Deploy ASAv using Ovftool

If you ever get stuck with the “A required disk image was missing” error when deploying an OVA directly on an ESXi host, you might want to check this out – ASAv specific, but should work for other OVAs like I wrote about regarding Deploy ISE PoV 2.3 OVA using ovftool

First of all you download the ASAv from CCO and unzip it. Second you create a text file with the command to deploy the OVA on the ESXi host. My file looks like this:

ovftool \
--name="ASAv_FW" \
--deploymentOption=ASAv5 \
--diskMode=thin \
--datastore=DS-Data-LUN \
--acceptAllEulas \
--noSSLVerify \
--allowExtraConfig \
--net:Management0-0="mgmt-net" \
--net:GigabitEthernet0-0="lab-net" \
--net:GigabitEthernet0-1="lab-net" \
--net:GigabitEthernet0-2="lab-net" \
--net:GigabitEthernet0-3="lab-net" \
--net:GigabitEthernet0-4="lab-net" \
--net:GigabitEthernet0-5="lab-net" \
--net:GigabitEthernet0-6="lab-net" \
--net:GigabitEthernet0-7="lab-net" \
--net:GigabitEthernet0-8="lab-net" \
asav-esxi.ovf \

I placed it in the unzipped directory of ASAv to avoid struggling with full paths.

I’m a mac user, so I’ll need to first edit the PATH variable to include the path to the ovftool executable. Again to avoid using a full path to the file. To do this edit the file ~/.bash_profile to look something like this:

# Add path to VMware Ovftool
PATH="/Applications/VMware OVF Tool:${PATH}"
export PATH

Close the Terminal and reopen it.

Now the text file above needs to be executable:

# chmod 744 deploy_asav.cmd

Now all you need to do is run the file:

# ./deploy_asav.cmd

You’ll get prompted for the root password of the ESXi host and deployment will begin. It looks like this:After deployment you’ll need to change the Memory of the ASAv to 2GB or you’ll receive an error about starting webvpn when configuring ASDM (http ip mask interface).

Also you might want to configure serial access to the VM. This is done like this:

ciscoasa# cd coredumpinfo
ciscoasa# copy coredump.cfg disk0:/use_ttyS0

Shutdown the ASA and add a serial port to the VM for network, server with telnet://ip-of-esxi-host:port

You must enable the firewall rule on the ESXi host:

That’s it! Enjoy!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.