:
+ *     <pre>
+ *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
+ *     Protocol.registerProtocol("https", easyhttps);
+ *
+ *     HttpClient client = new HttpClient();
+ *     GetMethod httpget = new GetMethod("https://localhost/");
+ *     client.executeMethod(httpget);
+ *     </pre>
+ * </p>
+ * 
+ * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
+ * 
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+    /** Log object for this class. */
+    private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);
+
+    private SSLContext sslcontext = null;
+
+    /**
+     * Constructor for EasySSLProtocolSocketFactory.
+     */
+    public EasySSLProtocolSocketFactory() {
+        super();
+    }
+
+    private static SSLContext createEasySSLContext() {
+        try {
+            SSLContext context = SSLContext.getInstance("SSL");
+            context.init(
+              null, 
+              new TrustManager[] {new EasyX509TrustManager(null)}, 
+              null);
+            return context;
+        } catch (Exception e) {
+            LOG.error(e.getMessage(), e);
+            throw new HttpClientError(e.toString());
+        }
+    }
+
+    private SSLContext getSSLContext() {
+        if (this.sslcontext == null) {
+            this.sslcontext = createEasySSLContext();
+        }
+        return this.sslcontext;
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+     */
+    public Socket createSocket(
+        String host,
+        int port,
+        InetAddress clientHost,
+        int clientPort)
+        throws IOException, UnknownHostException {
+
+        return getSSLContext().getSocketFactory().createSocket(
+            host,
+            port,
+            clientHost,
+            clientPort
+        );
+    }
+
+    /**
+     * Attempts to get a new socket connection to the given host within the given time limit.
+     * <p>
+     * To circumvent the limitations of older JREs that do not support connect timeout a 
+     * controller thread is executed. The controller thread attempts to create a new socket 
+     * within the given limit of time. If socket constructor does not return until the 
+     * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
+     * </p>
+     *  
+     * @param host the host name/IP
+     * @param port the port on the host
+     * @param clientHost the local host name/IP to bind the socket to
+     * @param clientPort the port on the local machine
+     * @param params {@link HttpConnectionParams Http connection parameters}
+     * 
+     * @return Socket a new socket
+     * 
+     * @throws IOException if an I/O error occurs while creating the socket
+     * @throws UnknownHostException if the IP address of the host cannot be
+     * determined
+     */
+    public Socket createSocket(
+        final String host,
+        final int port,
+        final InetAddress localAddress,
+        final int localPort,
+        final HttpConnectionParams params
+    ) throws IOException, UnknownHostException, ConnectTimeoutException {
+        if (params == null) {
+            throw new IllegalArgumentException("Parameters may not be null");
+        }
+        int timeout = params.getConnectionTimeout();
+        SocketFactory socketfactory = getSSLContext().getSocketFactory();
+        if (timeout == 0) {
+            return socketfactory.createSocket(host, port, localAddress, localPort);
+        } else {
+            Socket socket = socketfactory.createSocket();
+            SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
+            SocketAddress remoteaddr = new InetSocketAddress(host, port);
+            socket.bind(localaddr);
+            socket.connect(remoteaddr, timeout);
+            return socket;
+        }
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+     */
+    public Socket createSocket(String host, int port)
+        throws IOException, UnknownHostException {
+        return getSSLContext().getSocketFactory().createSocket(
+            host,
+            port
+        );
+    }
+
+    /**
+     * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+     */
+    public Socket createSocket(
+        Socket socket,
+        String host,
+        int port,
+        boolean autoClose)
+        throws IOException, UnknownHostException {
+        return getSSLContext().getSocketFactory().createSocket(
+            socket,
+            host,
+            port,
+            autoClose
+        );
+    }
+
+    public boolean equals(Object obj) {
+        return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
+    }
+
+    public int hashCode() {
+        return EasySSLProtocolSocketFactory.class.hashCode();
+    }
+
+}
diff --git a/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java
new file mode 100644
index 00000000000..ae9f9380b31
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/src/org/apache/commons/httpclient/contrib/ssl/EasyX509TrustManager.java
@@ -0,0 +1,114 @@
+/*
+ * ====================================================================
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient.contrib.ssl;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import org.apache.commons.logging.Log; 
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * <p>
+ * EasyX509TrustManager unlike default {@link X509TrustManager} accepts 
+ * self-signed certificates. 
+ * </p>
+ * <p>
+ * This trust manager SHOULD NOT be used for productive systems 
+ * due to security reasons, unless it is a concious decision and 
+ * you are perfectly aware of security implications of accepting 
+ * self-signed certificates
+ * </p>
+ * 
+ * @author <a href="mailto:adrian.sutton@ephox.com">Adrian Sutton</a>
+ * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
+ * 
+ * <p>
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ * </p>
+ */
+
+public class EasyX509TrustManager implements X509TrustManager
+{
+    private X509TrustManager standardTrustManager = null;
+
+    /** Log object for this class. */
+    private static final Log LOG = LogFactory.getLog(EasyX509TrustManager.class);
+
+    /**
+     * Constructor for EasyX509TrustManager.
+     */
+    public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
+        super();
+        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        factory.init(keystore);
+        TrustManager[] trustmanagers = factory.getTrustManagers();
+        if (trustmanagers.length == 0) {
+            throw new NoSuchAlgorithmException("no trust manager found");
+        }
+        this.standardTrustManager = (X509TrustManager)trustmanagers[0];
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
+     */
+    public void checkClientTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
+        standardTrustManager.checkClientTrusted(certificates,authType);
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
+     */
+    public void checkServerTrusted(X509Certificate[] certificates,String authType) throws CertificateException {
+        if ((certificates != null) && LOG.isDebugEnabled()) {
+            LOG.debug("Server certificate chain:");
+            for (int i = 0; i < certificates.length; i++) {
+                LOG.debug("X509Certificate[" + i + "]=" + certificates[i]);
+            }
+        }
+        if ((certificates != null) && (certificates.length == 1)) {
+            certificates[0].checkValidity();
+        } else {
+            standardTrustManager.checkServerTrusted(certificates,authType);
+        }
+    }
+
+    /**
+     * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
+     */
+    public X509Certificate[] getAcceptedIssuers() {
+        return this.standardTrustManager.getAcceptedIssuers();
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
new file mode 100644
index 00000000000..bf52356779e
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
@@ -0,0 +1,248 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the 
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.cisco;
+
+import static org.junit.Assert.assertTrue;
+
+import java.util.Map;
+
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
+import com.cloud.utils.exception.ExecutionException;
+
+
+@Ignore("Requires actual VNMC to connect to")
+public class CiscoVnmcConnectionTest {
+    static CiscoVnmcConnectionImpl connection;
+    static String tenantName = "TenantE";
+    static Map<String, String> fwDns = null;
+
+    @BeforeClass
+    public static void setUpClass() throws Exception {
+        connection = new CiscoVnmcConnectionImpl("10.223.56.5", "admin", "C1sco123");
