Cisco ASAv5 Quick Start Manual
Cisco ASAv5 Quick Start Manual

Cisco ASAv5 Quick Start Manual

Adaptive security virtual appliance
Table of Contents

Advertisement

Quick Links

Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide,
9.7
First Published: 2017-01-18
Last Modified: 2019-03-15
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ASAv5 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Cisco ASAv5

  • Page 1 Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, First Published: 2017-01-18 Last Modified: 2019-03-15 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html.
  • Page 3: Table Of Contents

    Deploy the ASAv Using the OVF Tool and Day 0 Configuration Access the ASAv Console Use the VMware vSphere Console Configure a Network Serial Console Port Upgrade the vCPU or Throughput License Performance Tuning for the ASAv on VMware Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 4 C H A P T E R 5 Deploy the ASAv On the Microsoft Azure Cloud About ASAv Deployment On the Microsoft Azure Cloud Prerequisites and System Requirements for the ASAv and Azure Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 5 Start ASDM Perform Initial Configuration Using ASDM Run the Startup Wizard (Optional) Allow Access to Public Servers Behind the ASAv (Optional) Run VPN Wizards (Optional) Run Other Wizards in ASDM Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 6 Contents Advanced Configuration Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 7: Introduction To The Asav

    For hypervisor support, see Cisco ASA Compatibility. Licensing for the ASAv The ASAv uses Cisco Smart Software Licensing. For complete information, see Smart Software Licensing. Note You must install a smart license on the ASAv. Until you install a license, throughput is limited to 100 Kbps so you can perform preliminary connectivity tests.
  • Page 8 Introduction to the ASAv Licensing for the ASAv Note The ASAv uses Cisco Smart Software Licensing. A smart license is required for regular operation. Until you install a license, throughput is limited to 100 Kbps so you can perform preliminary connectivity tests.
  • Page 9 • 1 vCPU • 2 GB RAM • 100,000 concurrent firewall connections • Supports AWS on c3.large, c4.large, and m4.large instances • Supports Azure on a Standard D3 and Standard D3_v2 instances Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 10: Guidelines And Limitations

    ASAv console. Failover functionality may also be affected. Unsupported ASA Features The ASAv does not support the following ASA features: • Clustering (for all entitlements, except KVM and VMware) • Multiple context mode Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 11: Guidelines And Limitations For The Asav5

    • Beginning with 9.5(1.200), the memory requirement for the AVAv5 was reduced to 1GB. Downgrading the available memory on an ASAv5 from 2 GB to 1 GB is not supported. To run with 1 GB of memory, the ASAv5 VM must be redeployed with version 9.5(1.200) or later. Similarly, if you try to downgrade to a version earlier than 9.5(1.200), you must increase the memory to 2 GB.
  • Page 12: Asav Interfaces And Virtual Nics

    However, LRO can lead to TCP perfomance problems where network packet delivery may not flow consistently and could be "bursty" in congested networks. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 13 7. Click OK to save your changes and exit the Configuration Parameters dialog box. 8. Click Save. See the following VMware support articles for more information: • VMware KB 1027511 • VMware KB 2055140 Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 14 Introduction to the ASAv Supported vNICs Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 15: Deploy The Asav Using Vmware

    Make sure to conform to the specifications below to ensure optimal performance. The ASAvASAv has the following requirements: • The host CPU must be a server class x86-based Intel or AMD CPU with virtualization extension. For example, ASAv performance test labs use as minimum the following: Cisco Unified Computing ™ ®...
  • Page 16 VMware for more information. 5. Enter the property values for , and UserPrivilege OvfDeployment ControllerType For example: - <Property ovf:qualifiers="ValueMap{"ovf", "ignore", "installer"}" ovf:type="string" ovf:key="OvfDeployment"> + <Property ovf:qualifiers="ValueMap{"ovf", "ignore", "installer"}" ovf:type="string" Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 17 In these cases, you can enable the ASAv5 to be deployed in a VM with 1.5 GB of memory. To change from 1GB to 1.5GB, power down your VM, modify the memory, and power the VM back on.
  • Page 18: Vmware Feature Support For The Asav

    Graphs > CPU pane to view the resource allocation and any resources that are over- or under-provisioned. Transparent Mode on UCS B Series Hardware Guidelines MAC flaps have been observed in some ASAv configurations running in transparent mode on Cisco UCS B Series hardware. When MAC addresses appear from different locations you will get dropped packets.
  • Page 19 Used for VM failures. Use ASAv failover for heartbeats ASAv machine failures. VMware vSphere Used to deploy VMs. Standalone Windows ¯ Client VMware vSphere Web Used to deploy VMs. ¯ Client Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 20: Prerequisites For The Asav And Vmware

