Cisco Secure Firewall ASA Virtual - PAYG with 30-Day Free Trial
Cisco Systems, Inc. | 9.22.1.1Linux/Unix, Other 9.22.1.1 - 64-bit Amazon Machine Image (AMI)
Been using it as a AnyConnect VPN solution for over a year now
We setup an EC2 instance to act as an AnyConnect VPN gateway, to be able to access our various IP addresses in AWS and even resources in our office because the office has an ipsec link to AWS. And yeah, it's been working great/solid for a little over a year now. We have about 15 remote employees who anyconnect vpn into it regularly. We don't set the default route to go out through the vpn though, because AWS charges for network traffic, but we route all our private IP's and a small handful of public IP addresses through the vpn tunnel and it's been stable.
- Leave a Comment |
- Mark review as helpful
We need help to upgrade to the version of the ASA OS that currently is on version 7.16 and an upgrade to version 9.14(2)8 is required
We request your important support to review the causistry of updating the VPN services found in AWS, we have 6 C5xlarge with images of Cisco Secure Firewall ASA Virtual - PAYG which we require to upgrade to the version of the ASA OS that currently is on version 7.16 and an upgrade to version 9.14(2)8 is required
i-0521966302cb81d67
i-06f377eef48968e71
i-0e2a22338ca7e533a
i-0141f49bb48f8c3b5
i-010e4caa4fe7a687b
i-0c5cd8239b2233718
i-082c7850b684ac26c
default password - read the directions
Folks the inquiries about the default password... Sigh- read the directions. https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/asav/quick-start/asav-quick/asav-aws.html
Here is how to make it work... BEFORE you launch the AMI you must click advanced details and ADD a zero day configuration via text entry. Once you do connect via SSH and the username is admin. That said I was a victim too on the first try.
Really close to the physical rackmount version
Using these for work for most of the year now with a site-to-site tunnel from an asa-v in us-east-1 to an asa-v in us-west-2 as well as several incoming site-to-site tunnels and remote access VPN on both 9.5.2.204 and 9.5.2.207. Make sure you know what you're doing...you're comfortable with Cisco config via user data (and later ASDM if needed), you have compared what ASA-v doesn't provide, etc. otherwise you'll give undeserved 1-star reviews like those before. Only issue seen so far is Syslog can die with lots of traffic around a month in (204) or several months in (207) which requires a restart of the appliance. I'm hoping 9.6.2.1 fixes that. Other than that a ChangeLog for each AMI version would be nice to see.
Nice to have
It's easy to manage because ASA OS is same as appliances.
I think ASAv is supported via a Smart License model.