In my previous post “Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (1)“, I tested the importing both OVA and VMDK file into Workstation and ESXi, but both ways failed. Those files are found and downloaded from Internet for only testing purpose. I believe those are good files and somebody has tested them. The only reason for my failure is because I am not using a right way to do it. In my old testing posts I have tested other versions such as 9.2.1, 8.42 and 8.02. All were successful loaded in either Vmware Workstation or ESXi.

Here are all related posts in this blog:

To find out the why this time failed I searched online again. My searching is based on error message I got from ESXi:

The OVF package requires support for OVF PropertiesLine 264: Unsupported element ‘Property’.

Following two links explains why , also both gives a solution , which is Vmware vCenter will be able to help load ASAv 9.4.1 into ESXi or ESX. Actually Vmeare vSphere Client has to connect to vCenter first then deploy this asav941.ova into ESX/ESXi host.

Here are the procedures when I were using vCenter to help load ASAv 9.4.1 into ESXi. (I will have another post to present how to install vCenter into ESXi. I did meet lots of challenges and I spent almost whole day to figure them out. Some are quite tricky.)

1. ESXi vSphere Client connecting to vCenter5.5. 

I am assuming you have installed vCenter as I did. If not, you can wait my next post to show you how to do it. I managed to install vCenter Appliance into my ESXi server.
0.png?resize=320%2C2740.png?resize=320%2C274

2. File -> Delply OVF Template…

Acutally if you have vCenter in your environment, all procedures are same as deploying other virtual machines. 
0.1.png?resize=320%2C2400.1.png?resize=320%2C240

3. Choose downloaded asav941.ova file as the template.

0-2.png?resize=320%2C2850-2.png?resize=320%2C285
1.png?resize=320%2C3021.png?resize=320%2C302

When license agreement window popped up, accept it then next.

4. Choose vm’s name

2.png?resize=320%2C3012.png?resize=320%2C301

5. NICs configuration. 

By default, there are 10 NICs and all of them are in same virtual network. In my case, it automatically set to connect to VM DMZ network.

3.png?resize=320%2C3023.png?resize=320%2C302

6. Some other parameters.

You can customize some or leave them as default. I did not tell too much difference for those settings.
4.png?resize=320%2C3024.png?resize=320%2C302

7. Review all configuration

5.png?resize=320%2C3025.png?resize=320%2C302

8. After 3-5 minutes importing process deponding on your connection speed, you should get a new VM in your ESXi. 

And you can power VM on and get booting window from console.

6-1.png?resize=320%2C2206-1.png?resize=320%2C220

9. VM will reboot itself once then you will get this lovely ciscoasa prompt

During my full rebooting process, it will reboot itself once because some information is not consistent. I will try to record it next time.
6-2.png?resize=320%2C2196-2.png?resize=320%2C219

10. Basic configuration for SSH

Interface management 0/0 is Network adapter 1. I changed it to VM Internet network to make management interface connect to my client pc network.

7.1.png?resize=320%2C2847.1.png?resize=320%2C284

There are some basic configuration to get you SSH session enabled on your ASAv.

interface Management0/0
 ip address 192.168.2.12 255.255.255.0
 nameif management
!
ssh 192.168.2.0 255.255.255.0 management
ssh version 2

username admin password cisco
aaa authentication ssh console LOCAL
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 9.4(1)
Device Manager Version 7.4(1)

Compiled on Sat 21-Mar-15 11:43 PDT by builders
System image file is “boot:/asa941-smp-k8.bin”
Config file at boot was “startup-config”

ciscoasa up 7 hours 11 mins

Hardware:   ASAv, 2048 MB RAM, CPU Xeon 5500 series 2294 MHz,
Internal ATA Compact Flash, 256MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB


 0: Ext: Management0/0       : address is 0050.5682.88e4, irq 10
 1: Ext: GigabitEthernet0/0  : address is 0050.5682.6bf2, irq 5
 2: Ext: GigabitEthernet0/1  : address is 0050.5682.7af1, irq 9
 3: Ext: GigabitEthernet0/2  : address is 0050.5682.6bce, irq 11
 4: Ext: GigabitEthernet0/3  : address is 0050.5682.55a3, irq 10
 5: Ext: GigabitEthernet0/4  : address is 0050.5682.837f, irq 5
 6: Ext: GigabitEthernet0/5  : address is 0050.5682.969e, irq 9
 7: Ext: GigabitEthernet0/6  : address is 0050.5682.d2a0, irq 11
 8: Ext: GigabitEthernet0/7  : address is 0050.5682.435c, irq 10
 9: Ext: GigabitEthernet0/8  : address is 0050.5682.3b99, irq 5

License mode: Smart Licensing
ASAv Platform License State: Unlicensed
Active entitlement: ASAv-STD-100M, enforce mode: Eval period

Licensed features for this platform:
Maximum Physical Interfaces       : 10             perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Enabled        perpetual
Cluster                           : Disabled       perpetual

Licensing mode is Smart Licensing

Serial Number: 9ACPEXD4VEW

Image type          : Release
Key version         : A

Configuration last modified by enable_15 at 02:21:28.579 UTC Mon Jun 1 2015

11. Guidelines for the ASAv

Context Mode Guidelines
Supported in single context mode only. Does not support multiple context mode.
Failover Guidelines
For failover deployments, make sure that the standby unit has the same model license; for example, both units should be ASAv30s.
Unsupported ASA Features
The ASAv does not support the following ASA features:
  • Clustering
  • Multiple context mode
  • Active/Active failover
  • EtherChannels
  • Shared AnyConnect Premium Licenses

12. Defaults for Smart Software Licensing

Since ASAv only support Smart Software Licensing, the old way in previous post to use Cisco ASA 5540 v8.2(1) Keymaker v1.0 to generate license activation-key is not working any more. There is no activation-key command. By default, the ID certificate is automatically renewed every 6 months, and the license entitlement is renewed every 30 days. Command “ license smart register idtoken” will be the new command for register your ASAv.
  • The ASAv default configuration includes a Smart Call Home profile called “License” that specifies the URL for the Licensing Authority.
call-home
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  • When you deploy the ASAv, you set the feature tier and throughput level. Only the standard level is available at this time.
license smart
feature tier standard
throughput level {100M | 1G | 2G}
  • Also during deployment, you can optionally configure an HTTP proxy.
call-home
http-proxy  ip_address port  port

13. ASDM 7.4(1)

Enter following two commands to enable ASDM http access:
http server enable
http 192.168.2.0 255.255.255.0 management
Open your browser and type url https://192.168.2.12/admin
1.png?resize=320%2C2441.png?resize=320%2C244
Click the button Install ASDM Launcher, type username admin and password cisco to download ASDM software on your local machine. You may be asked to install Java.
2.png?resize=320%2C2112.png?resize=320%2C211
3.png?resize=320%2C2393.png?resize=320%2C239

Reference: