Cisco Asa Firewall Image For Vmware Workstation New! -

The Ultimate Guide to Running a Cisco ASA Firewall Image on VMware Workstation

Files You Need to Obtain Legally

  1. ASAv Boot Image: Typically asa9-16-4-lfbff-k8.SPA (this is the .bin file that contains the OS).
  2. ASAv VMDK File: A pre-formatted hard disk image (virtioa.vmdk).
  3. Or the OVF Package: asav9-16-4.ova – an all-in-one archive.

Where to get them:

  • Login to Cisco Software Download (requires a valid contract).
  • Navigate to: Products > Security > Adaptive Security Appliance (ASA) > ASAv > [Choose version] > ASAv Boot Image.

If you are a student, use Cisco Modeling Labs (CML) Personal — it exports ready-to-run ASAv images for VMware. cisco asa firewall image for vmware workstation

Step 3: Create a New VMware VM

  1. Open VMware Workstation → FileNew Virtual Machine.
  2. Choose Custom (advanced)Hardware compatibility: Workstation 15.x or higher.
  3. Installer disc image file (iso)but we will not use it directly; choose “I will install the operating system later”.
  4. Guest operating system:
    • LinuxOther Linux 5.x or later kernel 64-bit (ASA runs a Linux-derived kernel).
  5. Virtual machine name: Cisco ASA Firewall
  6. Processors: 2 cores, 1 socket.
  7. Memory: 2048 MB (minimum) – recommended 4096 MB.
  8. Network:
    • Add 3 network adapters (ASA needs at least Management, Inside, Outside).
    • First adapter: NAT or Bridged (Outside).
    • Second adapter: Host-only (Inside).
    • Third adapter: Host-only or Custom (DMZ or Management).
    • Pro tip: Later, you can rename network adapters to Outside, Inside, DMZ in VM settings.
  9. SCSI Controller: LSI Logic SAS (default).
  10. Virtual Disk: Use an existing virtual disk → browse to your converted asa.vmdk.
    • Important: Keep existing format. Do not convert.
  11. Finish the wizard.

Step 9: Save Configuration

From enable mode:

write memory

Or

copy running-config startup-config

What You Get vs. Real Hardware

  • Real ASA: ASIC acceleration for VPN, switch ports, PoE, rackmount form factor.
  • Virtual ASA (ASAv): Full CLI and ASDM (Adaptive Security Device Manager) access, same 9.x feature set, but throughput is limited by your host CPU. Cisco officially calls this the ASAv (Adaptive Security Appliance Virtual).

Alternative: Use GNS3/EVE-NG

If VMware Workstation gives you trouble, consider running the same .vmdk inside GNS3 or EVE-NG – these platforms handle ASA images more natively with proper ASDM support. The Ultimate Guide to Running a Cisco ASA