+        try {
+            boolean response = connection.login();
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    
+    @Test
+    public void testLogin() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.login();
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    
+    @Test
+    public void testCreateTenant() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenant(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDC() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenantVDC(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceProfile() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenantVDCEdgeDeviceProfile(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
+        try {
+            boolean response = connection.createTenantVDCEdgeStaticRoutePolicy(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceRoute() {
+        try {
+            boolean response = connection.createTenantVDCEdgeStaticRoute(tenantName,
+                    "10.223.136.1", "0.0.0.0", "0.0.0.0");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateRoutePolicyWithEdgeProfile() {
+        try {
+            boolean response = connection.associateTenantVDCEdgeStaticRoutePolicy(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateTenantVDCEdgeDhcpPolicy() {
+        try {
+            boolean response = connection.associateTenantVDCEdgeDhcpPolicy(tenantName, "Edge_Inside");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDhcpPolicy() {
+        try {
+            boolean response = connection.createTenantVDCEdgeDhcpPolicy(tenantName,
+                    "10.1.1.2", "10.1.1.254", "255.255.255.0","4.4.4.4", tenantName+ ".net");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeSecurityProfile() {
+        try {
+            boolean response = connection.createTenantVDCEdgeSecurityProfile(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCSourceNatIpPool() {
+        try {
+            boolean response = connection.createTenantVDCSourceNatIpPool(tenantName, "1", "10.223.136.10");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCSourceNatPolicy() {
+        try {
+            boolean response = connection.createTenantVDCSourceNatPolicy(tenantName, "1");
+            assertTrue(response);
+            response = connection.createTenantVDCSourceNatPolicyRef(tenantName, "1");
+            assertTrue(response);
+            response = connection.createTenantVDCSourceNatRule(tenantName, "1", "10.1.1.2", "10.1.1.254");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCNatPolicySet() {
+        try {
+            boolean response = connection.createTenantVDCNatPolicySet(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateNatPolicySet() {
+        try {
+            boolean response = connection.associateNatPolicySet(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateEdgeFirewall() {
+        try {
+            boolean response = connection.createEdgeFirewall(tenantName,
+                    "44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testListUnassocAsa1000v() {
+        try {
+            Map<String, String> response = connection.listUnAssocAsa1000v();
+            assertTrue(response.size() >=0);
+            fwDns = response;
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void assocAsa1000v() {
+        try {
+            boolean result = connection.assignAsa1000v(tenantName, fwDns.get(0));
+            assertTrue(result);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java
new file mode 100755
index 00000000000..a16733b5135
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/element/CiscoVnmcElementTest.java
@@ -0,0 +1,401 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.element;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.naming.ConfigurationException;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.internal.matchers.Any;
+
+import com.cloud.agent.AgentManager;
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.AssociateAsaWithLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.CleanupLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.ConfigureNexusVsmForAsaCommand;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.configuration.ConfigurationManager;
+import com.cloud.dc.ClusterVSMMapVO;
+import com.cloud.dc.DataCenter;
+import com.cloud.dc.VlanVO;
+import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.dao.ClusterVSMMapDao;
+import com.cloud.dc.dao.VlanDao;
+import com.cloud.deploy.DeployDestination;
+import com.cloud.domain.Domain;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.host.HostVO;
+import com.cloud.host.dao.HostDao;
+import com.cloud.network.Network;
+import com.cloud.network.Network.GuestType;
+import com.cloud.network.Network.Provider;
+import com.cloud.network.Network.Service;
+import com.cloud.network.CiscoNexusVSMDeviceVO;
+import com.cloud.network.IpAddress;
+import com.cloud.network.NetworkManager;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.Networks.BroadcastDomainType;
+import com.cloud.network.Networks.TrafficType;
+import com.cloud.network.addr.PublicIp;
+import com.cloud.network.cisco.CiscoAsa1000vDeviceVO;
+import com.cloud.network.cisco.CiscoVnmcControllerVO;
+import com.cloud.network.cisco.NetworkAsa1000vMapVO;
+import com.cloud.network.dao.CiscoAsa1000vDao;
+import com.cloud.network.dao.CiscoNexusVSMDeviceDao;
+import com.cloud.network.dao.CiscoVnmcDao;
+import com.cloud.network.dao.NetworkAsa1000vMapDao;
+import com.cloud.network.dao.NetworkServiceMapDao;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.rules.StaticNat;
+import com.cloud.network.rules.StaticNatRule;
+import com.cloud.offering.NetworkOffering;
+import com.cloud.resource.ResourceManager;
+import com.cloud.user.Account;
+import com.cloud.utils.net.Ip;
+import com.cloud.vm.ReservationContext;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
+
+public class CiscoVnmcElementTest {
+
+    CiscoVnmcElement _element = new CiscoVnmcElement();
+    AgentManager _agentMgr = mock(AgentManager.class);
+    NetworkManager _networkMgr = mock(NetworkManager.class);
+    NetworkModel _networkModel = mock(NetworkModel.class);
+    HostDao _hostDao = mock(HostDao.class);
+    NetworkServiceMapDao _ntwkSrvcDao = mock(NetworkServiceMapDao.class);
+    ConfigurationManager _configMgr = mock(ConfigurationManager.class);
+    CiscoVnmcDao _ciscoVnmcDao = mock(CiscoVnmcDao.class);
+    CiscoAsa1000vDao _ciscoAsa1000vDao = mock(CiscoAsa1000vDao.class);
+    NetworkAsa1000vMapDao _networkAsa1000vMapDao = mock(NetworkAsa1000vMapDao.class);
+    ClusterVSMMapDao _clusterVsmMapDao = mock(ClusterVSMMapDao.class);
+    CiscoNexusVSMDeviceDao _vsmDeviceDao = mock(CiscoNexusVSMDeviceDao.class);
+    VlanDao _vlanDao = mock(VlanDao.class);
+
+    @Before
+    public void setUp() throws ConfigurationException {
+        _element._resourceMgr = mock(ResourceManager.class);
+        _element._agentMgr = _agentMgr;
+        _element._networkMgr = _networkMgr;
+        _element._networkModel = _networkModel;
+        _element._hostDao = _hostDao;
+        _element._configMgr = _configMgr;
+        _element._ciscoVnmcDao = _ciscoVnmcDao;
+        _element._ciscoAsa1000vDao = _ciscoAsa1000vDao;
+        _element._networkAsa1000vMapDao = _networkAsa1000vMapDao;
+        _element._clusterVsmMapDao = _clusterVsmMapDao;
+        _element._vsmDeviceDao = _vsmDeviceDao;
+        _element._vlanDao = _vlanDao;
+
+        // Standard responses
+        when(_networkModel.isProviderForNetwork(Provider.CiscoVnmc, 1L)).thenReturn(true);
+
+        _element.configure("CiscoVnmcTestElement", Collections.<String, Object> emptyMap());
+    }
+
+    @Test
+    public void canHandleTest() {
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        assertTrue(_element.canHandle(network));
+
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.UnDecided);
+        assertFalse(_element.canHandle(network));
+    }
+
+    @Test
+    public void implementTest() throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getGateway()).thenReturn("1.1.1.1");
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+
+        NetworkOffering offering = mock(NetworkOffering.class);
+        when(offering.getId()).thenReturn(1L);
+        when(offering.getTrafficType()).thenReturn(TrafficType.Guest);
+        when(offering.getGuestType()).thenReturn(GuestType.Isolated);
+
+        DeployDestination dest = mock(DeployDestination.class);
+
+        Domain dom = mock(Domain.class);
