Showing posts with label Vmware. Show all posts
Showing posts with label Vmware. Show all posts

Wednesday, June 3, 2015

Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (2)

In my previous post "Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (1)", I tested the importing both OVA and VMDK file into Workstation and ESXi, but both ways failed. Those files are found and downloaded from Internet for only testing purpose. I believe those are good files and somebody has tested them. The only reason for my failure is because I am not using a right way to do it. In my old testing posts I have tested other versions such as 9.2.1, 8.42 and 8.02. All were successful loaded in either Vmware Workstation or ESXi.

Here are all related posts in this blog:

To find out the why this time failed I searched online again. My searching is based on error message I got from ESXi:
"The OVF package requires support for OVF PropertiesLine 264: Unsupported element 'Property'."

Monday, June 1, 2015

Install Vmware vCenter into ESXi 5.5 and Reset ESXi into Evaluation Mode

VMware vCenter Server provides centralized visibility, proactive management and extensibility for VMware vSphere from a single console.

The easiest way to deploy vCenter server is to use vCenter server appliance, which is a Linux-based virtual appliance used to manage vSphere. Following steps shows the procedures how this virtual appliacne deployed into ESXi environment.

1. Download Software

There are a couple of options you can download.
a. Download .iso file to install vCenter into windows / linux environment.
b. Download .ova virtual appliance to deploy it into virtual environment
c. Download ovf file, vmdk system disk and vmdk data disk to deploy template into virtual environment.

In my lab, I selected single 2g single ova file to download and deploy it into my ESXi 5.5 server.

Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (1)

Cisco released ASA Software Version 9.4(x) on March 2015. Thre are some new features from release note in the Cisco website. I am going to give it a try to add it into my testing environment using Vmware workstation or ESXi. Some old ASA versions have been tested in my previous posts:
Here are all related posts in this blog:

Download ASA v 9.4.1

Here are some download links we could find from Internet.
1. Cisco Software Download Site

2. from (Link has been removed)

Problems when importing into Vmware Workstation / ESXi

1. Using OVA file

But When tried to open in the workstation, there is error which says "Line 264: Unsupported element 'Property'."

Tried again in ESXi 5.5, File -> Deploy OVF Template ...
But it seems same error message when tried to open downloaded asav941.ova file.
The OVF package requires support for OVF Properties
Line 264: Unsupported element 'Property'.

2. Using vmdk File

I thought I may use vmdk's file to add them into workstation or ESXi. I did find a vmware package from with following files:

Unfortunately, it does not boot properly into configuration mode. Eventually it will dip into a reboot loop. Captured screenshots with my testing in Vmware workstation and ESXi show all steps below:

2.1. Opened in the Vmware Workstation

 2.2. Since my Vmware Workstation host does not support VT-x, it will not be able to power on.

2.3. Workstation Connect to ESXi

2.4. Upload workstation vm into ESXi. That was successful

2.5. ESXi vm's configuraiton

 2.6. It got into a rebooting loop.

Cause and Solutions:

Please check my next post - "Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (2)".

Wednesday, September 24, 2014

Workaround for Windows XP VMware vSphere Client Connecting to ESXi 5.5

Just found the vSphere client is no longer compatible with Windows XP because it uses increased cypher strengths not available in Windows XP when connecting to ESXi 5.5. Later versions of windows will work, and there is a hotfix available for Windows 2003 server machines that fall foul of this change.

1. Symptoms

2. Solutions

Refer to Vmware Support KB:vSphere Client and vSphere PowerCLI may fail to connect to vCenter Server 5.1 and 5.5 due to a Handshake failure (2049143)

On the ESXi 5.1 and 5.5 host, modify the rhttpproxy service to reduce the implied security by allowing the host to communicate using weak cipher suites:

 For ESXi 5.1 and 5.5

  • Connect to the host via SSH. For more information, see Using ESXi Shell in ESXi 5.0 and 5.1 (2004746). For my case, my SecureCRT has to use Keyboard Interactive mode to do authentication to get log into Vmware ESXi 5.5. 
  • Navigate to the directory:


  • Backup the config.xml file. Do not skip this step.
cp config.xml config.xml.bak

  • Open config.xml file using vi editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
  • Add the <cipherList>ALL</cipherList> parameter between the <ssl>...</ssl> section of the configuration file. Use the model below as an example: 

<doVersionCheck> false </doVersionCheck>

  • Save and close the config.xml file
  • Reset the rhttpproxy service for the change to take effect by running the command:

/etc/init.d/rhttpproxy restart

Sunday, August 24, 2014

Workaround for can not Edit Virtual Machine Settings in VMware vSphere ESXi 5.5

After upgraded ESXi to 5.5, some VMs got following screenshot error when tried to edit the configuration.

"You cannot use the vSphere Client to edit the settings of virtual machines of version 10 or higher.

Use the vSphere Web Client to edit the settings of this virtual machine


The solution is to use vSphere Web client. The workaround for me is in following two methos:

1. Change virtualHW.version to 9 or lower

  • In ESXi, Remote VM from Inventory
  • SSH into ESXi
  • cd /vmfs/volumes/datastore1/testvm
  • VI the VM's .VMX file
  • Find the line that says 'virtualHW.version'. Example : virtualHW.version = "10"
  • Change the value to 8. Example : virtualHW.version = "9"
  • Register this VM back into Inventory with command "vim-cmd solo/registervm /vmfs/volumes/datastore1/testvm/testvm.vmx"

2. Use VMware Workstation 

In Workstation, in there VM's manage menu, you can change VM's Hardware Compatbility to Workstation 9.0 or lower, then upload it to ESXi as shown in this post step 7.

