Problem | ||
I have plenty of real ASA firewalls to play with, but it's getting round to re-certification time, so for ease I thought I'd run up a Virtual ASA on my vSphere 5 box just for testing and breaking.
However no matter what type of Virtual Network adaptor I used (vmxnet3, e1000, etc) I could not connect to the virtual firewall.
| ||
Solution | ||
1. Firstly make sure you actually have an IP address in the correct range set on the ASA, and the interface is up.
Note: To connect a virtual ASA to the outside world you need to have a 'Cloud', then assign your machines NIC to the cloud. Finally you join the cloud to the ASA with a switch.
2. From my laptop (out on the network), I could not connect to, or ping the ASA :(
3. However if you log into your ESX/vCenter Server and change the settings on the virtual switch that the parent VM is attached to. Configuration > Networking > Switch > Properties > vSwitch > Edit > Security Tab > Change Promiscuous Mode to Accept > OK.
4. Now it works!
 | ||