+        when(dom.getName()).thenReturn("d1");
+        Account acc = mock(Account.class);
+        when(acc.getAccountName()).thenReturn("a1");
+        ReservationContext context = mock(ReservationContext.class);
+        when(context.getDomain()).thenReturn(dom);
+        when(context.getAccount()).thenReturn(acc);
+
+        DataCenter dc = mock(DataCenter.class);
+        when(dc.getNetworkType()).thenReturn(NetworkType.Advanced);
+        when(_configMgr.getZone(network.getDataCenterId())).thenReturn(dc);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        CiscoAsa1000vDeviceVO asaVO = mock(CiscoAsa1000vDeviceVO.class);
+        when(asaVO.getInPortProfile()).thenReturn("foo");
+        when(asaVO.getManagementIp()).thenReturn("1.2.3.4");
+
+        List<CiscoAsa1000vDeviceVO> asaList = new ArrayList<CiscoAsa1000vDeviceVO>();
+        asaList.add(asaVO);
+        when(_ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(asaList);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+        when(_networkAsa1000vMapDao.findByAsa1000vId(anyLong())).thenReturn(null);
+        when(_networkAsa1000vMapDao.persist(any(NetworkAsa1000vMapVO.class))).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)).thenReturn(true);
+
+        ClusterVSMMapVO clusterVsmMap = mock(ClusterVSMMapVO.class);
+        when(_clusterVsmMapDao.findByClusterId(anyLong())).thenReturn(clusterVsmMap);
+
+        CiscoNexusVSMDeviceVO vsmDevice = mock(CiscoNexusVSMDeviceVO.class);
+        when(vsmDevice.getUserName()).thenReturn("foo");
+        when(vsmDevice.getPassword()).thenReturn("bar");
+        when(vsmDevice.getipaddr()).thenReturn("1.2.3.4");
+        when(_vsmDeviceDao.findById(anyLong())).thenReturn(vsmDevice);
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        PublicIp publicIp = mock(PublicIp.class);
+        when(publicIp.getAddress()).thenReturn(ip);
+        when(publicIp.getState()).thenReturn(IpAddress.State.Releasing);
+        when(publicIp.getAccountId()).thenReturn(1L);
+        when(publicIp.isSourceNat()).thenReturn(true);
+        when(publicIp.getVlanTag()).thenReturn("123");
+        when(publicIp.getGateway()).thenReturn("1.1.1.1");
+        when(publicIp.getNetmask()).thenReturn("1.1.1.1");
+        when(publicIp.getMacAddress()).thenReturn(null);
+        when(publicIp.isOneToOneNat()).thenReturn(true);
+        when(_networkMgr.assignSourceNatIpAddressToGuestNetwork(acc, network)).thenReturn(publicIp);
+
+        VlanVO vlanVO = mock(VlanVO.class);
+        when(vlanVO.getVlanGateway()).thenReturn("1.1.1.1");
+        List<VlanVO> vlanVOList = new ArrayList<VlanVO>();
+        when(_vlanDao.listVlansByPhysicalNetworkId(network.getPhysicalNetworkId())).thenReturn(vlanVOList);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(CreateLogicalEdgeFirewallCommand.class))).thenReturn(answer);
+        when(_agentMgr.easySend(anyLong(), any(ConfigureNexusVsmForAsaCommand.class))).thenReturn(answer);
+        when(_agentMgr.easySend(anyLong(), any(SetSourceNatCommand.class))).thenReturn(answer);
+        when(_agentMgr.easySend(anyLong(), any(AssociateAsaWithLogicalEdgeFirewallCommand.class))).thenReturn(answer);
+        
+        assertTrue(_element.implement(network, offering, dest, context));
+    }
+
+    @Test
+    public void shutdownTest() throws ConcurrentOperationException, ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+
+        ReservationContext context = mock(ReservationContext.class);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(CleanupLogicalEdgeFirewallCommand.class))).thenReturn(answer);
+
+    	assertTrue(_element.shutdown(network, context, true));
+    }
+
+    @Test
+    public void applyFWRulesTest() throws ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+        when(network.getState()).thenReturn(Network.State.Implemented);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        IpAddress ipAddress = mock(IpAddress.class);
+        when(ipAddress.getAddress()).thenReturn(ip);
+
+        when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)).thenReturn(true);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        FirewallRule rule = mock(FirewallRule.class);
+        when(rule.getSourceIpAddressId()).thenReturn(1L);
+        List<FirewallRule> rules = new ArrayList<FirewallRule>();
+        rules.add(rule);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(SetFirewallRulesCommand.class))).thenReturn(answer);
+
+        assertTrue(_element.applyFWRules(network, rules));
+    }
+
+    @Test
+    public void applyPRulesTest() throws ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+        when(network.getState()).thenReturn(Network.State.Implemented);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        IpAddress ipAddress = mock(IpAddress.class);
+        when(ipAddress.getAddress()).thenReturn(ip);
+        when(ipAddress.getVlanId()).thenReturn(1L);
+
+        when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)).thenReturn(true);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        VlanVO vlanVO = mock(VlanVO.class);
+        when(vlanVO.getVlanTag()).thenReturn(null);
+        when(_vlanDao.findById(anyLong())).thenReturn(vlanVO);
+
+        PortForwardingRule rule = mock(PortForwardingRule.class);
+        when(rule.getSourceIpAddressId()).thenReturn(1L);
+        when(rule.getDestinationIpAddress()).thenReturn(ip);
+        List<PortForwardingRule> rules = new ArrayList<PortForwardingRule>();
+        rules.add(rule);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(SetPortForwardingRulesCommand.class))).thenReturn(answer);
+
+        assertTrue(_element.applyPFRules(network, rules));
+    }
+
+    @Test
+    public void applyStaticNatsTest() throws ResourceUnavailableException {
+    	URI uri = URI.create("vlan://123");
+
+        Network network = mock(Network.class);
+        when(network.getId()).thenReturn(1L);
+        when(network.getBroadcastDomainType()).thenReturn(BroadcastDomainType.Vlan);
+        when(network.getDataCenterId()).thenReturn(1L);
+        when(network.getBroadcastUri()).thenReturn(uri);
+        when(network.getCidr()).thenReturn("1.1.1.0/24");
+        when(network.getState()).thenReturn(Network.State.Implemented);
+
+        Ip ip = mock(Ip.class);
+        when(ip.addr()).thenReturn("1.2.3.4");
+
+        IpAddress ipAddress = mock(IpAddress.class);
+        when(ipAddress.getAddress()).thenReturn(ip);
+        when(ipAddress.getVlanId()).thenReturn(1L);
+
+        when(_networkModel.getIp(anyLong())).thenReturn(ipAddress);
+        when(_networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, Provider.CiscoVnmc)).thenReturn(true);
+
+        List<CiscoVnmcControllerVO> devices = new ArrayList<CiscoVnmcControllerVO>();
+        devices.add(mock(CiscoVnmcControllerVO.class));
+        when(_ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId())).thenReturn(devices);
+
+        when(_networkAsa1000vMapDao.findByNetworkId(network.getId())).thenReturn(mock(NetworkAsa1000vMapVO.class));
+
+        HostVO hostVO = mock(HostVO.class);
+        when(hostVO.getId()).thenReturn(1L);
+        when(_hostDao.findById(anyLong())).thenReturn(hostVO);
+
+        VlanVO vlanVO = mock(VlanVO.class);
+        when(vlanVO.getVlanTag()).thenReturn(null);
+        when(_vlanDao.findById(anyLong())).thenReturn(vlanVO);
+
+        StaticNat rule = mock(StaticNat.class);
+        when(rule.getSourceIpAddressId()).thenReturn(1L);
+        when(rule.getDestIpAddress()).thenReturn("1.2.3.4");
+        when(rule.isForRevoke()).thenReturn(false);
+        List<StaticNat> rules = new ArrayList<StaticNat>();
+        rules.add(rule);
+
+        Answer answer = mock(Answer.class);
+        when(answer.getResult()).thenReturn(true);
+
+        when(_agentMgr.easySend(anyLong(), any(SetStaticNatRulesCommand.class))).thenReturn(answer);
+
+        assertTrue(_element.applyStaticNats(network, rules));
+    }
+}
diff --git a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
new file mode 100755
index 00000000000..e814fdcd4d5
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/resource/CiscoVnmcResourceTest.java
@@ -0,0 +1,285 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.resource;
+
+import static org.junit.Assert.*;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.*;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.naming.ConfigurationException;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.CreateLogicalEdgeFirewallCommand;
+import com.cloud.agent.api.PingCommand;
