ASA 8.4 with ASDM on GNS3 – Step by Step Guide
This post details the method to
connect to Firewall in GNS3 using ASDM. You will establish ASDM session from
your machine to GNS3 so we will be building connection/bridge between GNS3 and
PC. Also because first you will have to copy ASDM via TFTP to Firewall so this
connection is necessary.
1. Follow this guide about how to add a loopback adapter to
Windows 7, Windows XP
Windows 7
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/259c7ef2-3770-4212-8fca-c58936979851
Windows 7
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/259c7ef2-3770-4212-8fca-c58936979851
2. Restart your PC
3. Follow this guide about how to configure ASA 8.4(2) for
GNS3.
4. Start a new Porject in GNS3 and drag/drop a ASA (8.4)
firewall to the topology
5. Drag/Drop Cloud Object from Panel on the Left to the
topology and right click it. Select 'Configure'. Select 'C1' or whatever name
of the object.
6. Now as per following diagram select the loopback adapter
that you added in step 1.
7. Add the adapter as per following after selecting and press
OK.
8. Drop an ethernet switch the topology. If you dont do this
and try drawing a direct connection between Firewall and Cloud it will come up
with error saying 'Devices does not support this type of NIO. Use an ETHSW to
bridge the connection to the NIO Instead.
9. Connect both Cloud and Firewall to the Switch as following
10. Now start all devices in GNS and use following commands on
the firewall to give it an IP.
ciscoasa# config t
ciscoasa(config)# int gi
ciscoasa(config)# int gigabitEthernet 0
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# no shut
ciscoasa(config)# int gi
ciscoasa(config)# int gigabitEthernet 0
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# no shut
11. Now, go back to Windows 7 and open 'Network and Sharing
Centre', Click on Change adapter settings and Change the IP Address of the
Loopback adapater as following
12. You will have to turn off your PC firewall as you will be
copying ASDM to ASA firewall. If you dont know this, stop studying networking
or stop the Windows Firewall Service or if that doesnt work then Base Filtering
Service.
13. Now you PC is ready to talk to firewall, lets try.
ciscoasa# ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#
14. OK, Now the next step is to copy ASDM to Firewall. If you
already have TFTP Server installed, cool otherwise Download and start this TFTP
Application from following website
http://tftpd32.jounin.net/tftpd32_download.html
15. Download ASDM from Cisco website or any other dodgy source
you have. I have ASDM 6.4(7) downloaed.
16. On the TFTP application browse
to the folder where you have downloaded ASDM.
17. On the firewall use following command to download TFTP
Image.
ciscoasa# copy tftp flash
Address or name of remote host []? 10.10.10.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm-647.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Address or name of remote host []? 10.10.10.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm-647.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
17902288 bytes copied in 56.500 secs (319683 bytes/sec)
ciscoasa#
———–Output Omited—————–
17902288 bytes copied in 56.500 secs (319683 bytes/sec)
ciscoasa#
18. Set the Firewall to Load the ASDM at next reboot and also
identify the management Station IP address
ciscoasa# sh flash
–#– –length– —–date/time—— path
2 4096 Mar 05 2012 13:40:42 log
9 4096 Mar 05 2012 13:40:47 coredumpinfo
10 59 Mar 05 2012 13:40:47 coredumpinfo/coredump.cfg
11 196 Mar 05 2012 13:40:47 upgrade_startup_errors_201203051340.log
12 17902288 Mar 05 2012 14:00:48 asdm-647.bin
–#– –length– —–date/time—— path
2 4096 Mar 05 2012 13:40:42 log
9 4096 Mar 05 2012 13:40:47 coredumpinfo
10 59 Mar 05 2012 13:40:47 coredumpinfo/coredump.cfg
11 196 Mar 05 2012 13:40:47 upgrade_startup_errors_201203051340.log
12 17902288 Mar 05 2012 14:00:48 asdm-647.bin
268136448 bytes total (250191872
bytes free)
ciscoasa# config t
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.10.10.2 255.255.255.255 management
ciscoasa(config)# username cisco password cisco privilege 15
ciscoasa# config t
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.10.10.2 255.255.255.255 management
ciscoasa(config)# username cisco password cisco privilege 15
19. use 'wr' command and then reload the firewall using
'reload' command
20. Launch your browser and go to https://10.10.10.1 (Disable
Proxy if you are using any)
21. Download and Install ASDM App from website you browsed to.
22. Launch the ASDM and here you go
You can follow the post below if you
want to connect two GNS3 on two different PCs together or to connect an
external device on physcial network to the GNS3 network.
You can use follwoing Lab guide for
NAT migration from pre ASA 8.2 to 8.4
No comments:
Post a Comment