Install OPNSense and Linux on Cisco ASA
Open Source your black-box Cisco device
Cisco is a great network solution for most, but I don’t think it is a ‘’one-size-fits-all’’ solution as most would believe.
Pay-Walls, Closed Source, and Black Box technologies will be the death of Privacy and Security; It is imperative we decentralize our resources if we truly want to protect our data. While Cisco has done a lot and is considered the “gold standard,” — and for good reason — it isn’t ideal for those who care for privacy due to its concerning practices and relation with IBM.
During my search for this deemed ‘impossible’ task, I have found a lot of unusual negativity surrounding this topic. I don’t understand why, but I hope to save others from the hive-minded’s trouble towards questioning and wasting any more precious time.
Some of you reading this may think I am an absurd lunatic, and to a degree, that is totally valid; however, that is beside the point!
This article’s “point” is to help the curious and interested in tinkering, learning, or even furthering the community and the technologies available. In my opinion, this could be the beginning of what could revolutionize the way admins think of “dated” devices. This is a matter of unlocking doorways and reintroducing the mindset of “what can one make this device do” rather than just using it as is.
This “impossible” task may seem complicated, but I assure you it is a cakewalk! Once opened up, it’s as easy as 1–2–3! Well easier than modding phones ;)
Requirements:
- Patience, this is a base requirement in general. 😉
- A live image of OPNSense flashed to a USB (or whatever OS you want to use)
- Make sure you review base requirements for your Operating System of choice, I am using OPNSense. [²]
3. Storage device, I used a SATA SSD; you can use an HDD or a USB drive as your storage. This will go in your ASA and serve as its storage device.
4. IDC 16 PIN to VGA Adapter ( [$6 USD from PCCABLES.com](https://www.pccables.com/VGA_PORT_HD15F_PORT_To_IDC16.html) ) [¹]
Get started:
- Identify your Device (Cisco ASA Model):
- Open the ASA up by taking the cover off and read documentations on your model.
- On the motherboard, you should see a PIN-OUT for VGA (16 PIN IDC [¹]). This PIN-OUT will be your entryway into the machine and allow you to bypass ROMMON.
2. Make your Bootable device:
- I used Rufus[³] and the VGA OPNSense[²] image. If you are here, I assume you already understand this topic, so I will leave you to your own devices
3. Add your parts to the CISCO ASA:
- I added a 250GB SATA SSD to the front of the ASA, should be more than enough
- Add RAM if you want; I have 32GB already in mine but it depends on the specs/limits of your device
- Attach your Adapter[¹] and connect the VGA to a screen
- Attach a keyboard and your bootable device
Show time:
1. Power on your device and enter the bios (Hitting F2 for me)
- (boot screen took almost a minute to appear after power-on)
2. In BIOS, Disable ROMMON.
3. Switch the boot order; Make the USB the primary and HDD (boot device) as secondary.
4. Save changes and reboot.
5. Enjoy the POWER! — Powering the ASA back on should find the bootable device.
- Install your Operating system! BONUS Points if you can run DOOM on it . . .
Conclusion:
As of writing this, I have OPNSense running on my CISCO ASA-5555X and it works great! These modifications have turned this once scrapped device into a fantastic multi-purpose machine for my home network, free of the subscriptions and closed source limitations. The best part is I have control over the device the way I want to have it.
I hope this helps; feel free to email me or message me on LinkedIn; I love to collaborate and conversate! Let me know your experiences, I have seen ESXi running on these mini powerhouses, which is brilliant!
All the best,
Dominic
Links:
[¹]: [VGA Port HD15F Adapter to IDC16 from PC Cables](https://www.pccables.com/VGA_PORT_HD15F_PORT_To_IDC16.html).
[²]: [OPNSense](https://opnsense.org/).
[³]: [Rufus](https://rufus.ie).