    The day0.iso file (either your custom day0.iso or the default day0.iso) must be available during first boot. Before you begin We are using Linux in this example, but there are similar utilities for Windows. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 21 • To automatically license the ASAv during initial deployment, place the Smart Licensing Identity (ID) Token that you downloaded from the Cisco Smart Software Manager in a text file named ‘idtoken’ in the same directory as the Day 0 configuration file.
  • Page 22 2G Step 4 (Optional) Download the Smart License identity token file issued by the Cisco Smart Software Manager to your PC. Step 5 (Optional) Copy the ID token from the download file and put it in a text file named ‘idtoken’ that only contains the ID token.
  • Page 23: Deploy The Asav Using The Vmware Vsphere Web Client

    (OVF). You use the Deploy OVF Template wizard in the vSphere Web Client to deploy the Cisco package for the ASAv. The wizard parses the ASAv OVF file, creates the virtual machine on which you will run the ASAv, and installs the package.
  • Page 24 Deploy the ASAv Using VMware Deploy the ASAv Using the VMware vSphere Web Client Step 1 Download the ASAv ZIP file from Cisco.com, and save it to your PC: http://www.cisco.com/go/asa-software Note A Cisco.com login and Cisco service contract are required.
  • Page 25 After you complete the wizard, the vSphere Web Client processes the VM; you can see the “Initialize OVF deployment” status in the Global Information area Recent Tasks pane. When it is finished, you see the Deploy OVF Template completion status. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 26 Deploy the ASAv Using VMware Deploy the ASAv Using the VMware vSphere Web Client The ASAv machine instance then appears under the specified data center in the Inventory. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 27 • Enter the exact same IP address settings as for the primary unit. The bootstrap configurations on both units are identical except for the parameter identifying a unit as primary or secondary. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 28: Deploy The Asav Using The Vmware Vsphere Standalone Client And Day 0 Configuration

    (asav-vi.ovf for a vCenter deployment or asav-esxi.ovf for a non-vCenter deployment). You use the Deploy OVF Template wizard in the vSphere Client to deploy the Cisco package for the ASAv. The wizard parses the ASAv OVF file, creates the virtual machine on which you will run the ASAv, and installs the package.
  • Page 29: Access The Asav Console

    In some cases with ASDM, you may need to use the CLI for troubleshooting. By default, you can access the built-in VMware vSphere console. Alternatively, you can configure a network serial console, which has better capabilities, including copy and paste. • Use the VMware vSphere Console Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 30: Use The Vmware Vsphere Console

    All nonconfiguration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode. To exit privileged mode, enter the disable, exit, or quit command. Step 5 Access global configuration mode: ciscoasa# configure terminal Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 31: Configure A Network Serial Console Port

    If you want to increase (or decrease) the number of vCPUs for your ASAv, you can request a new license, apply the new license, and change the VM properties in VMware to match the new values. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 32 • ASDM: Choose Monitoring > Properties > Failover > Status, and click Make Standby. • CLI: failover active c. Repeat Steps 3 through 9 for the active unit. What to do next Licensing for the ASAv, on page 1 for more information. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 33: Performance Tuning For The Asav On Vmware

    The following figure shows a server with two CPU sockets with each CPU having 18 cores. The 8-core ASAv requires that each socket on the host CPU have a minimum of 8 cores. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 34: Multiple Rx Queues For Receive Side Scaling (Rss)

    You need ASAv Version 9.13(1) or greater to use multiple RX queues. For an 8-core VM with an inside/outside pair of interfaces, each interface will have 4 RX queues, as shown Figure 2: 8-Core ASAv RSS RX Queues, on page Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 35 SR-IOV ixgbe PCI Passthrough The ixgbe driver (in PCI Passthrough mode) has 6 RX queues. Performance is on par with i40evf (SR-IOV). vmxnet3 Para-virtualized 8 max Not recommended for ASAv100. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 36 –n <nic name> Note General network adapter information can also be viewed from the VMware vSphere Client. The adapter and driver are found under Physical Adapters within the Configure tab. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 37: Deploy The Asav Using Kvm

    Make sure to conform to the specifications below to ensure optimal performance. The ASAv has the following requirements: • The host CPU must be a server class x86-based Intel or AMD CPU with virtualization extension. For example, ASAv performance test labs use as minimum the following: Cisco Unified Computing ™ ®...
  • Page 38: About Asav Deployment Using Kvm

