«

»

Mar 05

ASA 8.4 with ASDM on GNS3 – Step by Step Guide

This post details the method to connect to Firewall in GNS3 using ASDM. You will establish ASDM session from your machine to GNS3 so we will be building connection/bridge between GNS3 and PC. Also because first you will have to copy ASDM via TFTP to Firewall so this connection is necessary.

1. Follow this guide about how to add a loopback adapter to Windows 7, Windows XP
Windows 7
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/259c7ef2-3770-4212-8fca-c58936979851

Windows XP
http://support.microsoft.com/kb/839013

2. Restart your PC

3. Follow this guide about how to configure ASA 8.4(2) for GNS3.

http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/

4. Start a new Porject in GNS3 and drag/drop a ASA (8.4) firewall to the topology

5. Drag/Drop Cloud Object from Panel on the Left to the topology and right click it. Select 'Configure'. Select 'C1' or whatever name of the object.

6. Now as per following diagram select the loopback adapter that you added in step 1.

7. Add the adapter as per following after selecting and press OK.

8. Drop an ethernet switch the topology. If you dont do this and try drawing a direct connection between Firewall and Cloud it will come up with error saying 'Devices does not support this type of NIO. Use an ETHSW to bridge the connection to the NIO Instead.

9. Connect both Cloud and Firewall to the Switch as following

10. Now start all devices in GNS and use following commands on the firewall to give it an IP.

ciscoasa# config t
ciscoasa(config)# int gi
ciscoasa(config)# int gigabitEthernet 0
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# no shut

11. Now, go back to Windows 7 and open 'Network and Sharing Centre', Click on Change adapter settings and Change the IP Address of the Loopback adapater as following

12. You will have to turn off your PC firewall as you will be copying ASDM to ASA firewall. If you dont know this, stop studying networking or stop the Windows Firewall Service or if that doesnt work then Base Filtering Service.

13. Now you PC is ready to talk to firewall, lets try.

ciscoasa# ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#

14. OK, Now the next step is to copy ASDM to Firewall. If you already have TFTP Server installed, cool otherwise Download and start this TFTP Application from following website

http://tftpd32.jounin.net/tftpd32_download.html

15. Download ASDM from Cisco website or any other dodgy source you have. I have ASDM 6.4(7) downloaed.

16. On the TFTP application browse to the folder where you have downloaded ASDM.

17. On the firewall use following command to download TFTP Image.

ciscoasa# copy tftp flash
Address or name of remote host []? 10.10.10.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm-647.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
17902288 bytes copied in 56.500 secs (319683 bytes/sec)
ciscoasa#

18. Set the Firewall to Load the ASDM at next reboot and also identify the management Station IP address

ciscoasa# sh flash
–#–  –length–  —–date/time——  path
2  4096        Mar 05 2012 13:40:42  log
9  4096        Mar 05 2012 13:40:47  coredumpinfo
10  59          Mar 05 2012 13:40:47  coredumpinfo/coredump.cfg
11  196         Mar 05 2012 13:40:47  upgrade_startup_errors_201203051340.log
12  17902288    Mar 05 2012 14:00:48  asdm-647.bin

268136448 bytes total (250191872 bytes free)
ciscoasa# config t
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.10.10.2 255.255.255.255 management
ciscoasa(config)# username cisco password cisco privilege 15

19.  use 'wr' command and then reload the firewall using 'reload' command

20. Launch your browser and go to https://10.10.10.1 (Disable Proxy if you are using any)

21. Download and Install ASDM App from website you browsed to.

22. Launch the ASDM and here you go

 
You can follow the post below if you want to connect two GNS3 on two different PCs together or to connect an external device on physcial network to the GNS3 network.
 
You can use follwoing Lab guide for NAT migration from pre ASA 8.2 to 8.4
 

150 comments

11 pings

Skip to comment form

  1. Gajendra

    Hi, 
    as facing a probloem while copying asdm to asa with TFTP.but there is an problem with space in asa flash:
    please find the same error.
     
    ciscoasa(config)# copy tftp: flash:
     
    Address or name of remote host []? 10.10.10.2
     
    Source filename []? asdm-641.bin
     
    Destination filename [asdm-641.bin]?
     
