My home router died the other night and I had to scramble to get something in place. Instead of dragging down to Best Buy and getting a crappy d-link or netgear I thought I would virtualize it on my ESX server.
So my first go was with the Cisco ASAv and everything went good except I can not communicate with the internet from anything but the firewall. All my devices pull IP addresses and the ASA receives a public IP address. The firewall can ping anywhere fine.
There is nothing special on this firewall just a basic NAT and inside outside interfaces.
I ran a packet tracer to troubleshoot and everything is allowed except the last line is: "DROP reason security-profile-not-used"
Im not sure what is going on here. Any help or insight would be greatly appreciated.
What happens when you change that last line to ALLOW?
Someone here had the exact same issue: https://supportforums.cisco.com/discussion/11612151/ask-expert-cisco-asa-1000v-cloud-firewall
By the way - been thinking of doing this myself with the vSRX. Plug modem into separate VLAN, get public IP on virtual appliance and done.
I do remember running into that one the other night. So it pretty much looks like you cant run the ASAv standalone and must have VNMC or Prime whatever they call it now.
But then how are all these people getting ASAv up and running in workstation and such? I have to be missing something.
WTF!! Good to know. But Looks like the minimum requirement is vcenter?
Here's a workaround but requires a license
https://damn.technology/cisco-asav-esxi-standalone
If still struggling can I suggest try a vSRX? THey work perfectly and no licensing is involved.
Or failing that just run up a Vyatta.
Quote from: wintermute000 on July 16, 2015, 08:19:24 PM
WTF!! Good to know. But Looks like the minimum requirement is vcenter?
Here's a workaround but requires a license
https://damn.technology/cisco-asav-esxi-standalone
If still struggling can I suggest try a vSRX? THey work perfectly and no licensing is involved.
Or failing that just run up a Vyatta.
Yeah Im running vSphere...
Ill try hitting up my SE for a license. Ill try re-installing as well.
Ill report back.
Thanks guys.
I wouldn't bother with ASAv, there's an OVA knocking about on the interwebs which is basically ASA 9.2 code that's been ported to run on ESXi. I lab with it all the time, works a treat!
Quote from: DanC on July 17, 2015, 08:54:48 AM
I wouldn't bother with ASAv, there's an OVA knocking about on the interwebs which is basically ASA 9.2 code that's been ported to run on ESXi. I lab with it all the time, works a treat!
Excellent! I'll have to look for this. I listed up all my hardware on Craig's List to go full virtual minus a switch or two for QoS stuff.
Dan can you link it?
Sent from my SM-G920I using Tapatalk
I want to see the document dan. :) :thankyou:
Sorry guys, forgot all about this... It's version 9.1(5) - PM me if you want me to link you :)