As announced last month and quickly covered off by this post, Cisco announced the evolution of the ASA 1000v, the ASAv. There is no longer a requirement on Nexus 1000v.
I have a variety of technology in my lab for studies. For 2 years my bread and butter was Juniper SRX and Cisco ASA firewalls. They were the mainstay of my role and I still get questions about them from old colleagues and industry friends
This is the lab environment that I have built. I have a firewall only environment and an environment which I have a CSR embedded into it as well.
Installing the ASAv into vCenter
Lets install the ASA 1000v and connect it to the Web Logical Switch we setup here. My lab environment sees quite a few ASAv instances stitched together in a topology. This is great for studying expected behaviours of physical firewall changes.
Time to deploy the ASAv OVA file downloaded from Cisco.com and select the OVA file.
Accept the terms from Cisco. Accept the extra options which are Thick Provisioned disk (pre allocated, written with zeros).
Accept the terms of the EULA.
Select the name and location of where you want to install the ASAv
Select the cluster you want to install to.
Select the datastore where the vmdk will be provisioned. Remember, thick provisioning requires the space upfront. Make sure you have the room.
Here you can select the networks to which the ASAv attaches to. My port-group VM-traffic is connection to the dvUplink connected to my UCS fabric interconnect – for the non VMware people – the outside world. The vSwitch labelled vxw-dvs-204-virtualwire-8-sid-10007-DND-Transit is my Transit logical switch that is connected to my uplink from my logical router. If you look at the three tier application we are deploying in my Installing NSX Series Part 4.
Here you can set up the initial config which is usually prompted when first enabling a device. I am sure as a part of a vCO workflow that this could be read from a central repository or something but I skip this for now.
Lets have a look at the console. It’s amusing – still faithful to the older ASA’s with a Pentium II 2400 being reproduced.
Easy does it. A virtual ASA connected to a logical switch and the outside world. Apply your standard configuration and default policies and you have a functioning ASA. Much easier to deploy than its physical counterpart.
At the time of installing it seems that the only feature missing is ASA clustering. I cover ASA clustering here which is not a bad way of scaling out firewall function. I believe that this is purely a command enablement in the next version.