Cisco released their new ASAv virtual appliance, an updated virtual offering for the ASA platform. I suspect at least part of the driver for this is their work on Cisco Modeling Labs, a new tool to help build and simulate environments.
The ASAv copes well in terms of performance and allows for yet more physical devices to be virtualized, however it only supports VMware environments that make use of vCenter. This leaves those wishing to use the ASAv for their learning, or testing having to setup vCenter. For home labs this is going to eat up more memory and discourage some. Thankfully working around this if fairly straightforward if you have access to a vCenter environment to import and then export the VM from.
Warning: Doing what I discuss in this blog post is certainly unsupported by Cisco. Proceed at your own risk.
- Begin by logging into your Cisco account and downloading the ASAv OFA. An OVA is a virtual appliance compressed into a single file for ease of deployment
- Once downloaded login to the vCenter environment and click “File” then “Deploy OVF Template” and follow the wizard
- Once you’ve completed the small wizard configuring the ASAv, power it up and give your inside interface an IP address:
ciscoasa(config)# interface GigabitEthernet0/1 ciscoasa(config-if)# description Inside ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100 ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0
- Once an IP address has been assigned you should provide your license key, if you miss this step the VM will fail to start up after it has been exported. To license your ASA check the serial number using the “show version” command:
ciscoasa> sh ver | inc Serial Serial Number: 0AAA0AA000A
- Armed with the serial number and the PAK from your license certificate login to your CCO account and authorize the key. You will be presented with an activation key, to license simply use the activation-key command:
ciscoasa# activation-key aa00aa00 0a00a0aa 00a0a00a 00000000 00000000
- Finally, save the configuration of your device and power it down
- Rather than export the device, download the folder containing the vmdk, vmx, vmdk-flat etc to your local computer using the datastore browser
- Upload to your standalone ESXi host using the datastore browser and right-click the VMX file and choose “Add to Inventory”
- Power on the virtual machine and it will boot successfully
Be warned, at any time erasing the configuration or removing the license key the ASAv will fail to boot on the standalone ESXi host.
In terms of performance, I’m pleasantly surprised. On a low-spec E3-1220v2 using 1500byte frames I’m getting 600Mbps+ using NAT and ACL’s.