Cisco Asa Firewall Image For Vmware Workstation -

The Ultimate Guide to Running a Cisco ASA Firewall Image on VMware Workstation

Guide: Running Cisco ASA on VMware Workstation

4. Step-by-Step VM Creation in VMware Workstation Pro

Let’s assume you have an ASAv VMDK file.

  1. Create New Virtual Machine

    • Type: Custom (advanced)
    • Hardware compatibility: Workstation 15.x or later
    • Guest OS: LinuxOther Linux 3.x kernel 64-bit (for ASAv) or Other Linux 2.6.x kernel 32-bit for old ASA.

  2. Processor & Memory

    • Minimum: 1 vCPU, 1024 MB RAM (ASAv 9.12+ needs 2048 MB)
    • Recommended lab: 2 vCPUs, 2048 MB RAM

  3. Network Adapters

    • Add at least 3 network adapters (management + inside + outside)
    • Type: E1000 or E1000E (not VMXNET3 unless using very new ASAv 9.14+ with VMware tools)
    • Adapter 1: NAT (management)
    • Adapter 2: Custom → VMnet2 (Inside segment)
    • Adapter 3: Custom → VMnet3 (Outside segment)

  4. Disk

    • Use an existing virtual disk → select your converted .vmdk
    • Keep existing format

  5. Finish and then edit settings:

    • Remove unnecessary devices (floppy, COM, USB, CD/DVD)
    • Under Options → Advanced → Firmware type: BIOS (not UEFI for classic ASA; ASAv supports UEFI as well)

No connectivity between ASA and virtual clients

Cause: Windows firewall blocking VMware NAT/Host-Only traffic. Fix: Disable Windows Firewall temporarily or allow VMware network services. cisco asa firewall image for vmware workstation

Step 5: First Boot & Initial Configuration

  1. Power on the VM. A console window opens.
  2. The ASAv will boot from the VMDK. You will see the Linux kernel loading, then the ASA prompt.
  3. It will ask because of a missing startup config. Type cisco as password? Actually, default ASAv has no password initially, but you must configure via console.
  4. You will be dropped into firewall> (unprivileged mode).

Initial setup commands:

enable
configure terminal
interface gigabitethernet 0/0
 nameif outside
 security-level 0
 ip address dhcp   (or 192.168.1.1/24 if using NAT)
 no shutdown
interface gigabitethernet 0/1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0
 no shutdown
interface gigabitethernet 0/2
 nameif dmz
 security-level 50
 ip address 192.168.50.1 255.255.255.0
 no shutdown
ssh 10.0.0.0 255.255.255.0 inside
username admin password MySecurePass123
aaa authentication ssh console LOCAL
write memory

Congratulations — your virtual ASA is alive!

Configure DMZ interface

interface gigabitethernet0/2 nameif dmz security-level 50 ip address 10.10.10.1 255.255.255.0 no shutdown The Ultimate Guide to Running a Cisco ASA

Part 4: Step-by-Step Deployment on VMware Workstation

We will use the OVF/OVA method – the easiest approach.

Step 1: Obtain the ASA Image

Two common formats:

  1. .iso – Installer for physical ASA hardware (harder to adapt)
  2. .qcow2 – Pre-installed disk image for KVM/QEMU (easier to convert for VMware)

If you have a .qcow2 file (from Cisco CML or VIRL), you’ll convert it to .vmdk. Create New Virtual Machine

Step 2: Import the OVA File

  1. In VMware Workstation, go to File > Open.
  2. Browse to your downloaded asav9-16-4.ova.
  3. Give the VM a name: Cisco-ASAv-Lab.
  4. Select the storage path (e.g., C:\VM\ASAv_9_16).
  5. Click Import.
Select currency
INR Indian rupee
USD United States (US) dollar