I were keeping testing Cisco ASA in Vmware environment for my own studying purpose. Recently I got ASAv 9.5.1 and installed into Vmware workstation 10 and ESXi 5.5.
Here are all related posts in this blog:
- ASA 8.02 in Vmware Workstation
- ASA 8.42 in VMware Workstation
- ASA 9.21 in Vmware Workstation 10
- Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (1)
- Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (2)
- Cisco ASAv 9.5.1 200 and ASDM 7.5.1 in Workstation / ESXi
More configuration posts:
- Cisco ASA 5500-X Series Software 9.x Configuration Notes (Tips and Tricks)
- Cisco ASA Remote Access VPN Configuration 2 – Anyconnect VPN Configuration
- Cisco ASA Remote Access VPN Configuration 1 – Clientless SSL VPN Configuration
- Cisco ASAv HA Configurations
1. Download Software from Cisco Software Website:
The latest is 9.5.2 200. I am using 9.5.1 200 as an example for this post.
After downloaded the package, unzipped it and you will get 7 files.
asav-esxi.ovf will be used for esxi and workstation environment.
2. Import into Vmware ESXi or Workstation
2.1 in ESXi 5.5
Choose Menu File -> Deploy OVF Template…
Follow screen instruction to click next:
Network Mapping will be very straightforward since all interface are listing with mapping name in the ASAv.
 |
| Management0-0 is first interface. |
2.2 in Vmware Workstation 10
Choose Open from File menu:
Following screen , click import:
After import done, you will get a new Virtual Machine:
 |
| Network Adapter 1 is first interface which is Management0/0 in ASAv. |
Booting Screen:
3. Verify
|
ASAv-Pri# show version
Cisco Adaptive Security Appliance Software Version 9.5(1)200 Device Manager Version 7.5(1) Compiled on Fri 28-Aug-15 15:56 PDT by builders System image file is “boot:/asa951-200-smp-k8.bin” Config file at boot was “startup-config” ASAv-Pri up 1 hour 5 mins failover cluster up 15 hours 54 mins Hardware: ASAv, 1024 MB RAM, CPU Xeon 5500 series 2294 MHz, Model Id: ASAv5 Internal ATA Compact Flash, 256MB Slot 1: ATA Compact Flash, 8192MB BIOS Flash Firmware Hub @ 0x0, 0KB 0: Ext: Management0/0 : address is 000c.291a.f3fd, irq 10 1: Ext: GigabitEthernet0/0 : address is 000c.291a.f307, irq 5 2: Ext: GigabitEthernet0/1 : address is 000c.291a.f311, irq 9 3: Ext: GigabitEthernet0/2 : address is 000c.291a.f31b, irq 11 4: Ext: GigabitEthernet0/3 : address is 000c.291a.f325, irq 10 5: Ext: GigabitEthernet0/4 : address is 000c.291a.f32f, irq 5 6: Ext: GigabitEthernet0/5 : address is 000c.291a.f339, irq 9 7: Ext: GigabitEthernet0/6 : address is 000c.291a.f343, irq 11 8: Ext: GigabitEthernet0/7 : address is 000c.291a.f34d, irq 10 9: Ext: GigabitEthernet0/8 : address is 000c.291a.f357, irq 5 License mode: Smart Licensing ASAv Platform License State: Unlicensed No active entitlement: no feature tier and no throughput level configured *Memory resource allocation is more than the permitted limit. Licensed features for this platform: Maximum Physical Interfaces : 10 Maximum VLANs : 25 Inside Hosts : Unlimited Failover : Active/Standby Encryption-DES : Enabled Encryption-3DES-AES : Enabled Security Contexts : 0 GTP/GPRS : Disabled AnyConnect Premium Peers : 2 AnyConnect Essentials : Disabled Other VPN Peers : 50 Total VPN Peers : 50 Shared License : Disabled AnyConnect for Mobile : Disabled AnyConnect for Cisco VPN Phone : Disabled Advanced Endpoint Assessment : Disabled Total UC Proxy Sessions : 2 Botnet Traffic Filter : Enabled Cluster : Disabled License mode: Smart Licensing Failover cluster licensed features for this platform: Maximum Physical Interfaces : 10 Maximum VLANs : 25 Inside Hosts : Unlimited Failover : Active/Standby Encryption-DES : Enabled Encryption-3DES-AES : Enabled Security Contexts : 0 GTP/GPRS : Disabled AnyConnect Premium Peers : 2 AnyConnect Essentials : Disabled Other VPN Peers : 50 Total VPN Peers : 50 Shared License : Disabled AnyConnect for Mobile : Disabled AnyConnect for Cisco VPN Phone : Disabled Advanced Endpoint Assessment : Disabled Total UC Proxy Sessions : 2 Botnet Traffic Filter : Enabled Cluster : Disabled Licensing mode is Smart Licensing Serial Number: 9ALU3EW6LDF Image type : Release Key version : A Configuration last modified by enable_1 at 17:02:38.079 UTC Wed Jan 27 2016 ASAv-Pri# ASAv-Pri# sh run : Saved : : Serial Number: 9ALU3EW6LDF : Hardware: ASAv, 1024 MB RAM, CPU Xeon 5500 series 2294 MHz : ASA Version 9.5(1)200 ! hostname ASAv-Pri enable password 8Ry2YjIyt7RRXU24 encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain names ! interface GigabitEthernet0/0 nameif EXT security-level 0 ip address 172.17.3.11 255.255.255.0 standby 172.17.3.12 ! interface GigabitEthernet0/1 description test no nameif no security-level no ip address ! interface GigabitEthernet0/2 nameif INT security-level 100 ip address 10.9.2.11 255.255.255.0 standby 10.9.2.12 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/8 description LAN/STATE Failover Interface ! interface Management0/0 management-only nameif mgmt security-level 0 ip address 192.168.2.11 255.255.255.0 standby 192.168.2.12 ! ftp mode passive pager lines 23 logging enable logging asdm informational mtu EXT 1500 mtu INT 1500 mtu mgmt 1500 failover failover lan unit secondary failover lan interface LANFAIL GigabitEthernet0/8 failover key ***** failover link LANFAIL GigabitEthernet0/8 failover interface ip LANFAIL 10.10.1.1 255.255.255.0 standby 10.10.1.2 no monitor-interface mgmt icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.2.0 255.255.255.0 mgmt no snmp-server location no snmp-server contact crypto ipsec security-association pmtu-aging infinite crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130 ……. 6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28 6c2527b9 deb78458 c61f381e a4c4cb66 quit telnet timeout 5 ssh stricthostkeycheck ssh 192.168.2.0 255.255.255.0 mgmt ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept dynamic-access-policy-record DfltAccessPolicy username test password P4ttSyrm33SV8TYp encrypted ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect ip-options inspect netbios inspect rtsp inspect sunrpc inspect tftp inspect xdmcp inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect esmtp inspect sqlnet inspect sip inspect skinny policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 ! service-policy global_policy global prompt hostname context call-home reporting anonymous prompt 2 call-home profile License destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination transport-method http profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:deb136269827f21fc1c142fac079704b : end ASAv-Pri# |
Please help to verify the link 9.5.1. I can't download
You may need a cco account to download it.