    A separate management network is also configured. Figure 3: Sample ASAv Deployment Using KVM Prerequisites for the ASAv and KVM • Download the ASAv qcow2 file from Cisco.com and put it on your Linux host: http://www.cisco.com/go/asa-software Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 39: Prepare The Day 0 Configuration File

    SSH server for public key authentication, but it can also contain a complete ASA configuration. The day0.iso file (either your custom day0.iso or the default day0.iso) must be available during first boot: Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 40 • To automatically license the ASAv during initial deployment, place the Smart Licensing Identity (ID) Token that you downloaded from the Cisco Smart Software Manager in a text file named ‘idtoken’ in the same directory as the Day 0 configuration file.
  • Page 41: Prepare The Virtual Bridge Xml Files

    Step 3 (Optional) Download the Smart License identity token file issued by the Cisco Smart Software Manager to your computer, copy the ID token from the download file, and put it a text file named ‘idtoken’ that only contains the ID token.
  • Page 42: Launch The Asav

    Use a virt-install based deployment script to launch the ASAv. Step 1 Create a virt-install script called “virt_install_asav.sh.” The name of the ASAv machine must be unique across all other VMs on this KVM host. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 43: Performance Tuning For The Asav On Kvm

    (CPU) or a range of CPUs, so that the process or thread will execute only on the designated CPU or CPUs rather than any CPU. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 44: Numa Guidelines

    I/O is referred to as a NUMA node. To efficiently read packets from memory, guest applications and associated peripherals (such as the NIC) should reside within the same node. For optimum ASAv performance: Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 45 <VM Number> 4. Align ASAv on the chosen node. The following examples assume 18-core nodes. Align onto Node 0: <vcpu placement='static' cpuset='0-17'>16</vcpu> <numatune> <memory mode='strict' nodeset='0'/> </numatune> Align onto Node 1: Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 46: Multiple Rx Queues For Receive Side Scaling (Rss)

    For an 8-core VM with an inside/outside pair of interfaces, each interface will have 4 RX queues, as shown Figure 5: 8-Core ASAv RSS RX Queues, on page Figure 5: 8-Core ASAv RSS RX Queues Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 47: Vpn Optimization

    These are some additional considerations for optimizing VPN performance with the ASAv. • IPSec has higher throughput than DTLS. • Cipher - GCM has about 2x the throughput of CBC. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 48: Cpu Usage And Reporting

    • Overhead: 45% The overhead is used to perform hypervisor functions and to move packets between NICs and vNICs using the vSwitch. KVM CPU Usage Reporting virsh cpu-stats domain --total start count Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 49: Asa Virtual And Kvm Graphs

    CPU usage is 100%, the virtual machine is using one physical CPU completely. The virtual CPU usage calculation is Usage in MHz / number of virtual CPUs x core frequency Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 50 Deploy the ASAv Using KVM ASA Virtual and KVM Graphs Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 51: Deploy The Asav On The Aws Cloud

    We do not recommend the • ASAv30 c4.large 3.75 ASAv30 on large instances m4.large due to resource underprovisioning. c3.xlarge ASAv30 Only the ASAv30 is c4.xlarge supported on xlarge instances. m4.xlarge Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 52: Prerequisites For The Asav And Aws

    • Deployment in the Virtual Private Cloud (VPC) • Enhanced networking (SR-IOV) where available • Deployment from Amazon Marketplace • Maximum of four vCPUs per instance • User deployment of L3 networks Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 53: Configuration Migration And Ssh Authentication

    (if you enabled ASDM access) to fix the configuration. The following is a sample original configuration for a username "admin": username admin nopassword privilege 15 username admin attributes ssh authentication publickey 55:06:47:eb:13:75:fc:5c:a8:c1:2c:bb: 07:80:3a:fc:d9:08:a9:1f:34:76:31:ed:ab:bd:3a:9e:03:14:1e:1b hashed Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 54: Sample Network Topology For Asav On Aws

    The following figure shows the recommended topology for the ASAv in Routed Firewall Mode with four subnets configured in AWS for the ASAv (management, inside, outside, and DMZ). Figure 6: Sample ASAv on AWS Deployment Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 55: Deploy The Asav On Aws

