01 Jun

How to manage simulation in VIRL from local network

Cisco and VIRL logos

I’ve been using Cisco VIRL for over two years for both learning technologies and testing new solutions as PoC. Accessing devices in simulation via embedded console link is easy but not efficient. I always wanted to manage simulation in VIRL from my laptop not desktop PC. Also in many scenarios you  may want to connect external servers like netflow collector or IPAM software you wanna test. Also it’s quite handy to have access to running simulation form Internet, isn’t it?

Let me show you how I connect Cisco VIRL running simulation to other devices in my network and to Internet. In this tutorial I assume that you didn’t change default VIRL networking configuration.

Read More

12 May

Interfaces are important in ASAv failover on VIRL

Failover link on ASAv must be created using interface GigabitEthernet0/8

One reader asked me few days ago following question when he had problem establishing the failover in his lab: “I’ve tried to create ASA failover pair on VIRL and it was not working. I’ve looked through manual and VIRL forum for the solution. I believe that failover is supported configuration on VIRL. I think my configuration is correct, nodes can ping each other but I still cannot establish failover relationship”. Configuration he made was correct except he forgot about one thing – interfaces numbers are important when you setup failover using ASAv.

Cisco VIRL uses ASAv image for virtual firewalls. This is same image that you use in production on ESXi. That means all restrictions applies also to virtual firewall if you run it on VIRL. In this image we must configure failover link using interfaces GigabitEthernet0/8. It’s clearly stated in documentation. If we use any other interface the configuration will be accepted but failover never established.


failover lan unit primary
failover lan interface Fail-link GigabitEthernet0/8
failover replication http
failover link State-link GigabitEthernet0/7
failover interface ip Fail-link 192.168.255.253 255.255.255.252 standby 192.168.255.254
failover interface ip State-link 192.168.254.253 255.255.255.252 standby 192.168.254.254
failover ipsec pre-shared-key 0 FailoverKey
failover

We also need to remember we can’t configure Active-Active failover. This mode is not supported so we have to stick to Active-Standby model. It’s direct result of lack of support for virtual contexts so remember about it as well.

14 Nov

Cisco ASA REST API – Lab topology and programming language

First published: 31/Oct/2016
Last update: 31/Oct/2016
ASA REST API version: 1.2.2

Before we start using Cisco ASA REST API let’s get familiar with network topology that will be used in chapters.

screen-shot-2016-11-01-at-22-24-21

Whole simulation is run on Cisco VIRL installed as VMWare VM and is using included ASAv and lxc-sshd images. VIRL is cheap and provide us wide range of virtual devices we can choose from for our simulation. ASAv is running image 9.5(2)204 which has preinstalled ASDM 7.5(2) and REST API version  1.2.2.200.

For your convenience the topology and all scripts will be available on GitHub Repository

Read More

24 Oct

Cisco ASA REST API – Part I: Getting started

First published: 24/Oct/2016
Last update: 31/Oct/2016
ASA REST API version: 1.3.2

REST is an acronym of Representational State Transfer (REST) API. This API provide administrators an option to perform CRUD operations which is Create, Read, Update, Delete. It fully rely on HTTPS as transport protocol and requires programming skills from administrators. But if you gain some experience its a good way of learning and getting familiar with whole new world when you more program devices than configure it.

Read More