Showing posts with label Vmware. Show all posts
Showing posts with label Vmware. Show all posts

Wednesday, June 3, 2015

Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (2)

In my previous post "Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (1)", I tested the importing both OVA and VMDK file into Workstation and ESXi, but both ways failed. Those files are found and downloaded from Internet for only testing purpose. I believe those are good files and somebody has tested them. The only reason for my failure is because I am not using a right way to do it. In my old testing posts I have tested other versions such as 9.2.1, 8.42 and 8.02. All were successful loaded in either Vmware Workstation or ESXi.

Here are all related posts in this blog:

To find out the why this time failed I searched online again. My searching is based on error message I got from ESXi:
"The OVF package requires support for OVF PropertiesLine 264: Unsupported element 'Property'."

Monday, June 1, 2015

Install Vmware vCenter into ESXi 5.5 and Reset ESXi into Evaluation Mode

VMware vCenter Server provides centralized visibility, proactive management and extensibility for VMware vSphere from a single console.

The easiest way to deploy vCenter server is to use vCenter server appliance, which is a Linux-based virtual appliance used to manage vSphere. Following steps shows the procedures how this virtual appliacne deployed into ESXi environment.

1. Download Software

There are a couple of options you can download.
a. Download .iso file to install vCenter into windows / linux environment.
b. Download .ova virtual appliance to deploy it into virtual environment
c. Download ovf file, vmdk system disk and vmdk data disk to deploy template into virtual environment.

In my lab, I selected single 2g single ova file to download and deploy it into my ESXi 5.5 server.


Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (1)

Cisco released ASA Software Version 9.4(x) on March 2015. Thre are some new features from release note in the Cisco website. I am going to give it a try to add it into my testing environment using Vmware workstation or ESXi. Some old ASA versions have been tested in my previous posts:
Here are all related posts in this blog:


Download ASA v 9.4.1

Here are some download links we could find from Internet.
1. Cisco Software Download Site

2. from http://pan.baidu.com/s/1gdiZ7kJ (Link has been removed)


Problems when importing into Vmware Workstation / ESXi

1. Using OVA file

But When tried to open in the workstation, there is error which says "Line 264: Unsupported element 'Property'."

Tried again in ESXi 5.5, File -> Deploy OVF Template ...
But it seems same error message when tried to open downloaded asav941.ova file.
"
The OVF package requires support for OVF Properties
Line 264: Unsupported element 'Property'.
"


2. Using vmdk File

I thought I may use vmdk's file to add them into workstation or ESXi. I did find a vmware package from http://pan.baidu.com/s/1kT25ngz with following files:

Unfortunately, it does not boot properly into configuration mode. Eventually it will dip into a reboot loop. Captured screenshots with my testing in Vmware workstation and ESXi show all steps below:

2.1. Opened in the Vmware Workstation


 2.2. Since my Vmware Workstation host does not support VT-x, it will not be able to power on.

2.3. Workstation Connect to ESXi

2.4. Upload workstation vm into ESXi. That was successful




2.5. ESXi vm's configuraiton

 2.6. It got into a rebooting loop.





Cause and Solutions:

Please check my next post - "Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (2)".



Wednesday, September 24, 2014

Workaround for Windows XP VMware vSphere Client Connecting to ESXi 5.5


Just found the vSphere client is no longer compatible with Windows XP because it uses increased cypher strengths not available in Windows XP when connecting to ESXi 5.5. Later versions of windows will work, and there is a hotfix available for Windows 2003 server machines that fall foul of this change.