+import com.cloud.agent.api.StartupCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
+import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
+import com.cloud.agent.api.routing.SetSourceNatCommand;
+import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
+import com.cloud.agent.api.to.IpAddressTO;
+import com.cloud.agent.api.to.PortForwardingRuleTO;
+import com.cloud.agent.api.to.StaticNatRuleTO;
+import com.cloud.dc.Vlan;
+import com.cloud.host.Host;
+import com.cloud.network.IpAddress;
+import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
+import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.rules.PortForwardingRule;
+import com.cloud.network.rules.StaticNat;
+import com.cloud.network.rules.FirewallRule.Purpose;
+import com.cloud.network.rules.FirewallRule.TrafficType;
+import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.utils.exception.ExecutionException;
+
+public class CiscoVnmcResourceTest {
+    CiscoVnmcConnectionImpl _connection = mock(CiscoVnmcConnectionImpl.class);
+    CiscoVnmcResource _resource;
+    Map<String,Object> _parameters;
+
+    @Before
+    public void setUp() throws ConfigurationException {
+        _resource = new CiscoVnmcResource();
+
+        _parameters = new HashMap<String, Object>();
+        _parameters.put("name", "CiscoVnmc");
+        _parameters.put("zoneId", "1");
+        _parameters.put("physicalNetworkId", "100");
+        _parameters.put("ip", "1.2.3.4");
+        _parameters.put("username", "admin");
+        _parameters.put("password", "pass");
+        _parameters.put("guid", "e8e13097-0a08-4e82-b0af-1101589ec3b8");
+        _parameters.put("numretries", "3");
+        _parameters.put("timeout", "300");
+    }
+
+    @Test(expected=ConfigurationException.class)
+    public void resourceConfigureFailure() throws ConfigurationException {
+        _resource.configure("CiscoVnmcResource", Collections.<String,Object>emptyMap());
+    }
+
+    @Test
+    public void resourceConfigure() throws ConfigurationException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        assertTrue("CiscoVnmc".equals(_resource.getName()));
+        assertTrue(_resource.getType() == Host.Type.ExternalFirewall);
+    }
+
+    @Test
+    public void testInitialization() throws ConfigurationException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        StartupCommand[] sc = _resource.initialize();
+        assertTrue(sc.length ==1);
+        assertTrue("e8e13097-0a08-4e82-b0af-1101589ec3b8".equals(sc[0].getGuid()));
+        assertTrue("CiscoVnmc".equals(sc[0].getName()));
+        assertTrue("1".equals(sc[0].getDataCenter()));
+    }
+
+    @Test
+    public void testPingCommandStatusOk() throws ConfigurationException, ExecutionException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.login()).thenReturn(true);
+        PingCommand ping = _resource.getCurrentStatus(1);
+        assertTrue(ping != null);
+        assertTrue(ping.getHostId() == 1);
+        assertTrue(ping.getHostType() == Host.Type.ExternalFirewall);
+    }
+
+    @Test
+    public void testPingCommandStatusFail() throws ConfigurationException, ExecutionException {
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.login()).thenReturn(false);
+        PingCommand ping = _resource.getCurrentStatus(1);
+        assertTrue(ping == null);
+    }
+
+    @Test
+    public void testSourceNat() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        IpAddressTO ip = new IpAddressTO(1, "1.2.3.4", true, false,
+                false, null, "1.2.3.1", "255.255.255.0", null, null, false);
+        SetSourceNatCommand cmd = new SetSourceNatCommand(ip, true);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.login()).thenReturn(true);
+        when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatPolicyRef(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatIpPool(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCSourceNatRule(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateNatPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testFirewall() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        List<FirewallRuleTO> rules = new ArrayList<FirewallRuleTO>();
+        List<String> cidrList = new ArrayList<String>();
+        cidrList.add("2.3.2.3/32");
+        FirewallRuleTO active = new FirewallRuleTO(1,
+                null, "1.2.3.4", "tcp", 22, 22, false, false,
+                FirewallRule.Purpose.Firewall, cidrList, null, null);
+        rules.add(active);
+        FirewallRuleTO revoked = new FirewallRuleTO(1,
+                null, "1.2.3.4", "tcp", 22, 22, true, false,
+                FirewallRule.Purpose.Firewall, null, null, null);
+        rules.add(revoked);
+
+        SetFirewallRulesCommand cmd = new SetFirewallRulesCommand(rules);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCIngressAclRule(
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEgressAclRule(
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testStaticNat() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        List<StaticNatRuleTO> rules = new ArrayList<StaticNatRuleTO>();
+        StaticNatRuleTO active = new StaticNatRuleTO(0, "1.2.3.4", null,
+                null, "5.6.7.8", null, null, null, false, false);
+        rules.add(active);
+        StaticNatRuleTO revoked = new StaticNatRuleTO(0, "1.2.3.4", null, 
+                null, "5.6.7.8", null, null, null, true, false);
+        rules.add(revoked);
+
+        SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rules, null);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.createTenantVDCDNatPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCDNatPolicyRef(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.deleteTenantVDCDNatRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCDNatIpPool(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCDNatRule(anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclRuleForDNat(anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testPortForwarding() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        List<PortForwardingRuleTO> rules = new ArrayList<PortForwardingRuleTO>();
+        PortForwardingRuleTO active = new PortForwardingRuleTO(1, "1.2.3.4", 22, 22,
+                "5.6.7.8", 22, 22, "tcp", false, false);
+        rules.add(active);
+        PortForwardingRuleTO revoked = new PortForwardingRuleTO(1, "1.2.3.4", 22, 22,
+                "5.6.7.8", 22, 22, "tcp", false, false);
+        rules.add(revoked);
+
+        SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(rules);
+        cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, Long.toString(vlanId));
+        cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, "1.2.3.4/32");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenantVDCNatPolicySet(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicySet(anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.createTenantVDCPFPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFPolicyRef(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicy(anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclPolicyRef(anyString(), anyString(), anyBoolean())).thenReturn(true);
+        when(_connection.deleteTenantVDCPFRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.deleteTenantVDCAclRule(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFIpPool(anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFPortPool(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCPFRule(anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.createTenantVDCAclRuleForPF(anyString(),
+                anyString(), anyString(), anyString(),
+                anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateAclPolicySet(anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+
+    @Test
+    public void testCreateEdgeFirewall() throws ConfigurationException, Exception {
+        long vlanId = 123;
+        CreateLogicalEdgeFirewallCommand cmd = new CreateLogicalEdgeFirewallCommand(vlanId, "1.2.3.4", "5.6.7.8", "255.255.255.0", "255.255.255.0");
+        cmd.getPublicGateways().add("1.1.1.1");
+        cmd.getPublicGateways().add("2.2.2.2");
+
+        _resource.configure("CiscoVnmcResource", _parameters);
+        _resource.setConnection(_connection);
+        when(_connection.createTenant(anyString())).thenReturn(true);
+        when(_connection.createTenantVDC(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeSecurityProfile(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeDeviceProfile(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeStaticRoutePolicy(anyString())).thenReturn(true);
