«

»

Mar 05

ASA 8.4 with ASDM on GNS3 – Step by Step Guide

This post details the method to connect to Firewall in GNS3 using ASDM. You will establish ASDM session from your machine to GNS3 so we will be building connection/bridge between GNS3 and PC. Also because first you will have to copy ASDM via TFTP to Firewall so this connection is necessary.

1. Follow this guide about how to add a loopback adapter to Windows 7, Windows XP
Windows 7
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/259c7ef2-3770-4212-8fca-c58936979851

Windows XP
http://support.microsoft.com/kb/839013

2. Restart your PC

3. Follow this guide about how to configure ASA 8.4(2) for GNS3.

http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/

4. Start a new Porject in GNS3 and drag/drop a ASA (8.4) firewall to the topology

5. Drag/Drop Cloud Object from Panel on the Left to the topology and right click it. Select 'Configure'. Select 'C1' or whatever name of the object.

6. Now as per following diagram select the loopback adapter that you added in step 1.

7. Add the adapter as per following after selecting and press OK.

8. Drop an ethernet switch the topology. If you dont do this and try drawing a direct connection between Firewall and Cloud it will come up with error saying 'Devices does not support this type of NIO. Use an ETHSW to bridge the connection to the NIO Instead.

9. Connect both Cloud and Firewall to the Switch as following

10. Now start all devices in GNS and use following commands on the firewall to give it an IP.

ciscoasa# config t
ciscoasa(config)# int gi
ciscoasa(config)# int gigabitEthernet 0
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# no shut

11. Now, go back to Windows 7 and open 'Network and Sharing Centre', Click on Change adapter settings and Change the IP Address of the Loopback adapater as following

12. You will have to turn off your PC firewall as you will be copying ASDM to ASA firewall. If you dont know this, stop studying networking or stop the Windows Firewall Service or if that doesnt work then Base Filtering Service.

13. Now you PC is ready to talk to firewall, lets try.

ciscoasa# ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#

14. OK, Now the next step is to copy ASDM to Firewall. If you already have TFTP Server installed, cool otherwise Download and start this TFTP Application from following website

http://tftpd32.jounin.net/tftpd32_download.html

15. Download ASDM from Cisco website or any other dodgy source you have. I have ASDM 6.4(7) downloaed.

16. On the TFTP application browse to the folder where you have downloaded ASDM.

17. On the firewall use following command to download TFTP Image.

ciscoasa# copy tftp flash
Address or name of remote host []? 10.10.10.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm-647.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
17902288 bytes copied in 56.500 secs (319683 bytes/sec)
ciscoasa#

18. Set the Firewall to Load the ASDM at next reboot and also identify the management Station IP address

ciscoasa# sh flash
–#–  –length–  —–date/time——  path
2  4096        Mar 05 2012 13:40:42  log
9  4096        Mar 05 2012 13:40:47  coredumpinfo
10  59          Mar 05 2012 13:40:47  coredumpinfo/coredump.cfg
11  196         Mar 05 2012 13:40:47  upgrade_startup_errors_201203051340.log
12  17902288    Mar 05 2012 14:00:48  asdm-647.bin

268136448 bytes total (250191872 bytes free)
ciscoasa# config t
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.10.10.2 255.255.255.255 management
ciscoasa(config)# username cisco password cisco privilege 15

19.  use 'wr' command and then reload the firewall using 'reload' command

20. Launch your browser and go to https://10.10.10.1 (Disable Proxy if you are using any)

21. Download and Install ASDM App from website you browsed to.

22. Launch the ASDM and here you go

 
You can follow the post below if you want to connect two GNS3 on two different PCs together or to connect an external device on physcial network to the GNS3 network.
 
You can use follwoing Lab guide for NAT migration from pre ASA 8.2 to 8.4
 

150 comments

11 pings

Skip to comment form

  1. waneey1

    Best explanation ever!!! It worked the very first time I tried it. It is essential for others to understand that they have to follow the direction without trying to add any extra. For exemple do not try to configure a default gateway for the Microsoft loopback. It doesn't need one! Keep the configuration as simple as it is and it should work.  
    Thank you very much. 

  2. SK

    I am stuck at step 12. Not able to ping the firewall from PC.
    I have disabled windows firewall. Disabled kaspersky. Tried Base Filtering Service.
    I have GNS3 virtual box edition..PC OS:windows 7.
    (I have also installed GNS3 on Windows 2003 server..but with same settings..I dont see any network adapters showing in the cloud configuration..strange..)

    1. xerunetworks

      Did you tried ping from firewall to PC? Also try capturing traffic on the link from Firewall to Cloud to see any packets travelling over.

      1. SK

        Yes..I tried pinging both ways earlier without any success…today after seeing your comment ..again restarted this from begining..and ola..its now pinging from both ways!
        Firewall not disabled for this.
        Thanks for your response..it created some interest to startover..
        (But still wondering why network addresses are not showing up in Windows2003 server…with the same setup)

        1. SK

          problem identified.
          When I hibernate and relogin…ASA cosole gets stuck..
          1) "stop"ped ASA by right click on GNS3 and "start"ed again.
          2) Tried to ping loopback from ASA console…no success.
          3) Reloaded ASA by executing command "reload" .
          4) After ASA restarted ,still not able to ping the loopback.
          5) in the cloud configuration, deleted loopback adapter and re-added.
          6) OLA..now I am able to ping both ways..!
           

  3. ABDELMOUTTALIB EL ALAMI

    I want worked on gns3 but i dont know phase the configuration
     

  4. Christian

    Gracias bro.. Thanks…. a lot!!!

  5. Ali

    Hi, please, can you help me.  I do everything, like in instructions, but when i connecto to ASA through the browser or ASDM, qemu always crushing, 

    1. xerunetworks

      can you please make sure your machine has enough resources available to run ASA in Qemu and to run browser at the same time

  6. Prithvi Rai

    Malikyounas,
    I went through many utube sessions and yours is the best, simple and straight to the point.  Thank you very much.  I have couple of questions:
    1. still unable to launch browser, comes back with the IE cannot display the webpage, any idea.  All browser setting and asa settings verified.
    2.  copy run disk0:/.private/startup-config and saving as a project with "save IOS configurations box checked" does not save the configs after I close GNS3, relaunch and reopen the project, any idea?
    Thank you again in advance and keep up the great work.
    press enter , 

    1. xerunetworks

      Hi,

      I will try to help the best I can. Now, for IE issue, can you please

      1. Ping from ASA to the Host machine and voice versa

      2. Attach/Paste the ASA config

      I doubt ASA config as you have already copied ASDM to FW so I suppose communcation between ASA and Host machine would be already working.

      To save configs you should do

      1. After configuring ASA, use 'wr mem', then save the stop the project. Stop all devices and then save the project again. 

      Let me know how it goes?

      1. qtip

        I used https://10.10.10.1 in my web browser to log in and it worked!  Notice the "S" on the end of http.  I configured the ASA per instructions ….. "http server enabled" but had to use a secure browser session.

        1. xerunetworks

          quite right, updated post to use https in browser

  7. nagarjun007

    thanx alot bro…!!

    U really helped me a lot 🙂

    Expecting more tutorials from you..keep going…

  8. jacobb

    Hi,
    What version of Java can we use for this?
    I was used to having older version of Java with Fiddler as proxy for ASDM to only work with 6.0 version if anyone remembers?
    So we can use newest version of Java and no fiddler correct?
    thanks

    1. xerunetworks

      I used to have similar issues where ASDM just wouldnt work after Java update but didnt face any since the recent ASDM version and java updates. I have latest java and newest ASDM working without any issue.

      1. jacobb

        Malikyounas, thank you so much for responding so quickly.

1 2 3 12

  1. Cisco ASA 8.4 on GNS3 » My Tech World

    […] you have ASA running in GNS and want to play with ASDM, here is the guide to follow http://www.xerunetworks.com/2012/03/asa-84-asdm-on-gns3-step-by-step-guide/ I have posted a LAB Guide for migrating NAT from 8.2 to 8.3/8.4 Version, which is still work in […]

Leave a Reply

%d bloggers like this: