ASAv on Amazon Web Services – login issues
Have you ever tried to run ASAv image on Amazon Web Services (AWS)? Yes, in Marketplace you will find supported image of this firewall (which is actually great thing because you can run it in BYOB model where you use unlicensed mode for testing the features. Same way as you can do on your ESXi.
Deployment is easy with the creator of EC2 instance, just few clicks and there it is. Except small problem – on latest release of 9.6.2.1 I was not able to connect to management interface via SSH. It should be possible by using key assigned to instance during creation but no matter what I’ve done it always asked for password.
There is small but nice workaround of this problem that also enables HTTPS access to ASAv. During the instance deployment we should put zero-day configuration that will be implemented on ASA. In documentation we even have proposal on such config which we further modify by adding HTTP/HTTPS access, additional user account, enable password and aaa local authentication.
The final zero-day configuration should look as below
interface management0/0 management-only nameif management security-level 100 ip address dhcp setroute no shut ! same-security-traffic permit inter-interface same-security-traffic permit intra-interface ! crypto key generate rsa modulus 2048 http server enable http 0.0.0.0 0.0.0.0 management ssh 0 0 management ssh timeout 30 username admin nopassword privilege 15 username admin attributes username cisco password cisco privilege 15 enable password cisco aaa authentication ssh console LOCAL aaa authentication http console LOCAL service-type admin
This way we will be able to connect to ASAv instance via ssh/http using local accounts.
2 thoughts on “ASAv on Amazon Web Services – login issues”