+        when(_connection.createTenantVDCEdgeStaticRoute(anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+        when(_connection.associateTenantVDCEdgeStaticRoutePolicy(anyString())).thenReturn(true);
+        when(_connection.createEdgeFirewall(anyString(), anyString(), anyString(), anyString(), anyString())).thenReturn(true);
+
+        Answer answer = _resource.executeRequest(cmd);
+        System.out.println(answer.getDetails());
+        assertTrue(answer.getResult());
+    }
+}
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 12c85fff38b..471253f0728 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -138,6 +138,7 @@
       </activation>
       <modules>
         <module>hypervisors/vmware</module>
+        <module>network-elements/cisco-vnmc</module>
       </modules>
     </profile>
     <profile>
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index 50c137ae81f..cfe0e00d8ba 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -2717,8 +2717,8 @@ public class ApiResponseHelper implements ResponseGenerator {
         List<? extends Network.Provider> serviceProviders = ApiDBUtils.getProvidersForService(service);
         List<ProviderResponse> serviceProvidersResponses = new ArrayList<ProviderResponse>();
         for (Network.Provider serviceProvider : serviceProviders) {
-            // return only Virtual Router/JuniperSRX as a provider for the firewall
-            if (service == Service.Firewall && !(serviceProvider == Provider.VirtualRouter || serviceProvider == Provider.JuniperSRX)) {
+            // return only Virtual Router/JuniperSRX/CiscoVnmc as a provider for the firewall
+            if (service == Service.Firewall && !(serviceProvider == Provider.VirtualRouter || serviceProvider == Provider.JuniperSRX || serviceProvider == Provider.CiscoVnmc)) {
                 continue;
             }
 
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index fce3c010df4..5b6d81e8df8 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -3302,8 +3302,8 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
                             throw new InvalidParameterValueException("Invalid service provider: " + prvNameStr);
                         }
 
-                        if (provider == Provider.JuniperSRX) {
-                            firewallProvider = Provider.JuniperSRX;
+                        if (provider == Provider.JuniperSRX || provider == Provider.CiscoVnmc) {
+                            firewallProvider = provider;
                         }
                         
                         if ((service == Service.PortForwarding || service == Service.StaticNat) && provider == Provider.VirtualRouter){
diff --git a/setup/db/db/schema-410to420.sql b/setup/db/db/schema-410to420.sql
index 92b2d9c863c..fb760bf4824 100644
--- a/setup/db/db/schema-410to420.sql
+++ b/setup/db/db/schema-410to420.sql
@@ -680,7 +680,41 @@ CREATE VIEW `cloud`.`affinity_group_view` AS
             left join
         `cloud`.`vm_instance` ON vm_instance.id = affinity_group_vm_map.instance_id
             left join
-		`cloud`.`user_vm` ON user_vm.id = vm_instance.id;
-		
+        `cloud`.`user_vm` ON user_vm.id = vm_instance.id;
+
+CREATE TABLE `cloud`.`external_cisco_vnmc_devices` (
+  `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
+  `uuid` varchar(255) UNIQUE,
+  `physical_network_id` bigint unsigned NOT NULL COMMENT 'id of the physical network in to which cisco vnmc device is added',
+  `provider_name` varchar(255) NOT NULL COMMENT 'Service Provider name corresponding to this cisco vnmc device',
+  `device_name` varchar(255) NOT NULL COMMENT 'name of the cisco vnmc device',
+  `host_id` bigint unsigned NOT NULL COMMENT 'host id coresponding to the external cisco vnmc device',
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_external_cisco_vnmc_devices__host_id` FOREIGN KEY (`host_id`) REFERENCES `host`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_external_cisco_vnmc_devices__physical_network_id` FOREIGN KEY (`physical_network_id`) REFERENCES `physical_network`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`external_cisco_asa1000v_devices` (
+  `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
+  `uuid` varchar(255) UNIQUE,
+  `physical_network_id` bigint unsigned NOT NULL COMMENT 'id of the physical network in to which cisco asa1kv device is added',
+  `management_ip` varchar(255) UNIQUE NOT NULL COMMENT 'mgmt. ip of cisco asa1kv device',
+  `in_port_profile` varchar(255) NOT NULL COMMENT 'inside port profile name of cisco asa1kv device',
+  `cluster_id` bigint unsigned NOT NULL COMMENT 'id of the Vmware cluster to which cisco asa1kv device is attached (cisco n1kv switch)',
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_external_cisco_asa1000v_devices__physical_network_id` FOREIGN KEY (`physical_network_id`) REFERENCES `physical_network`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_external_cisco_asa1000v_devices__cluster_id` FOREIGN KEY (`cluster_id`) REFERENCES `cluster`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+CREATE TABLE `cloud`.`network_asa1000v_map` (
+  `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id',
+  `network_id` bigint unsigned NOT NULL UNIQUE COMMENT 'id of guest network',
+  `asa1000v_id` bigint unsigned NOT NULL UNIQUE COMMENT 'id of asa1000v device',
+  PRIMARY KEY (`id`),
+  CONSTRAINT `fk_network_asa1000v_map__network_id` FOREIGN KEY (`network_id`) REFERENCES `networks`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_network_asa1000v_map__asa1000v_id` FOREIGN KEY (`asa1000v_id`) REFERENCES `external_cisco_asa1000v_devices`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 -- Re-enable foreign key checking, at the end of the upgrade path
 SET foreign_key_checks = 1;			
+
diff --git a/test/integration/component/test_asa1000v_fw.py b/test/integration/component/test_asa1000v_fw.py
new file mode 100755
index 00000000000..0b66f971946
--- /dev/null
+++ b/test/integration/component/test_asa1000v_fw.py
@@ -0,0 +1,134 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+""" Cisco ASA1000v external firewall
+"""
+#Import Local Modules
+import marvin
+from nose.plugins.attrib import attr
+from marvin.cloudstackTestCase import *
+from marvin.cloudstackAPI import *
+from marvin.integration.lib.utils import *
+from marvin.integration.lib.base import *
+from marvin.integration.lib.common import *
+from marvin.remoteSSHClient import remoteSSHClient
+import datetime
+
+
+class Services:
+    """Test Cisco ASA1000v services
+    """
+
+    def __init__(self):
+        self.services = {
+                        "vnmc": {
+                                    "ipaddress": '10.147.28.236',
+                                    "username": 'admin',
+                                    "password": 'Password_123',
+                        },
+                        "asa": {
+                                    "ipaddress": '10.147.28.238',
+                                    "insideportprofile": 'asa-in123',
+                        },
+                        "network_offering": {
+                                    "name": 'CiscoVnmc',
+                                    "displaytext": 'CiscoVnmc',
+                                    "guestiptype": 'Isolated',
+                                    "supportedservices": 'Dhcp,Dns,SourceNat,PortForwarding,Firewall,UserData,StaticNat',
+                                    "traffictype": 'GUEST',
+                                    "availability": 'Optional',
+                                    "serviceProviderList": {
+                                            "Dhcp": 'VirtualRouter',
+                                            "Dns": 'VirtualRouter',
+                                            "SourceNat": 'CiscoVnmc',
+                                            "PortForwarding": 'CiscoVnmc',
+                                            "Firewall": 'CiscoVnmc',
+                                            "UserData": 'VirtualRouter',
+                                            "StaticNat": 'CiscoVnmc',
+                                    },
+                        },
+                        "network": {
+                                    "name": "CiscoVnmc",
+                                    "displaytext": "CiscoVnmc",
+                        },
+                    }
+