1. Symptoms








2. Solutions

Refer to Vmware Support KB:vSphere Client and vSphere PowerCLI may fail to connect to vCenter Server 5.1 and 5.5 due to a Handshake failure (2049143)

On the ESXi 5.1 and 5.5 host, modify the rhttpproxy service to reduce the implied security by allowing the host to communicate using weak cipher suites:

 For ESXi 5.1 and 5.5

  • Connect to the host via SSH. For more information, see Using ESXi Shell in ESXi 5.0 and 5.1 (2004746). For my case, my SecureCRT has to use Keyboard Interactive mode to do authentication to get log into Vmware ESXi 5.5. 
  • Navigate to the directory:


/etc/vmware/rhttpproxy/


  • Backup the config.xml file. Do not skip this step.
cp config.xml config.xml.bak

  • Open config.xml file using vi editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
  • Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file. Use the model below as an example: 


<config>
...
<vmacore>
...
<ssl>
<doVersionCheck> false </doVersionCheck>
<useCompression>true</useCompression>
<libraryPath>/lib/</libraryPath>
<handshakeTimeoutMs>120000</handshakeTimeoutMs>
<cipherList>ALL</cipherList>
</ssl>
...
</vmacore>
...
</config>


  • Save and close the config.xml file
  • Reset the rhttpproxy service for the change to take effect by running the command:


/etc/init.d/rhttpproxy restart

Sunday, August 24, 2014

Workaround for can not Edit Virtual Machine Settings in VMware vSphere ESXi 5.5

After upgraded ESXi to 5.5, some VMs got following screenshot error when tried to edit the configuration.

"You cannot use the vSphere Client to edit the settings of virtual machines of version 10 or higher.

Use the vSphere Web Client to edit the settings of this virtual machine
"

 


The solution is to use vSphere Web client. The workaround for me is in following two methos:

1. Change virtualHW.version to 9 or lower

  • In ESXi, Remote VM from Inventory
  • SSH into ESXi
  • cd /vmfs/volumes/datastore1/testvm
  • VI the VM's .VMX file
  • Find the line that says 'virtualHW.version'. Example : virtualHW.version = "10"
  • Change the value to 8. Example : virtualHW.version = "9"
  • Register this VM back into Inventory with command "vim-cmd solo/registervm /vmfs/volumes/datastore1/testvm/testvm.vmx"


2. Use VMware Workstation 

In Workstation, in there VM's manage menu, you can change VM's Hardware Compatbility to Workstation 9.0 or lower, then upload it to ESXi as shown in this post step 7.




OpenWRT in Vmware as a light weight router and virtual host

OpenWrt is a Linux distribution for embedded devices and provides a fully writable filesystem with package management.

Also for me, it is perfect for running OpenWRT as a small router or virtual host in my virtual rack. I was using BSD Router (BSDRP) for this purpose quite a while. Now it seems better one coming.

To make a mark on it, I list all steps regarding how to load it in the vmware workstation.

1. Download the package from

https://downloads.openwrt.org/backfire/10.03.1/x86_generic/openwrt-x86-generic-combined-ext2.vmdk
MD5Sums:  a258b7a5787f6bd8c8169391941813f4  

2. Create a vm with following configurations with almost all default settings except choosing Other Linux 2.6.x kernel guest operating system

Memory = 32M
Hard Disk = 52M


3. Most important part is to choose IDE as your hard disk type and using existing downloaded image. Else if the default SCSI type will make your vm stop at "Waiting for root device /dev/sda2..."


4. Booting Console Windows Outputs

Please be patient, while OpenWrt loads ...
- preinit -
Press the [f] key and hit [enter] to enter failsafe mode
- regular preinit -
- init -

