Installing ASAv into vCenter

As announced last month and quickly covered off by this post, Cisco announced the evolution of the ASA 1000v, the ASAv. There is no longer a requirement on Nexus 1000v.

I have a variety of technology in my lab for studies. For 2 years my bread and butter was Juniper SRX and Cisco ASA firewalls. They were the mainstay of my role and I still get questions about them from old colleagues and industry friends

The Lab

This is the lab environment that I have built. I have a firewall only environment and an environment which I have a CSR embedded into it as well.


ASAv lab topology

Installing the ASAv into vCenter

Lets install the ASA 1000v and connect it to the Web Logical Switch we setup here. My lab environment sees quite a few ASAv instances stitched together in a topology. This is great for studying expected behaviours of physical firewall changes.

Time to deploy the ASAv OVA file downloaded from Cisco.com and select the OVA file.

Screenshot 2014-05-01 18.59.43

Accept the terms from Cisco. Accept the extra options which are Thick Provisioned disk (pre allocated, written with zeros).

Screenshot 2014-05-01 19.00.08

Accept the terms of the EULA.

Screenshot 2014-05-01 19.01.41

Select the name and location of where you want to install the ASAv

Screenshot 2014-05-01 19.02.21

Select the cluster you want to install to.

Screenshot 2014-05-01 19.02.37

Select the datastore where the vmdk will be provisioned. Remember, thick provisioning requires the space upfront. Make sure you have the room.

Screenshot 2014-05-01 19.02.52

Here you can select the networks to which the ASAv attaches to. My port-group VM-traffic is connection to the dvUplink connected to my UCS fabric interconnect – for the non VMware people – the outside world. The vSwitch labelled vxw-dvs-204-virtualwire-8-sid-10007-DND-Transit is my Transit logical switch that is connected to my uplink from my logical router. If you look at the three tier application we are deploying in my Installing NSX Series Part 4.

Screenshot 2014-05-01 19.09.21

Here you can set up the initial config which is usually prompted when first enabling a device. I am sure as a part of a vCO workflow that this could be read from a central repository or something but I skip this for now.

Screenshot 2014-05-01 19.09.35
Hit finish. Now it is time to start the ASAv up.

Screenshot 2014-05-01 22.06.06

Lets have a look at the console. It’s amusing – still faithful to the older ASA’s with a Pentium II 2400 being reproduced. Screenshot 2014-05-01 22.08.00

Easy does it. A virtual ASA connected to a logical switch and the outside world. Apply your standard configuration and default policies and you have a functioning ASA. Much easier to deploy than its physical counterpart.

At the time of installing it seems that the only feature missing is ASA clustering. I cover ASA clustering here which is not a bad way of scaling out firewall function. I believe that this is purely a command enablement in the next version.

Bookmark the permalink.

3 Comments

  1. You are my hero of the day, grats

  2. Good look into ASAv! Love the technology we have available right now. It’s a little too much but it’s exciting.

  3. Hi, can you guys confirm this is available from Cisco?

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">