    Management0/0 interface will be up and gets the IP configured with DHCP address. See IP Addressing in your for information about Amazon EC2 and Amazon VPC IP addressing. • Sample Day 0 Configuration - ! ASA Version 9.x.1.200 Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 56 Click My Account > AWS Management Console > EC2 > Launch an Instance > My AMIs. Step 7 Make sure that the Source/Destination Check is disabled per interface for the ASAv. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 57 IP address (IPv4 ) . To enable the ASAv to act as a routed hop, you must disable the Source/Destination Check on each of the ASAv's traffic interfaces (inside, outside, and DMZ). Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 58 Deploy the ASAv On the AWS Cloud Deploy the ASAv on AWS Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 59: Deploy The Asav On The Microsoft Azure Cloud

    RA VPN Session Limit ASAv5 D3_v2 100 Mbps 4 core/14 GB ASAv10 D3_v2 1 Gbps 4 core/14 GB ASAv30 D3_v2 2 Gbps 4 core/14 GB ASAv50 D4_v2 5.5 Gbps 10,000 8 core/28 GB Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 60: Prerequisites And System Requirements For The Asav And Azure

    Note The ASAv defaults to the ASAv30 entitlement when deployed on Azure. The use of the ASAv5, ASAv10, ASAv30, ASAv50, and ASAv100 entitlement is allowed. However, the throughput level must be explicitly configured to use the ASAv5, ASAv10, ASAv30, ASAv50, and ASAv100 entitlement.
  • Page 61: Guidelines And Limitations

    30 seconds. But, the standby ASAv does not receive hello packets with the right timestamp because the clock is synchronized every ~2 minutes. This causes a failover from the primary ASAv to the standby ASAv. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 62: Resources Created During Deployment

    For more information about the Azure DDoS Protection feature, see Azure DDoS Protection Standard overview. Resources Created During Deployment When you deploy the ASAv in Azure the following resources are created: Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 63 • A Storage account (unless you chose an existing storage account) Note When you delete a VM, you must delete each of these resources individually, except for any resources you want to keep. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 64: Azure Routing

    The ASAv cannot use dynamic interior routing protocols like EIGRP and OSPF due to the nature of Azure cloud routing. The Effective Routing Table determines the next hop, regardless of whether a virtual client has any static/dynamic route configured. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 65: Ip Addresses

    IP addresses, and route tables. You can further manage these configurations after deployment. For example, you may want to change the Idle Timeout value from the default, which is a low timeout. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 66 The Azure portal shows virtual elements associated with the current account and subscription regardless of data center location. Step 2 Search Marketplace for Cisco ASAv, and then click on the ASAv you would like to deploy. Step 3 Configure the basic settings.
  • Page 67 Deploy the ASAv from Azure Resource Manager What to do next • Continue configuration using CLI commands available for input via SSH or use ASDM. See Start ASDM for instructions for accessing the ASDM. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 68 Deploy the ASAv On the Microsoft Azure Cloud Deploy the ASAv from Azure Resource Manager Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 69: Deploy The Asav Using Hyper-V

    SSH. The following figure shows the recommended topology for the ASAv in Routed Firewall Mode. There are three subnets set up in Hyper-V for the ASAv—management, inside, and outside. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 70: Guidelines And Limitations For Asav And Hyper-V

    The ASAv should run on most modern, 64-bit high-powered platforms used for virtualization today. • File format Supports the VHDX format for initial deployment of the ASAv on Hyper-V. • Day 0 configuration Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 71: Prerequisites For The Asav And Hyper-V

    • Download the ASAv VHDX file from Cisco.com. http://www.cisco.com/go/asa-software Note A Cisco.com login and Cisco service contract are required. • Hyper-V switch configured with at least three subnets/VLANs. • For Hyper-V system requirements, see Cisco ASA Compatibility. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 72: Prepare The Day 0 Configuration File

    • To automatically license the ASAv during initial deployment, place the Smart Licensing Identity (ID) Token that you downloaded from the Cisco Smart Software Manager in a text file named ‘idtoken’ in the same directory as the Day 0 configuration file.
  • Page 73: Deploy The Asav With The Day 0 Configuration File Using The Hyper-V Manager

    LOCAL Step 2 (Optional) Download the Smart License identity token file issued by the Cisco Smart Software Manager to your computer. Step 3 (Optional) Copy the ID token from the download file and put it a text file that only contains the ID token.
  • Page 74: Install The Asav On Hyper-V Using The Command Line