Please press Enter to activate this console. natsemi dp8381x driver, version 2.1, Sept 11, 2006
  originally by Donald Becker <becker@scyld.com>
  2.4.x kernel port by Jeff Garzik, Tjeerd Mulder
PPP generic driver version 2.4.2
ip_tables: (C) 2000-2006 Netfilter Core Team
NET: Registered protocol family 24
nf_conntrack version 0.5.0 (449 buckets, 1796 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
8139too Fast Ethernet driver 0.9.28
e100: Intel(R) PRO/100 Network Driver, 3.5.24-k2-NAPI
e100: Copyright(c) 1999-2006 Intel Corporation
Intel(R) PRO/1000 Network Driver - version 7.3.21-k5-NAPI
Copyright (c) 1999-2006 Intel Corporation.
ne2k-pci.c:v1.03 9/22/2003 D. Becker/P. Gortmaker
pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de
pcnet32 0000:02:00.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18
pcnet32: PCnet/PCI II 79C970A at 0x2000, 00:0c:29:cb:1b:48 assigned IRQ 18.
eth0: registered as PCnet/PCI II 79C970A
pcnet32 0000:02:01.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
pcnet32: PCnet/PCI II 79C970A at 0x2080, 00:0c:29:cb:1b:52 assigned IRQ 19.
eth1: registered as PCnet/PCI II 79C970A
pcnet32: 2 cards_found.
eth0: link up
sis900.c: v1.08.10 Apr. 2 2006
device eth0 entered promiscuous mode
br-lan: port 1(eth0) entering forwarding state
via-rhine.c:v1.10-LK1.4.3 2007-03-06 Written by Donald Becker



BusyBox v1.15.3 (2011-11-24 18:38:13 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 Backfire (10.03.1, r29592) ------------------------
  * 1/3 shot Kahlua    In a shot glass, layer Kahlua
  * 1/3 shot Bailey's  on the bottom, then Bailey's,
  * 1/3 shot Vodka     then Vodka.
 ---------------------------------------------------
root@OpenWrt:/#


5. Basic Configuration with UCI Show command

root@OpenWrt:/# uci
Usage: uci [<options>] <command> [<arguments>]

Commands:
        batch
        export     [<config>]
        import     [<config>]
        changes    [<config>]
        commit     [<config>]
        add        <config> <section-type>
        add_list   <config>.<section>.<option>=<string>
        show       [<config>[.<section>[.<option>]]]
        get        <config>.<section>[.<option>]
        set        <config>.<section>[.<option>]=<value>
        delete     <config>[.<section[.<option>]]
        rename     <config>.<section>[.<option>]=<name>
        revert     <config>[.<section>[.<option>]]
        reorder    <config>.<section>=<position>

Options:
        -c <path>  set the search path for config files (default: /etc/config)
        -d <str>   set the delimiter for list values in uci show
        -f <file>  use <file> as input instead of stdin
        -L         do not load any plugins
        -m         when importing, merge data into an existing package
        -n         name unnamed sections on export (default)
        -N         don't name unnamed sections
        -p <path>  add a search path for config change files
        -P <path>  add a search path for config change files and use as default
        -q         quiet mode (don't print error messages)
        -s         force strict mode (stop on parser errors, default)
        -S         disable strict mode
        -X         do not use extended syntax on 'show'