+class TestASASetup(cloudstackTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        cls.apiclient = super(
+                            TestASASetup,
+                            cls
+                            ).getClsTestClient().getApiClient()
+        cls.services = Services().services
+        cls.network_offering = NetworkOffering.create(
+                            cls.apiclient,
+                            cls.services["network_offering"],
+                            conservemode=True)
+        # Enable network offering
+        cls.network_offering.update(cls.apiclient, state='Enabled')
+
+        cls._cleanup = [
+                        cls.network_offering,
+                      ]
+        return
+
+    @classmethod
+    def tearDownClass(cls):
+        try:
+            # Cleanup
+            cleanup_resources(cls.apiclient, cls._cleanup)
+        except Exception as e:
+            raise Exception("Warning: Exception during cleanup : %s" % e)
+        return
+
+    def setUp(self):
+        self.apiclient = self.testClient.getApiClient()
+        self.dbclient = self.testClient.getDbConnection()
+
+        self.zone = get_zone(self.apiclient, self.services)
+        self.physicalnetworks = PhysicalNetwork.list(self.apiclient, zoneid=self.zone.id)
+        self.assertNotEqual(len(self.physicalnetworks), 0, "Check if the list physical network API returns a non-empty response")
+        self.clusters = Cluster.list(self.apiclient, hypervisor='VMware')
+        self.assertNotEqual(len(self.clusters), 0, "Check if the list cluster API returns a non-empty response")
+
+        return
+
+    def tearDown(self):
+        try:
+            self.debug("Cleaning up the resources")
+            # Cleanup
+            cleanup_resources(self.apiclient, self._cleanup)
+            self.debug("Cleanup complete!")
+        except Exception as e:
+            raise Exception("Warning: Exception during cleanup : %s" % e)
+        return
+
+    def test_registerVnmc(self):
+        Vnmc = VNMC.create(self.apiclient, self.services["vnmc"]["ipaddress"], self.services["vnmc"]["username"], self.services["vnmc"]["password"], self.physicalnetworks[0].id)
+        self.debug("Cisco VNMC appliance with id %s deployed"%(Vnmc.id))
+        VnmcList = VNMC.list(self.apiclient, physicalnetworkid = self.physicalnetworks[0].id)
+        self.assertNotEqual(len(VnmcList), 0, "List VNMC API returned an empty response")
+        Vnmc.delete(self.apiclient)
+
+    def test_registerAsa1000v(self):
+        Asa = ASA1000V.create(self.apiclient, self.services["asa"]["ipaddress"], self.services["asa"]["insideportprofile"], self.clusters[0].id, self.physicalnetworks[0].id)
+        self.debug("Cisco ASA 1000v appliance with id %s deployed"%(Asa.id))
+        AsaList = ASA1000V.list(self.apiclient, physicalnetworkid = self.physicalnetworks[0].id)
+        self.assertNotEqual(len(AsaList), 0, "List ASA 1000v API returned an empty response")
+        Asa.delete(self.apiclient)
\ No newline at end of file
diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py
index 3df68ab7853..0185c87fed9 100755
--- a/tools/marvin/marvin/integration/lib/base.py
+++ b/tools/marvin/marvin/integration/lib/base.py
@@ -2444,7 +2444,6 @@ class VPC:
         [setattr(cmd, k, v) for k, v in kwargs.items()]
         return(apiclient.listVPCs(cmd))
 
-
 class AffinityGroup:
     def __init__(self, items):
         self.__dict__.update(items)
@@ -2467,9 +2466,71 @@ class AffinityGroup:
         cmd.id = self.id
         return apiclient.deleteVPC(cmd)
 
-
     @classmethod
     def list(cls, apiclient, **kwargs):
         cmd = listAffinityGroups.listAffinityGroupsCmd()
         [setattr(cmd, k, v) for k, v in kwargs.items()]
         return(apiclient.listVPCs(cmd))
+
+class VNMC:
+    """Manage VNMC lifecycle"""
+
+    def __init__(self, items):
+        self.__dict__.update(items)
+
+    def create(cls, apiclient, hostname, username, password, physicalnetworkid):
+        """Registers VNMC appliance"""
+
+        cmd = addCiscoVnmcResource.addCiscoVnmcResourceCmd()
+        cmd.hostname = hostname
+        cmd.username = username
+        cmd.password = password
+        cmd.physicalnetworkid = physicalnetworkid
+        return VNMC(apiclient.addCiscoVnmcResource(cmd))
+
+    def delete(self, apiclient):
+        """Removes VNMC appliance"""
+
+        cmd = deleteCiscoVnmcResource.deleteCiscoVnmcResourceCmd()
+        cmd.resourceid = self.resourceid
+        return apiclient.deleteCiscoVnmcResource(cmd)
+
+    @classmethod
+    def list(cls, apiclient, **kwargs):
+        """List VNMC appliances"""
+
+        cmd = listCiscoVnmcResources.listCiscoVnmcResourcesCmd()
+        [setattr(cmd, k, v) for k, v in kwargs.items()]
+        return(apiclient.listCiscoVnmcResources(cmd))
+
+class ASA1000V:
+    """Manage ASA 1000v lifecycle"""
+
+    def __init__(self, items):
+        self.__dict__.update(items)
+
+    @classmethod
+    def create(cls, apiclient, hostname, insideportprofile, clusterid, physicalnetworkid):
+        """Registers ASA 1000v appliance"""
+
+        cmd = addCiscoAsa1000vResource.addCiscoAsa1000vResourceCmd()
+        cmd.hostname = hostname
+        cmd.insideportprofile = insideportprofile
+        cmd.clusterid = clusterid
+        cmd.physicalnetworkid = physicalnetworkid
+        return ASA1000V(apiclient.addCiscoAsa1000vResource(cmd))
+
+    def delete(self, apiclient):
+        """Removes ASA 1000v appliance"""
+
+        cmd = deleteCiscoAsa1000vResource.deleteCiscoAsa1000vResourceCmd()
+        cmd.resourceid = self.resourceid
+        return apiclient.deleteCiscoAsa1000vResource(cmd)
+
+    @classmethod
+    def list(cls, apiclient, **kwargs):
+        """List ASA 1000v appliances"""
+
+        cmd = listCiscoAsa1000vResources.listCiscoAsa1000vResourcesCmd()
+        [setattr(cmd, k, v) for k, v in kwargs.items()]
+        return(apiclient.listCiscoAsa1000vResources(cmd))
diff --git a/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java b/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java
index be8d68a5648..06718d0f35e 100644
--- a/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java
+++ b/utils/src/com/cloud/utils/cisco/n1kv/vsm/NetconfHelper.java
@@ -79,6 +79,17 @@ public class NetconfHelper {
         parseOkReply(receive());
     }
 
+    public void addPortProfile(String name, PortProfileType type, BindingType binding,
+            SwitchPortMode mode, int vlanid, String vdc, String espName) throws CloudRuntimeException {
+        String command = VsmCommand.getAddPortProfile(name, type, binding, mode, vlanid, vdc, espName);
+        if (command != null) {
+            command = command.concat(SSH_NETCONF_TERMINATOR);
+            parseOkReply(sendAndReceive(command));
+        } else {
+            throw new CloudRuntimeException("Error generating rpc request for adding port profile.");
+        }
+    }
+
     public void addPortProfile(String name, PortProfileType type, BindingType binding,
             SwitchPortMode mode, int vlanid) throws CloudRuntimeException {
         String command = VsmCommand.getAddPortProfile(name, type, binding, mode, vlanid);
@@ -160,6 +171,17 @@ public class NetconfHelper {
         }
     }
 
+    public void addVServiceNode(String vlanId, String ipAddr)
+            throws CloudRuntimeException {
+        String command = VsmCommand.getVServiceNode(vlanId, ipAddr);
+        if (command != null) {
+            command = command.concat(SSH_NETCONF_TERMINATOR);
+            parseOkReply(sendAndReceive(command));
+        } else {
+            throw new CloudRuntimeException("Error generating rpc request for adding vservice node for vlan " + vlanId);
+        }
+    }
+
     public PortProfile getPortProfileByName(String name) throws CloudRuntimeException {
         String command = VsmCommand.getPortProfile(name);
         if (command != null) {
diff --git a/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java b/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
index d1887f6417d..fdab390557d 100644
--- a/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
+++ b/utils/src/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
@@ -69,6 +69,40 @@ public class VsmCommand {
         removevlanid
     }
 
+    public static String getAddPortProfile(String name, PortProfileType type,
+            BindingType binding, SwitchPortMode mode, int vlanid, String vdc, String espName) {
+        try {
+            // Create the document and root element.