    Deploy the ASAv: Example: new-vm -name $fullVMName -MemoryStartupBytes $memorysize -Generation 1 -vhdpath C:\Users\jsmith.CISCO\ASAvHyperV\$ImageName.vhdx -Verbose Step 3 Depending on your ASAv model, change the CPU count from the default of 1. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 75: Install The Asav On Hyper-V Using The Hyper-V Manager

    Install the ASAv on Hyper-V Using the Hyper-V Manager You can use the Hyper-V Manager to install the ASAv on Hyper-V. Step 1 Go to Server Manager > Tools > Hyper-V Manager. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 76 The Hyper-V Manager appears. Figure 10: Hyper-V Manager Step 3 From the list of hypervisors on the right, right-click the desired Hypervisor in the list and choose New > Virtual Machine. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 77 Deploy the ASAv Using Hyper-V Install the ASAv on Hyper-V Using the Hyper-V Manager Figure 11: Launch New Virtual Machine Step 4 The New Virtual Machine Wizard appears. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 78 The only Generation supported for the ASAv is Generation 1. • Amount of memory for your ASAv (1024 MB for ASAv5, 2048 MB for ASAv 10, 8192 MB for ASAv30) • Network adapter (connect to the virtual switch you have already set up) •...
  • Page 79 Processor pane. Change the Number of virtual processors to 4. The ASAv5 and ASAv10 have one vCPU, and the ASAv 30 have four vCPUs. The default is 1. The 100Mbps and 1Gbps entitlements have one vCPU, and the 2Gbps entitlement has four vCPUs. The default is 1.
  • Page 80 In the Virtual Machines menu, connect to your ASAv by right-clicking on the name of the ASAv in the list and clicking Connect. The console opens with the stopped ASAv. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 81 Figure 15: Connect to the Virtual Machine Step 9 In the Virtual Machine Connection console window, click the turquoise Start button to start the ASAv. Figure 16: Start the Virtual Machine Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 82: Add A Network Adapter From The Hyper-V Manager

    Click Settings on the right side of the Hyper-V Manager. The Settings dialog box opens. Under the Hardware menu on the left, click Add Hardware, and then click Network Adapter. Note Do NOT use the Legacy Network Adapter. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 83 Figure 18: Add Network Adapter Step 2 After the network adapter has been added, you can modify the virtual switch and other features. You can also set the VLAN ID here if needed. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 84: Modify The Network Adapter Name

    You cannot modify the name using the Hyper-V Manager. You must modify it using the Windows Powershell commands. Step 1 Open a Windows Powershell. Step 2 Modify the network adapters as needed. Example: Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 85: Mac Address Spoofing

    You can use the the Windows Powershell command line to configure MAC spoofing on Hyper-V. Step 1 Open a Windows Powershell. Step 2 Configure MAC address spoofing. Example: Set-VMNetworkAdapter -VMName $vm_name\ -ComputerName $computer_name -MacAddressSpoofing On\ -VMNetworkAdapterName $network_adapter\r" Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 86: Configure Ssh

    • ASA Virtual idle time • %SYS overhead used for the ASA virtual machine CPU Usage Example The show cpu usage command can be used to display CPU utilization statistics. Example Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 87 The following is an example in which the reported vCPU usage is substantially different: • ASA Virtual reports: 40% • DP: 35% • External Processes: 5% • ASA (as ASA Virtual reports): 40% • ASA idle polling: 10% • Overhead: 45% Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 88 Deploy the ASAv Using Hyper-V CPU Usage Example Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 89: Configure The Asav

    To use Java Web Start: a) Click Run ASDM or Run Startup Wizard. b) Save the shortcut to your computer when prompted. You can optionally open it instead of saving it. Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...
  • Page 90: Perform Initial Configuration Using Asdm

    Start Java Web Start from the shortcut. d) Accept any certificates according to the dialog boxes that appear. The Cisco ASDM-IDM Launcher appears. e) Leave the username and password blank (for a new installation), and then click OK. If you enabled HTTPS authentication, enter your username and associated password.
  • Page 91: (Optional) Run Vpn Wizards

    • Site-to-Site VPN Wizard—Creates an IPsec site-to-site tunnel between the ASAv and another VPN-capable device. • AnyConnect VPN Wizard—Configures SSL VPN remote access for the Cisco AnyConnect VPN client. AnyConnect Client provides secure SSL connections to the ASA for remote users with full VPN tunneling to corporate resources.
  • Page 92 Configure the ASAv Advanced Configuration Cisco Adaptive Security Virtual Appliance (ASAv) Quick Start Guide, 9.7...

This manual is also suitable for:

Asav10Asav30

Table of Contents