OpenWRT in Vmware as a light weight router and virtual host

OpenWrt is a Linux distribution for embedded devices and provides a fully writable filesystem with package management.

Also for me, it is perfect for running OpenWRT as a small router or virtual host in my virtual rack. I was using BSD Router (BSDRP) for this purpose quite a while. Now it seems better one coming.

To make a mark on it, I list all steps regarding how to load it in the vmware workstation.

1. Download the package from
MD5Sums:  a258b7a5787f6bd8c8169391941813f4  

2. Create a vm with following configurations 

almost all are default settings except choosing Other Linux 2.6.x kernel as guest operating systemMemory = 32M
Hard Disk = 52M

Sunday, June 22, 2014

Cisco L2 L3 IOU Rack V5 (newer version from Cisco L2 L3 IOU Rack V3)

I was using Cisco L2 L3 IOU Rack V3 from flyxj for quite a while. Recently found Cisco L2 L3 IOU Rack V5. Not much difference except more devices in it for more complicated topology.

1. Vmware 10 workstation Configuration:

a. Create a custom linux vm with an existing virtual disk in your download file.
 b. Remove other unused hardware such as sounds, printer and usb. Add two more network cards.

2. After vm created, launch this vm. Here are some screenshots:

root /

/etc/issue and /etc/motd can be modified for the banner. 

Cisco L2/L3 I-O-U RackV5
Cisco L2/L3 I-O-U RackV5

3. Change eth0 IP address at /etc/network/interfaces

4. Change Login Banner at /etc/issue and /etc/motd

5. Change SSH Terminal to make it colorful

Wednesday, June 18, 2014

ASA 9.21 in Vmware Workstation 10

There is old post "ASA 8.02 in Vmware Workstation " in this blog posted on Dec 2011. Anothe post "How to Make your own ASA 8.42 in VMware".  Here are all related posts in this blog:

This time I got ASA 9.21 tested.

There are some ASA 9.21 vmware packages from Internet by google-ing:
Downloaded one and hooked it up in the Vmware. It uses 2G memory but little CPU power. Bridge to real network is working perfectly as well. CPU must be 64bit and supporting VT.

My host system info is showing at following screenshot for your information :
If CPU having problem to support VT-x, you may get a error message just like the one shows on my laptop.

Virtual Machine Settings:

Some booting screenshots:

1. ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 9.2(1)
Device Manager Version 7.2(1)

Compiled on Thu 24-Apr-14 12:14 PDT by builders
System image file is "boot:/asa921-smp-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 11 mins 56 secs

Hardware:   ASAv, 2048 MB RAM, CPU Pentium II 2992 MHz,
Internal ATA Compact Flash, 256MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB

 0: Ext: Management0/0       : address is 000c.292e.2a14, irq 10
 1: Ext: GigabitEthernet0/0  : address is 000c.292e.2a1e, irq 5
 2: Ext: GigabitEthernet0/1  : address is 000c.292e.2a28, irq 9
 3: Ext: GigabitEthernet0/2  : address is 000c.292e.2a32, irq 10

ASAv Platform License State: Unlicensed
*Install -588553824 vCPU ASAv platform license for full functionality.
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Virtual CPUs                      : 0              perpetual
Maximum Physical Interfaces       : 10             perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Enabled        perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASAv VPN Premium license.

Serial Number: 9AGRB5FHKDK
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000

Image type          : Release
Key version         : A

Configuration last modified by enable_15 at 04:28:04.639 UTC Thu Jun 19 2014

2. ciscoasa# sh run

: Saved
: Serial Number: 9AGRB5FHKDK
: Hardware:   ASAv, 2048 MB RAM, CPU Pentium II 2992 MHz
ASA Version 9.2(1)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
interface GigabitEthernet0/0
 nameif EXT
 security-level 0
 ip address
interface GigabitEthernet0/1
 no nameif
 no security-level
 no ip address
interface GigabitEthernet0/2
 no nameif
 no security-level
 no ip address
interface Management0/0
 no nameif
 no security-level
 no ip address
ftp mode passive
pager lines 23
logging buffered debugging
mtu EXT 1500
no failover  
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh EXT
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username test password P4ttSyrm33SV8TYp encrypted privilege 15
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 2
 profile CiscoTAC-1
  no active
  destination address http
  destination address email [email protected]
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly 27
  subscribe-to-alert-group configuration periodic monthly 27
  subscribe-to-alert-group telemetry periodic daily
: end

Verified bridging to host network works by ping from ASA  to host network:

3. License

With "cisco ASA keygen"'s help , you could get all license such as following screenshot shows:

Now you can have fun with ASA 9.21 in your own virtual rack.

Sunday, June 1, 2014

Use Serial Port in Virtual Machines Running on Vmware Workstation and ESXi

1. Using Serial Port in the VMs running at Vmware Workstation

Named Pipe TCP Proxy is the one I am using on my laptop to connect to Named pipe on my Vmware Workstation VMs.  The Configuration looks like following:
  • Virtual Machine's Settings
  •  Named Pipe TCP Proxy's Settings
  •  SecureCRT's Settings

2. Using Serial Port in the VMs running on ESXi

In ESXi, it is already built-in feature for Vms.
  •  ESXi VM's Settings - Near End is set to Com1 and Server mode, waiting windows serial client to connect to it
  •  Windows 7 VM's Settings - There are four serial port added , and Serial port 1 has been set to Com1 as a client.
  •  SecureCRT's Serial Connection setting

NetSec Youtube Videos