+            DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+            DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
+            DOMImplementation domImpl = docBuilder.getDOMImplementation();
+            Document doc = createDocument(domImpl);
+
+            // Edit configuration command.
+            Element editConfig = doc.createElement("nf:edit-config");
+            doc.getDocumentElement().appendChild(editConfig);
+
+            // Command to get into exec configure mode.
+            Element target = doc.createElement("nf:target");
+            Element running = doc.createElement("nf:running");
+            target.appendChild(running);
+            editConfig.appendChild(target);
+
+            // Command to create the port profile with the desired configuration.
+            Element config = doc.createElement("nf:config");
+            config.appendChild(configPortProfileDetails(doc, name, type, binding, mode, vlanid, vdc, espName));
+            editConfig.appendChild(config);
+
+            return serialize(domImpl, doc);
+        } catch (ParserConfigurationException e) {
+            s_logger.error("Error while creating add port profile message : " + e.getMessage());
+            return null;
+        } catch (DOMException e) {
+            s_logger.error("Error while creating add port profile message : " + e.getMessage());
+            return null;
+        }
+    }
+
     public static String getAddPortProfile(String name, PortProfileType type,
             BindingType binding, SwitchPortMode mode, int vlanid) {
         try {
@@ -366,6 +400,184 @@ public class VsmCommand {
         }
     }
 
+    public static String getVServiceNode(String vlanId, String ipAddr) {
+        try {
+            // Create the document and root element.
+            DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+            DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
+            DOMImplementation domImpl = docBuilder.getDOMImplementation();
+            Document doc = createDocument(domImpl);
+
+            // Edit configuration command.
+            Element editConfig = doc.createElement("nf:edit-config");
+            doc.getDocumentElement().appendChild(editConfig);
+
+            // Command to get into exec configure mode.
+            Element target = doc.createElement("nf:target");
+            Element running = doc.createElement("nf:running");
+            target.appendChild(running);
+            editConfig.appendChild(target);
+
+            // Command to create the port profile with the desired configuration.
+            Element config = doc.createElement("nf:config");
+            config.appendChild(configVServiceNodeDetails(doc, vlanId, ipAddr));
+            editConfig.appendChild(config);
+
+            return serialize(domImpl, doc);
+        } catch (ParserConfigurationException e) {
+            s_logger.error("Error while adding vservice node for vlan " + vlanId + ", " + e.getMessage());
+            return null;
+        } catch (DOMException e) {
+            s_logger.error("Error while adding vservice node for vlan " + vlanId + ", " + e.getMessage());
+            return null;
+        }
+    }
+
+    private static Element configVServiceNodeDetails(Document doc, String vlanId, String ipAddr) {
+        // In mode, exec_configure.
+        Element configure = doc.createElementNS(s_ciscons, "nxos:configure");
+        Element modeConfigure = doc.createElement("nxos:" + s_configuremode);
+        configure.appendChild(modeConfigure);
+
+        // vservice node %name% type asa
+        Element vservice = doc.createElement("vservice");
+        vservice.appendChild(doc.createElement("node"))
+                .appendChild(doc.createElement("ASA_" + vlanId))
+                .appendChild(doc.createElement("type"))
+                .appendChild(doc.createElement("asa"));
+        modeConfigure.appendChild(vservice);
+
+        Element address = doc.createElement(s_paramvalue);
+        address.setAttribute("isKey", "true");
+        address.setTextContent(ipAddr);
+
+        // ip address %ipAddr%
+        modeConfigure.appendChild(doc.createElement("ip"))
+        		.appendChild(doc.createElement("address"))
+                .appendChild(doc.createElement("value"))
+        		.appendChild(address);
+
+        Element vlan = doc.createElement(s_paramvalue);
+        vlan.setAttribute("isKey", "true");
+        vlan.setTextContent(vlanId);
+
+        // adjacency l2 vlan %vlanId%
+        modeConfigure.appendChild(doc.createElement("adjacency"))
+                .appendChild(doc.createElement("l2"))
+                .appendChild(doc.createElement("vlan"))
+                .appendChild(doc.createElement("value"))
+                .appendChild(vlan);
+
+        // fail-mode close
+        modeConfigure.appendChild(doc.createElement("fail-mode"))
+                .appendChild(doc.createElement("close"));
+
+        // Persist the configuration across reboots.
+        modeConfigure.appendChild(persistConfiguration(doc));
+
+        return configure;
+    }
+
+    private static Element configPortProfileDetails(Document doc, String name, PortProfileType type,
+            BindingType binding, SwitchPortMode mode, int vlanid, String vdc, String espName) {
+
+        // In mode, exec_configure.
+        Element configure = doc.createElementNS(s_ciscons, "nxos:configure");
+        Element modeConfigure = doc.createElement("nxos:" + s_configuremode);
+        configure.appendChild(modeConfigure);
+
+        // Port profile name and type configuration.
+        Element portProfile = doc.createElement("port-profile");
+        modeConfigure.appendChild(portProfile);
+
+        // Port profile type.
+        Element portDetails = doc.createElement("name");
+        switch (type) {
+        case none:
+            portProfile.appendChild(portDetails);
+            break;
+        case ethernet:
+            {
+                Element typetag = doc.createElement("type");
+                Element ethernettype = doc.createElement("ethernet");
+                portProfile.appendChild(typetag);
+                typetag.appendChild(ethernettype);
+                ethernettype.appendChild(portDetails);
+            }
+            break;
+        case vethernet:
+            {
+                Element typetag = doc.createElement("type");
+                Element ethernettype = doc.createElement("vethernet");
+                portProfile.appendChild(typetag);
+                typetag.appendChild(ethernettype);
+                ethernettype.appendChild(portDetails);
+            }
+            break;
+        }
+
+        // Port profile name.