root@OpenWrt:/# uci show
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded=1
dhcp.@dnsmasq[0].boguspriv=1
dhcp.@dnsmasq[0].filterwin2k=0
dhcp.@dnsmasq[0].localise_queries=1
dhcp.@dnsmasq[0].rebind_protection=1
dhcp.@dnsmasq[0].rebind_localhost=1
dhcp.@dnsmasq[0].local=/lan/
dhcp.@dnsmasq[0].domain=lan
dhcp.@dnsmasq[0].expandhosts=1
dhcp.@dnsmasq[0].nonegcache=0
dhcp.@dnsmasq[0].authoritative=1
dhcp.@dnsmasq[0].readethers=1
dhcp.@dnsmasq[0].leasefile=/tmp/dhcp.leases
dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto
dhcp.lan=dhcp
dhcp.lan.interface=lan
dhcp.lan.start=100
dhcp.lan.limit=150
dhcp.lan.leasetime=12h
dhcp.wan=dhcp
dhcp.wan.interface=wan
dhcp.wan.ignore=1
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth=on
dropbear.@dropbear[0].RootPasswordAuth=on
dropbear.@dropbear[0].Port=22
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=REJECT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].network=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=REJECT
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].network=wan
firewall.@zone[1].input=REJECT
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=REJECT
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src=lan
firewall.@forwarding[0].dest=wan
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-DHCP-Renew
firewall.@rule[0].src=wan
firewall.@rule[0].proto=udp
firewall.@rule[0].dest_port=68
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].family=ipv4
firewall.@rule[1]=rule
firewall.@rule[1].name=Allow-Ping
firewall.@rule[1].src=wan
firewall.@rule[1].proto=icmp
firewall.@rule[1].icmp_type=echo-request
firewall.@rule[1].family=ipv4
firewall.@rule[1].target=ACCEPT
firewall.@rule[2]=rule
firewall.@rule[2].name=Allow-DHCPv6
firewall.@rule[2].src=wan
firewall.@rule[2].proto=udp
firewall.@rule[2].src_ip=fe80::/10
firewall.@rule[2].src_port=547
firewall.@rule[2].dest_ip=fe80::/10
firewall.@rule[2].dest_port=546
firewall.@rule[2].family=ipv6
firewall.@rule[2].target=ACCEPT
firewall.@rule[3]=rule
firewall.@rule[3].name=Allow-ICMPv6-Input
firewall.@rule[3].src=wan
firewall.@rule[3].proto=icmp
firewall.@rule[3].icmp_type=echo-request destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation
firewall.@rule[3].limit=1000/sec
firewall.@rule[3].family=ipv6
firewall.@rule[3].target=ACCEPT
firewall.@rule[4]=rule
firewall.@rule[4].name=Allow-ICMPv6-Forward
firewall.@rule[4].src=wan
firewall.@rule[4].dest=*
firewall.@rule[4].proto=icmp
firewall.@rule[4].icmp_type=echo-request destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
firewall.@rule[4].limit=1000/sec
firewall.@rule[4].family=ipv6
firewall.@rule[4].target=ACCEPT
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
luci.main=core
luci.main.lang=auto
luci.main.mediaurlbase=/luci-static/openwrt.org
luci.main.resourcebase=/luci-static/resources
luci.flash_keep=extern
luci.flash_keep.uci=/etc/config/
luci.flash_keep.dropbear=/etc/dropbear/
luci.flash_keep.openvpn=/etc/openvpn/
luci.flash_keep.passwd=/etc/passwd
luci.flash_keep.opkg=/etc/opkg.conf
luci.flash_keep.firewall=/etc/firewall.user
luci.flash_keep.uploads=/lib/uci/upload/
luci.languages=internal
luci.languages.en=English
luci.sauth=internal
luci.sauth.sessionpath=/tmp/luci-sessions
luci.sauth.sessiontime=3600
luci.ccache=internal
luci.ccache.enable=1
luci.themes=internal
luci.themes.OpenWrt=/luci-static/openwrt.org
network.loopback=interface
network.loopback.ifname=lo
network.loopback.proto=static
network.loopback.ipaddr=127.0.0.1
network.loopback.netmask=255.0.0.0
network.lan=interface
network.lan.ifname=eth0
network.lan.type=bridge
network.lan.proto=static
network.lan.ipaddr=192.168.1.1
network.lan.netmask=255.255.255.0
system.@system[0]=system
system.@system[0].hostname=OpenWrt
system.@system[0].timezone=UTC
system.ntp=timeserver
system.ntp.server=0.openwrt.pool.ntp.org 1.openwrt.pool.ntp.org 2.openwrt.pool.ntp.org 3.openwrt.pool.ntp.org
ucitrack.@network[0]=network
ucitrack.@network[0].init=network
ucitrack.@network[0].affects=dhcp radvd
ucitrack.@wireless[0]=wireless
ucitrack.@wireless[0].affects=network
ucitrack.@firewall[0]=firewall
ucitrack.@firewall[0].init=firewall
ucitrack.@firewall[0].affects=luci-splash qos miniupnpd
ucitrack.@olsr[0]=olsr
ucitrack.@olsr[0].init=olsrd
ucitrack.@dhcp[0]=dhcp
ucitrack.@dhcp[0].init=dnsmasq
ucitrack.@dropbear[0]=dropbear
ucitrack.@dropbear[0].init=dropbear
ucitrack.@httpd[0]=httpd
ucitrack.@httpd[0].init=httpd
ucitrack.@fstab[0]=fstab
ucitrack.@fstab[0].init=fstab
ucitrack.@qos[0]=qos
ucitrack.@qos[0].init=qos
ucitrack.@system[0]=system
ucitrack.@system[0].init=led
ucitrack.@system[0].affects=luci_statistics
ucitrack.@luci_splash[0]=luci_splash
ucitrack.@luci_splash[0].init=luci_splash
ucitrack.@upnpd[0]=upnpd
ucitrack.@upnpd[0].init=miniupnpd
ucitrack.@ntpclient[0]=ntpclient
ucitrack.@ntpclient[0].init=ntpclient
ucitrack.@samba[0]=samba
ucitrack.@samba[0].init=samba
ucitrack.@tinyproxy[0]=tinyproxy
ucitrack.@tinyproxy[0].init=tinyproxy
uhttpd.main=uhttpd
uhttpd.main.listen_http=0.0.0.0:80
uhttpd.main.listen_https=0.0.0.0:443
uhttpd.main.home=/www
uhttpd.main.rfc1918_filter=1
uhttpd.main.cert=/etc/uhttpd.crt
uhttpd.main.key=/etc/uhttpd.key
uhttpd.main.cgi_prefix=/cgi-bin
uhttpd.main.script_timeout=60
uhttpd.main.network_timeout=30
uhttpd.main.tcp_keepalive=1
uhttpd.px5g=cert
uhttpd.px5g.days=730
uhttpd.px5g.bits=1024
uhttpd.px5g.country=DE
uhttpd.px5g.state=Berlin
uhttpd.px5g.location=Berlin
uhttpd.px5g.commonname=OpenWrt

