Vous êtes sur la page 1sur 10

ASA 8.

4 with ASDM on GNS3 – Step by


Step Guide
Categories:

ASA, GNS3, Security

by malikyounas

This post details the method to connect to Firewall in GNS3 using ASDM. You will
establish ASDM session from your machine to GNS3 so we will be building
connection/bridge between GNS3 and PC. Also because first you will have to copy ASDM
via TFTP to Firewall so this connection is necessary.

1. Follow this guide about how to add a loopback adapter to Windows 7, Windows XP
Windows 7
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/259c7ef2-
3770-4212-8fca-c58936979851

Windows XP
http://support.microsoft.com/kb/839013

2. Restart your PC

3. Follow this guide about how to configure ASA 8.4(2) for GNS3.

http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/

4. Start a new Porject in GNS3 and drag/drop a ASA (8.4) firewall to the topology

5. Drag/Drop Cloud Object from Panel on the Left to the topology and right click it. Select
'Configure'. Select 'C1' or whatever name of the object.

6. Now as per following diagram select the loopback adapter that you added in step 1.
7. Add the adapter as per following after selecting and press OK.

8. Drop an ethernet switch the topology. If you dont do this and try drawing a direct
connection between Firewall and Cloud it will come up with error saying 'Devices does not
support this type of NIO. Use an ETHSW to bridge the connection to the NIO Instead.

9. Connect both Cloud and Firewall to the Switch as following


10. Now start all devices in GNS and use following commands on the firewall to give it an
IP.

ciscoasa# config t
ciscoasa(config)# int gi
ciscoasa(config)# int gigabitEthernet 0
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# no shut

11. Now, go back to Windows 7 and open 'Network and Sharing Centre', Click on Change
adapter settings and Change the IP Address of the Loopback adapater as following
12. You will have to turn off your PC firewall as you will be copying ASDM to ASA
firewall. If you dont know this, stop studying networking or stop the Windows Firewall
Service or if that doesnt work then Base Filtering Service.

13. Now you PC is ready to talk to firewall, lets try.

ciscoasa# ping 10.10.10.2


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#

14. OK, Now the next step is to copy ASDM to Firewall. If you already have TFTP Server
installed, cool otherwise Download and start this TFTP Application from following website

http://tftpd32.jounin.net/tftpd32_download.html

15. Download ASDM from Cisco website or any other dodgy source you have. I have
ASDM 6.4(7) downloaed.

16. On the TFTP application browse to the folder where you have downloaded ASDM.

17. On the firewall use following command to download TFTP Image.


ciscoasa# copy tftp flash
Address or name of remote host []? 10.10.10.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm-
647.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!
———–Output Omited—————–
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
17902288 bytes copied in 56.500 secs (319683 bytes/sec)
ciscoasa#

18. Set the Firewall to Load the ASDM at next reboot and also identify the management
Station IP address

ciscoasa# sh flash
–#– –length– —–date/time—— path
2 4096 Mar 05 2012 13:40:42 log
9 4096 Mar 05 2012 13:40:47 coredumpinfo
10 59 Mar 05 2012 13:40:47 coredumpinfo/coredump.cfg
11 196 Mar 05 2012 13:40:47 upgrade_startup_errors_201203051340.log
12 17902288 Mar 05 2012 14:00:48 asdm-647.bin

268136448 bytes total (250191872 bytes free)


ciscoasa# config t
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.10.10.2 255.255.255.255 management
ciscoasa(config)# username cisco password cisco privilege 15

19. use 'wr' command and then reload the firewall using 'reload' command

20. Launch your browser and go to https://10.10.10.1 (Disable Proxy if you are using any)
21. Download and Install ASDM App from website you browsed to.

22. Launch the ASDM and here you go

You can follow the post below if you want to connect two GNS3 on two different PCs together or
to connect an external device on physcial network to the GNS3 network.
http://www.xerunetworks.com/2012/03/connect-gns3-network-to-real-networks-other-gns3-
network/

You can use follwoing Lab guide for NAT migration from pre ASA 8.2 to 8.4

http://www.xerunetworks.com/2012/03/asa-8384-nat-migration-lab-guide/
Feb21

Cisco ASA 8.4 on GNS3


Categories:

ASA, GNS3, Security

by malikyounas

I struggled quite a lot of get ASA 8.4 working on GNS3. I had 8.0(2) working and was
helping to test the configurations and VPNs but now wanted to get 8.4 running such that I
can prepare myself for new NAT statements and migration from 8.0(2) to 8.4(2).

Here are the steps to get it working.

1. Download the ASA 8.4 files for GNS3 from the following address

http://www.mediafire.com/download.php?l010dd0c1nayf0d

2. Configure GNS3 as following. ( I am using Ver 0.8.2 Beta 2, Also Tested 8.3 with
Windows 7 64 bit which worked without any issues). Type the code below into relevant
fields

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
Kernel cmd line: -append ide_generic.probe_mask=0x01
ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600
bigphysarea=65536

Configure the paths for Initrd and Kernel to where you have extracted the files.
3. Once the firewall is up and running use following activation keys

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5

activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6

It will take a while (10-15 min) to accept the second activation key and will take the same
time at first reboot.

That's all done and we have a working firewall to play with.


Now if you want to run two ASAs, you will have to change the Qemu options on the
second firewall as below

Qemu Options: -vnc :2 none -vga none -m 1024 -icount auto -


hdachs 980,16,32

Troubleshooting:

Please check the comments at the end of post where you will find different ways to resolve
issues if you face any. Specially very helpfull comments from GD and are detailed below

Download and install the latest version of GNS3 0.8.2 after that download the •Qemu
0.13.0 patched 32 bits binary for Windows from

http://www.gns3.net/download/
http://sourceforge.net/projects/gns-3/files/Qemu/qemu-0.13.0.patched.win32.zip/download

Copy and replace all downloaded qemu files and folders with existing qemu files and
folders under GNS3 folder.

After you have ASA running in GNS and want to play with ASDM, here is the guide to
follow

http://www.xerunetworks.com/2012/03/asa-84-asdm-on-gns3-step-by-step-guide/

and if you want to connect two GNS3 networks running on two different PCs, use
following

http://www.xerunetworks.com/2012/03/connect-gns3-network-to-real-networks-other-
gns3-network/

I have posted a LAB Guide for migrating NAT from 8.2 to 8.3/8.4 Version, which is still
work in progress but has a lot of stuff already added into it

http://www.xerunetworks.com/2012/03/asa-8384-nat-migration-lab-guide/