+        Element value = doc.createElement(s_paramvalue);
+        value.setAttribute("isKey", "true");
+        value.setTextContent(name);
+        portDetails.appendChild(value);
+
+        // element for port prof mode.
+        Element portProf = doc.createElement(s_portprofmode);
+        portDetails.appendChild(portProf);
+
+        // Binding type.
+        if (binding != BindingType.none) {
+            portProf.appendChild(getBindingType(doc, binding));
+        }
+
+        if (mode != SwitchPortMode.none) {
+            // Switchport mode.
+            portProf.appendChild(getSwitchPortMode(doc, mode));
+            // Adding vlan details.
+            if (vlanid > 0) {
+                portProf.appendChild(getAddVlanDetails(doc, mode, Integer.toString(vlanid)));
+            }
+        }
+
+        // Command "vmware port-group".
+        Element vmware = doc.createElement("vmware");
+        Element portgroup = doc.createElement("port-group");
+        vmware.appendChild(portgroup);
+        portProf.appendChild(vmware);
+
+        // org root/%vdc%
+        // vservice node <Node Name> profile <Edge Security Profile Name in VNMC>
+        Element org = doc.createElement("org");
+        org.appendChild(doc.createElement(vdc));
+        portProf.appendChild(org);
+
+        String asaNodeName = "ASA_" + vlanid;
+        Element vservice = doc.createElement("vservice");
+        vservice.appendChild(doc.createElement("node"))
+                .appendChild(doc.createElement(asaNodeName))
+                .appendChild(doc.createElement("profile"))
+                .appendChild(doc.createElement(espName));
+        portProf.appendChild(vservice);
+
+        // no shutdown.
+        Element no = doc.createElement("no");
+        Element shutdown = doc.createElement("shutdown");
+        no.appendChild(shutdown);
+        portProf.appendChild(no);
+
+        // Enable the port profile.
+        Element state = doc.createElement("state");
+        Element enabled = doc.createElement("enabled");
+        state.appendChild(enabled);
+        portProf.appendChild(state);
+
+        // Persist the configuration across reboots.
+        modeConfigure.appendChild(persistConfiguration(doc));
+
+        return configure;
+    }
+    
     private static Element configPortProfileDetails(Document doc, String name, PortProfileType type,
             BindingType binding, SwitchPortMode mode, int vlanid) {
 
@@ -433,6 +645,7 @@ public class VsmCommand {
         Element portgroup = doc.createElement("port-group");
         vmware.appendChild(portgroup);
         portProf.appendChild(vmware);
+        
 
         // no shutdown.
         Element no = doc.createElement("no");
diff --git a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java
index 621c091481a..7f323c5e400 100755
--- a/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java
+++ b/vmware-base/src/com/cloud/hypervisor/vmware/mo/HypervisorHostHelper.java
@@ -163,7 +163,8 @@ public class HypervisorHostHelper {
     }
 
     public static void createPortProfile(VmwareContext context, String ethPortProfileName, String networkName,
-            Integer vlanId, Integer networkRateMbps, long peakBandwidth, long burstSize) throws Exception {
+            Integer vlanId, Integer networkRateMbps, long peakBandwidth, long burstSize,
+            String gateway, boolean configureVServiceInNexus) throws Exception {
         Map<String, String> vsmCredentials = getValidatedVsmCredentials(context);
         String vsmIp = vsmCredentials.get("vsmip");
         String vsmUserName = vsmCredentials.get("vsmusername");
@@ -233,8 +234,18 @@ public class HypervisorHostHelper {
                 s_logger.info("Adding port profile configured over untagged VLAN.");
                 netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, 0);
             } else {
-                s_logger.info("Adding port profile configured over VLAN : " + vlanId.toString());
-                netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, vlanId.intValue());
+                if (!configureVServiceInNexus) {
+                    s_logger.info("Adding port profile configured over VLAN : " + vlanId.toString());
+                    netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, vlanId.intValue());
+                } else {
+                    String tenant = "vlan-" + vlanId.intValue();
+                    String vdc = "root/" + tenant + "/VDC-" + tenant;
+                    String esp = "ESP-" + tenant;
+                    s_logger.info("Adding vservice node in Nexus VSM for VLAN : " + vlanId.toString());
+                    netconfClient.addVServiceNode(vlanId.toString(), gateway);
+                    s_logger.info("Adding port profile with vservice details configured over VLAN : " + vlanId.toString());
+                    netconfClient.addPortProfile(networkName, PortProfileType.vethernet, BindingType.portbindingstatic, SwitchPortMode.access, vlanId.intValue(), vdc, esp);
+                }
             }
         } catch (CloudRuntimeException e) {
             msg = "Failed to add vEthernet port profile " + networkName + "." + ". Exception: " + e.toString();
@@ -402,7 +413,7 @@ public class HypervisorHostHelper {
 
     public static Pair<ManagedObjectReference, String> prepareNetwork(String physicalNetwork, String namePrefix,
             HostMO hostMo, String vlanId, Integer networkRateMbps, Integer networkRateMulticastMbps, long timeOutMs,
-            VirtualSwitchType vSwitchType, int numPorts) throws Exception {
+            VirtualSwitchType vSwitchType, int numPorts, String gateway, boolean configureVServiceInNexus) throws Exception {
         ManagedObjectReference morNetwork = null;
         VmwareContext context = hostMo.getContext();
         ManagedObjectReference dcMor = hostMo.getHyperHostDatacenter();
@@ -504,22 +515,22 @@ public class HypervisorHostHelper {
             } else {
                 s_logger.info("Found Ethernet port profile " + ethPortProfileName);
             }
-        long averageBandwidth = 0L;
-        if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
-            averageBandwidth = (long) (networkRateMbps.intValue() * 1024L * 1024L);
-        }
-        // We chose 50% higher allocation than average bandwidth.
+            long averageBandwidth = 0L;
+            if (networkRateMbps != null && networkRateMbps.intValue() > 0) {
+                averageBandwidth = (long) (networkRateMbps.intValue() * 1024L * 1024L);
+            }
+            // We chose 50% higher allocation than average bandwidth.
             // TODO(sateesh): Optionally let user specify the peak coefficient
-        long peakBandwidth = (long) (averageBandwidth * 1.5);
+            long peakBandwidth = (long) (averageBandwidth * 1.5);
             // TODO(sateesh): Optionally let user specify the burst coefficient
-        long burstSize = 5 * averageBandwidth / 8;
+            long burstSize = 5 * averageBandwidth / 8;
 
-        if (!dataCenterMo.hasDvPortGroup(networkName)) {
-            s_logger.info("Port profile " + networkName + " not found.");
-                createPortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize);
-            bWaitPortGroupReady = true;
-        } else {
-            s_logger.info("Port profile " + networkName + " found.");
+            if (!dataCenterMo.hasDvPortGroup(networkName)) {
+                s_logger.info("Port profile " + networkName + " not found.");
+                createPortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize, gateway, configureVServiceInNexus);
+                bWaitPortGroupReady = true;
+            } else {
+                s_logger.info("Port profile " + networkName + " found.");
                 updatePortProfile(context, physicalNetwork, networkName, vid, networkRateMbps, peakBandwidth, burstSize);
             }
         }