6. Change Interface IP Address

  • VI /etc/config/network
  • or use UCI command
root@OpenWrt:/# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:0C:29:CB:1B:48 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:109 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:25588 (24.9 KiB)  TX bytes:812 (812.0 B)

eth0      Link encap:Ethernet  HWaddr 00:0C:29:CB:1B:48 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:109 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:27114 (26.4 KiB)  TX bytes:812 (812.0 B)
          Interrupt:18 Base address:0x2000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:864 errors:0 dropped:0 overruns:0 frame:0
          TX packets:864 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:60480 (59.0 KiB)  TX bytes:60480 (59.0 KiB)


root@OpenWrt:/# uci set network.lan.proto=static
root@OpenWrt:/# uci set network.lan.ipaddr=192.168.1.130
root@OpenWrt:/# uci set network.lan.netmask=255.255.255.0
root@OpenWrt:/# uci set network.lan.gateway=192.168.1.1
root@OpenWrt:/# uci set network.lan.dns=8.8.8.8

 
root@OpenWrt:/# /etc/init.d/network restart
br-lan: port 1(eth0) entering disabled state
device eth0 left promiscuous mode
br-lan: port 1(eth0) entering disabled state
eth0: link up
eth0: link up
device eth0 entered promiscuous mode
br-lan: port 1(eth0) entering forwarding state
root@OpenWrt:/# ifconfig
br-lan    Link encap:Ethernet  HWaddr 00:0C:29:CB:1B:48 
          inet addr:192.168.1.130  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 7. Upload it to ESXi




8. Second Interface

By default, only eth0 is activated as lan interface and assigned ip address 192.168.1.1. It is much easier to add another Interface into OpenWRT through Web UI as shown below screenshot.

