vASA Add VMXNET3 Network Cards

vASA Add VMXNET3 KB ID 0001929

Problem

I got a call out of the blue from a colleague this week asking, “We have a client, and we need to change the E1000 virtual network cards in their virtual Cisco ASA with VMXNET3 ones, do you think that will cause any problems?

I suppose the sensible answer was ‘Why?” It turns out this was one in a long line of small changes that were being proposed to solve a performance problem. The honest answer was, “I don’t know, but I can test it on the bench for you?

Solution : vASA Add VMXNET3

Common Sense Check: You’re about to make changes the ASAv. Back it up before and after you carry out the work.

I knew from experience that the FIRST NIC shown on the ASAv when you edit its settings is usually ‘The Managment 0/0 Interface” Then typically the rest follow the GigabitEthernet 0/0, GigabitEthernet 0/1, GigabitEthernet 0/0, etc. As luck would have it, I already had one of the interfaces disconnected.

ASAv Change Network Card VMXNet3

As you can see, each interface is, by default is an E1000, which makes sense. This is an emulated Intel 82545EM controller, and the drivers for it are pretty universally supported by most virtualisation platforms.

vASA Add VMXNET3

Why is all that important? Well, with one interface disconnected, it’s pretty easy to locate that interface in the vASA, like so, I ran the first command (interface down), then connected the interface in VMware, and ran the command again (interface up). This lets me know I’m dealing with the correct interface.

Now the object of the exercise is to make sure we don’t damage (or lose parts of) the firewall config. Here you can see that the interface looks after my DMZ and is configured.

vASA Add VMXNET3

And there is some config associated with that interface, so this should be a good test.

asav add vmxnet3

Let’s delete the old unwanted E1000 interface.

Add new device > Network Adapter.

Cisco ASAv Change NICs form E1000

vASA Add VMXNET3: The new interface will appear at the bottom of the list. Change the hardware type to VMXNET3, and when you click OK, it will jump back up in the list and take the place of the one you deleted (in this case, ‘VMware Network Adapter 4’.

asav add vmxnet3 nic to replace e1000

A quick ‘show ip interface brief’ and we can see the interface is there and ‘up‘.

ASAv Add VMXnet3 vNic

And more importantly, the config has not been dropped for that interface.

ASAv Add VMXNet3

So to answer the question, “Yes, you can, and no, it’s not destructive. (But back it up anyway!)

Related Articles, References, Credits, or External Links

Thanks to Alan Wake and Paul White for thier input.

PNL on YouTube

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *