Learning how to configure ASAv in eve-ng can help grow not only your networking skills but IT career. One of the biggest in demand fields is security. With companies becoming more vulnerable to attacks and the growing need to move to the cloud and work in remote workforce, Firewalls will always be important.
Working with firewalls in a production environment does not have to be stressful with proper training. That is why I will show you in a couple easy steps on how you can set up a test network in your home. Follow this lab to easily learn how to configure ASAv in eve-ng. You can also watch the video to view the step by step directions as well.
What is Cisco ASAv?
If your been around networking for a while you probably are familiar with Cisco ASA firewalls. You may be wondering what is the difference between Cisco ASA and Cisco ASAv. There is limited functional difference such as it being a virtual appliance that can be utilized in the cloud or a virtual environment such as a firewall that sits on your VMware environment.
For the purpose of a home lab and needing to learn, you may not notice any of the difference you may run into. To read more on the ASAv version read this article from cisco.
How to install Cisco ASAv on EVE-ng
In order to utilize the Cisco ASAv in eve-ng you will need to obtain the correct image from cisco here. Then ssh into your instance using filezilla and drop the image into the root folder. You then want to ssh into your eve-ng instance and follow the below directions step by step. If you dont have eve-ng installed visit their site for directions to install.
- First run the following command “mkdir /opt/unetlab/addons/qemu/asav-984-10“
- Then “mv asav984-10.qcow2 /opt/unetlab/addons/qemu/asav-984-10/virtioa.qcow2” This will move the file you downloaded into the new folder and rename the download as well
- After that we need to clean up some permissions for the ASAv to run properly “/opt/unetlab/wrappers/unl_wrapper -a fixpermissions“
How to configure ASAv in EVE-ng
Once you get all of the above configured log into your eve-ng gui and click on the add new lab button or click on a lab your already have setup.
Then click on the + sign on the left and click Add Network.
once the network is added, Click the + sign again and select Add node and choose Cisco ASAv, connect both the network and asa together on the management port. Right click the ASAv instance and click Start node.
Connecting Cisco ASAv to network
Once all of the connections are made you will then needs to do some final initial configuration on the ASAv. DHCP will need to be configured on your home network for these steps to work. After the node is completely started, double click the node to open in a new tab. You will want to then run this initial configure on the Management Interface and enable the https server.
aurora# conf t
aurora(config)# interface management 0/0
aurora(config-if)# ip address dhcp
aurora(config-if)# security-level 100
aurora(config-if)# no shutdown
aurora(config-if)# nameif Mgt
aurora(config-if)# management-only
aurora(config-if)# exit
aurora(config)# http server en
aurora(config)# http server enable
aurora(config)# http 0.0.0.0 0.0.0.0 mgt To sum up the commands above, we configured the management interface to grab an IP address using DHCP, set the security level to 100 and brought the interface up with the no shutdown command and enabled the http server for access on the mgt interface.
If you run the command show ip address you should see the ip address assigned by your dhcp server.
How to access the Cisco ASAv ASDM
Now that you have the virtual appliance connected to your network, you can access the ASDM using your local browser on any machine on the network. When you go to the ip address you should see this screen. Select Install ASDM Launcher and install the program on your computer.
Once installed you may run into an error that the program cannot run on your computer. Right click the asdm launcher program and go to properties, and in the target field paste in this command over top of the existing one C:\Windows\System32\wscript.exe invisible.vbs run.bat
You will then want to login to the asdm with the initial username and password configured for the asdm which may be no username and password cisco for the default. and once logged in you should be all ready to go
Conclusion
So you just learned how to asav in eve-ng in just a couple simple steps. This configuration can work for other vendor platforms as well. Using this lab will allow you to gain lot of knowledge being able to test out new configurations for a home or production network. Learning about cisco firewalls can help with success in your career and hope that you were able to follow through the steps promptly. Check out our other labs on other different networking topics.
