Have you ever tried to run ASAv image on Amazon Web Services (AWS)? Yes, in Marketplace you will find supported image of this firewall (which is actually great thing because you can run it in BYOB model where you use unlicensed mode for testing the features. Same way as you can do on your ESXi.
Deployment is easy with the creator of EC2 instance, just few clicks and there it is. Except small problem – on latest release of 188.8.131.52 I was not able to connect to management interface via SSH. It should be possible by using key assigned to instance during creation but no matter what I’ve done it always asked for password.
There is small but nice workaround of this problem that also enables HTTPS access to ASAv. During the instance deployment we should put zero-day configuration that will be implemented on ASA. In documentation we even have proposal on such config which we further modify by adding HTTP/HTTPS access, additional user account, enable password and aaa local authentication.
The final zero-day configuration should look as below
<p>interface management0/0<br />
nameif management<br />
security-level 100<br />
ip address dhcp setroute<br />
no shut<br />
same-security-traffic permit inter-interface<br />
same-security-traffic permit intra-interface<br />
crypto key generate rsa modulus 2048<br />
http server enable<br />
http 0.0.0.0 0.0.0.0 management<br />
ssh 0 0 management<br />
ssh timeout 30<br />
username admin nopassword privilege 15<br />
username admin attributes<br />
username cisco password cisco privilege 15<br />
enable password cisco<br />
aaa authentication ssh console LOCAL<br />
aaa authentication http console LOCAL<br />
service-type admin </p>
This way we will be able to connect to ASAv instance via ssh/http using local accounts.