    Accessing tftp://10.10.10.2/asdm-641.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    %Error copying tftp://10.10.10.2/asdm-641.bin (Not enough space on device)
    ciscoasa(config)#
     
     
    i have also check with disk0 but the same one..
     
    not able to increase memory please suggest me how i can do this ?
     
    Awaiting for help
     

  2. Alonso

    I get this error when I try upload the asdm  trough the tftp:
     
    Accessing tftp://10.10.10.2/asdm-647.bin…
    %Error reading tftp://10.10.10.2/asdm-647.bin (File not found)
     
     
    What can i do??? 

    1. xerunetworks

      Check your tftp server and file path in tftp

  3. namal

    after configurations, i have got following issue,
    when i trying to connect with https and running asdm-645-204.bin then ," qemu has stopped ". everything is working. pls help me to solve this problem ( i have simulated GNS3 with  asa802-k8 )
     

  4. Saj

    Thanks MalikYounis.
     
    One more thing. I tried site to site vpn connection and i followed everything as per documents but its not working not every the first negotiation is going on and not even a single packet is communicating between them. 
    i have checked the configuration many many times and everything looks fine. The only thing i can see is that in my License VPN Peers: 0. Is that can be the problem??

  5. Saj

    Very nice Thanks. Is there a way that we can save asdm permanently.
     

    1. xerunetworks

      Use ‘wr mem’ after asdm is loaded and configuration is finished the save this project and use as base lab for all new labs

  6. Anil

    HI.. i have installed the loopback adapter in my PC. i'm using the windows XP.. still i was not able to see it when i was trying to configure the cloud.
    I have restered the PC. i'm able to see it in the network connection. I have admin rights.

  7. turbo

    I have a issue with the adapter (step number 6 ) because in my OS I already install my adapter but when I go to the step number 6, I don't have anything. 
    thanks 

    1. turbo

      my OS is Win 7
       

    2. xerunetworks

      Did you restart your pc? Also is it appearing in your network adapter in win7?

      1. turbo

        thanks for answer… yup I did.. and my network adapter is in win 7 and I can connect my pc throught this adapter
         

        1. xerunetworks

          You should be able to see atleast your win7 adapter if not the loopback, also start with a fresh gns3 toplogy after creating loopback, i can think if anything else which should stop showing adapter…unless gns3 installation is corrupt

          1. turbo

            I found my problem. 
            My problem was I running GNS3 without administrative permisions. Sorry about that.
            Thanks for yout support
             

  8. Xeishan Siddique

    Works like a dream – Thanks very much mate 🙂

  9. RafalS

     
    Hi!
    Following 3 days of frustrations, almost have posted unresolved problem:
    Very good manual but cannot follow up to the end due to some connectivity problem.
    In Step 13, I always get ASA->MSloopback ping response, but not vice-versa. PC->ASA ping produces intermittent replies coming by series. When PC->ASA pings time out, it helps to send ping ASA->pc which sort of unlocks the opposite direction. Very strange dependency. With time, this intermittence tends to fade away giving long uninterrupted responses.
    Step 17 is successful proving stable ASA->PC connectivity.
    In Step 19, it's a total failure – no page displayed in any web the browser, regardless of whether or not https prefixes the ASA IP address. If this http(s) connection is attempted while extended ping is sent PC->ASA, the ping times out again!
    MS Loopback adapter falls into "unidentified network/public network" category under Windows 7 Network and sharing center. Yet, my Windows FW is disactivated for all 3 network categories and my third-party firewall is switched to pass all traffic.
    Solution: shutdown FortiClient (my 3rd party firewall). Pings have stabilized and ASA webpage have been downloaded. Posting anyway (for posterity).

  10. jery

    can any one share ASDM 6.4(7)  ?

    1. xerunetworks

      sorry cant help with this, you will have to check your friends anyone with access to downloads on cisco website otherwise google.com is the best option

Leave a Reply

%d bloggers like this: