I work with NATs and ACLs on Cisco ASA (Adaptive Security Appliance) in the terminal. I want a sandbox environment for me to go bonkers. I couldn't find an image from Cisco to download and install so I chose to go shopping on the AWS Marketplace.
I found Cisco Adaptive Security Virtual Appliance (ASAv) - Standard Package. They say it brings full firewall functionality to virtualized environments to secure data center traffic and multi-tenant environments. I think that's pretty much what I need.
Cisco does party hard. They charge you and it can get quite pricey. They predefine the instances you can select which does not fall under the AWS free usage tier. As I write this, there is a 5-day trial and thereafter a charge of $0.69 per hour.
I need you to brace yourself for this shopping experience. It's not very user friendly and it becomes repetitive.
WARNING! You will get an error after you have created your instance if your account has not been verified. There is an option to replay the order for your instance so your time would not have been for nothing.
Proceed to the first level of checkout. There will be a few of these. Go on by clicking on the top right orange button on each page.
Now that we are done shopping and spending all our money, we shall proceed to build our Cisco instance. One does not simply build such an instance so let's take it one step at a time shall we. Okay, this statement rings true for me at least.
You'll get warnings. Possibly two. One will be about improving your instance security because the firewall created is open so that whole world can access your instance (inbound SSH defined on 0.0.0.0/0) and the other will politely explain that your instance is not eligible for the free usage tier.
Change what you want. Verify the order. Click on Launch which proceeds to another step:
Select an existing key pair or create a new key. Use this key to authenticate
to your instance without a password. I downloaded mine, moved it to
chown 400 ~/.ssh/awesome.pem.
The name of your key is the
.pemfilename so I avoided special characters the second time around.
Finally, you can click on the blue Launch Instances button. If all goes according to plan, the instance will launch.
Here is where the fun begins. Can you ping it? Copy the Public DNS IPv4 address and slap
that into a
ping command in your terminal. Access that under Dashboard >
Running Instances > copy the Public DNS IPv4 address from the table of instances
for your instance.
No luck? Let's try Network & Security > Security Groups > right-click on the associated security group > Edit inbound rules > Add Rule. Type=Custom ICMP Rule - IPv4, Protocol=Echo Request, Source=Anywhere/My IP.
Can you SSH to it? On the instances page, click on the Connect button for
that instance and get more information about what to do with your
It's basically what I explained above. For our instance we need to connect using
admin user and include our
.pem file which we can do as follows
ssh -i "~/.ssh/awesome.pem" email@example.com
Still no luck? Let's try Network & Security > Security Groups > right-click on security group > Edit inbound rules again.
What a journey!
I am finally in. There is a
ciscoasa> prompt. Basic commands are permitted in
this mode. See them
Go into admin mode
login admin and again press
? to see admin commands.
The mode I hang around in the most is the config mode. Once logged in
config t which is short for
config terminal For the last time, press
for all the commands available. WHAM! The instance works and I can get my
hands dirty on my very own Cisco box.