References:

  • http://wenku.baidu.com/view/a8bbe60516fc700abb68fc8c.html

Sunday, June 22, 2014

Cisco L2 L3 IOU Rack V5 (newer version from Cisco L2 L3 IOU Rack V3)

I was using Cisco L2 L3 IOU Rack V3 from flyxj for quite a while. Recently found Cisco L2 L3 IOU Rack V5. Not much difference except more devices in it for more complicated topology.

1. Vmware 10 workstation Configuration:

a. Create a custom linux vm with an existing virtual disk in your download file.
 b. Remove other unused hardware such as sounds, printer and usb. Add two more network cards.


2. After vm created, launch this vm. Here are some screenshots:

root / rsj.net

/etc/issue and /etc/motd can be modified for the banner. 

Cisco L2/L3 I-O-U RackV5
Cisco L2/L3 I-O-U RackV5

3. Change eth0 IP address at /etc/network/interfaces

4. Change Login Banner at /etc/issue and /etc/motd

5. Change SSH Terminal to make it colorful



Wednesday, June 18, 2014

ASA 9.21 in Vmware Workstation 10

There is old post "ASA 8.02 in Vmware Workstation " in this blog posted on Dec 2011. Anothe post "How to Make your own ASA 8.42 in VMware".  Here are all related posts in this blog:


This time I got ASA 9.21 tested.

There are some ASA 9.21 vmware packages from Internet by google-ing:
Downloaded one and hooked it up in the Vmware. It uses 2G memory but little CPU power. Bridge to real network is working perfectly as well. CPU must be 64bit and supporting VT.

My host system info is showing at following screenshot for your information :
If CPU having problem to support VT-x, you may get a error message just like the one shows on my laptop.

Virtual Machine Settings:


Some booting screenshots:








1. ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 9.2(1)
Device Manager Version 7.2(1)

Compiled on Thu 24-Apr-14 12:14 PDT by builders
System image file is "boot:/asa921-smp-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 11 mins 56 secs

Hardware:   ASAv, 2048 MB RAM, CPU Pentium II 2992 MHz,
Internal ATA Compact Flash, 256MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB


 0: Ext: Management0/0       : address is 000c.292e.2a14, irq 10
 1: Ext: GigabitEthernet0/0  : address is 000c.292e.2a1e, irq 5
 2: Ext: GigabitEthernet0/1  : address is 000c.292e.2a28, irq 9
 3: Ext: GigabitEthernet0/2  : address is 000c.292e.2a32, irq 10

ASAv Platform License State: Unlicensed
*Install -588553824 vCPU ASAv platform license for full functionality.
The Running Activation Key is not valid, using default settings:
             
Licensed features for this platform:
Virtual CPUs                      : 0              perpetual
Maximum Physical Interfaces       : 10             perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Enabled        perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASAv VPN Premium license.

Serial Number: 9AGRB5FHKDK
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000

Image type          : Release
Key version         : A

Configuration last modified by enable_15 at 04:28:04.639 UTC Thu Jun 19 2014
ciscoasa#

2. ciscoasa# sh run

: Saved
:
: Serial Number: 9AGRB5FHKDK
: Hardware:   ASAv, 2048 MB RAM, CPU Pentium II 2992 MHz
:
ASA Version 9.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface GigabitEthernet0/0
 nameif EXT
 security-level 0
 ip address 10.94.200.33 255.255.255.128
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
pager lines 23
logging buffered debugging
mtu EXT 1500
no failover  
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 10.94.200.0 255.255.255.0 EXT
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username test password P4ttSyrm33SV8TYp encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 2
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly 27
  subscribe-to-alert-group configuration periodic monthly 27
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:903b71e022141e178ba0c0e00a9e3758
: end


Verified bridging to host network works by ping from ASA  to host network:

3. License

With "cisco ASA keygen"'s help , you could get all license such as following screenshot shows:



Now you can have fun with ASA 9.21 in your own virtual rack.

NetSec Youtube Videos