«

»

Mar 05

ASA 8.4 with ASDM on GNS3 – Step by Step Guide

This post details the method to connect to Firewall in GNS3 using ASDM. You will establish ASDM session from your machine to GNS3 so we will be building connection/bridge between GNS3 and PC. Also because first you will have to copy ASDM via TFTP to Firewall so this connection is necessary.

1. Follow this guide about how to add a loopback adapter to Windows 7, Windows XP
Windows 7
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/259c7ef2-3770-4212-8fca-c58936979851

Windows XP
http://support.microsoft.com/kb/839013

2. Restart your PC

3. Follow this guide about how to configure ASA 8.4(2) for GNS3.

http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/

4. Start a new Porject in GNS3 and drag/drop a ASA (8.4) firewall to the topology

5. Drag/Drop Cloud Object from Panel on the Left to the topology and right click it. Select 'Configure'. Select 'C1' or whatever name of the object.

6. Now as per following diagram select the loopback adapter that you added in step 1.

7. Add the adapter as per following after selecting and press OK.

8. Drop an ethernet switch the topology. If you dont do this and try drawing a direct connection between Firewall and Cloud it will come up with error saying 'Devices does not support this type of NIO. Use an ETHSW to bridge the connection to the NIO Instead.

9. Connect both Cloud and Firewall to the Switch as following

10. Now start all devices in GNS and use following commands on the firewall to give it an IP.

ciscoasa# config t
ciscoasa(config)# int gi
ciscoasa(config)# int gigabitEthernet 0
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa(config-if)# nameif management
ciscoasa(config-if)# no shut

11. Now, go back to Windows 7 and open 'Network and Sharing Centre', Click on Change adapter settings and Change the IP Address of the Loopback adapater as following

12. You will have to turn off your PC firewall as you will be copying ASDM to ASA firewall. If you dont know this, stop studying networking or stop the Windows Firewall Service or if that doesnt work then Base Filtering Service.

13. Now you PC is ready to talk to firewall, lets try.

ciscoasa# ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#

14. OK, Now the next step is to copy ASDM to Firewall. If you already have TFTP Server installed, cool otherwise Download and start this TFTP Application from following website

http://tftpd32.jounin.net/tftpd32_download.html

15. Download ASDM from Cisco website or any other dodgy source you have. I have ASDM 6.4(7) downloaed.

16. On the TFTP application browse to the folder where you have downloaded ASDM.

17. On the firewall use following command to download TFTP Image.

ciscoasa# copy tftp flash
Address or name of remote host []? 10.10.10.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm-647.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
———–Output Omited—————–
17902288 bytes copied in 56.500 secs (319683 bytes/sec)
ciscoasa#

18. Set the Firewall to Load the ASDM at next reboot and also identify the management Station IP address

ciscoasa# sh flash
–#–  –length–  —–date/time——  path
2  4096        Mar 05 2012 13:40:42  log
9  4096        Mar 05 2012 13:40:47  coredumpinfo
10  59          Mar 05 2012 13:40:47  coredumpinfo/coredump.cfg
11  196         Mar 05 2012 13:40:47  upgrade_startup_errors_201203051340.log
12  17902288    Mar 05 2012 14:00:48  asdm-647.bin

268136448 bytes total (250191872 bytes free)
ciscoasa# config t
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.10.10.2 255.255.255.255 management
ciscoasa(config)# username cisco password cisco privilege 15

19.  use 'wr' command and then reload the firewall using 'reload' command

20. Launch your browser and go to https://10.10.10.1 (Disable Proxy if you are using any)

21. Download and Install ASDM App from website you browsed to.

22. Launch the ASDM and here you go

 
You can follow the post below if you want to connect two GNS3 on two different PCs together or to connect an external device on physcial network to the GNS3 network.
 
You can use follwoing Lab guide for NAT migration from pre ASA 8.2 to 8.4
 

150 comments

11 pings

Skip to comment form

  1. Namasivayam

    Unable to Launch Cisco ASDM device manager from 192.168.1.1
    Software Details:
    asa842-initrd.gz
    asa842-vmlinuz
    Cisco asdm-647.bin
    jdk-7u51-windows-i586
    Windows 7 32 bit O/s
    Internet Explorer version 9
    tftp32.exe
    GNS3 0.8.6

    Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
    Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

    —————————————————————
    ciscoasa(config)#interface gigabitEthernet 0
    ciscoasa(config-if)#ip address 192.168.1.1 255.255.255.0
    ciscoasa(config-if)#nameif inside
    ciscoasa(config-if)#no shutdown
    ciscoasa(config-if)#exit

    ciscoasa(config)#ping 192.168.1.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
    !!!!!!!!
    Success rate is 100 parcent (5/5), round-trip min/avg/max = 1/1/1 ms

    ciscoasa(config)#http server enable
    ciscoasa(config)#http 192.168.1.2 255.255.255.255 inside
    ciscoasa(config)#username cisco password admin privilege 15
    ciscoasa(config)#copy tftp: flash:
    Address or name of remote host[]? 192.168.1.2
    Source filename []? asdm-647.bin
    Destination filename [asdm-647.bin]?
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    ciscoasa(config)#asdm image flash:asdm-647.bin
    ciscoasa(config)#wr mem
    —————————————————–

    Step 1: Go to IE Browser
    Step 2: Type https://192.168.1.1
    Step 3: I Enter username and password
    Step 4: I install Run the Asdm
    Step 5: i Enter firewall ip, username and password in asdm launcher
    Step 6: i have one Error unable to launch device manager from 192.168.1.1
    Step 7: how to solve this error.

    1. Phi

      Java version 7 is incompatible with asdm-launcher.
      2 Solutions:
      1. Downgrade to java 6 if you want to use the launcher
      2. Don’t use the install option – just click on “Run ASDM” (the web asdm should work, confirmed working with asdm-715)

      1. Chandan Dey

        I have same problem. Please suggest which java 6 version is needed. Coz in java.com there are lots of java 6 exe based on different version.

  2. Zia

    Hi all,

    I connected an ethernet sw from asa port gi 0 and one loop back adptor to sw. this the config on g0 on ASa
    interface GigabitEthernet0
    nameif management
    security-level 100
    ip address 111.111.111.1 255.255.255.0

    loopback ip is 111.111.111.10/24 and gateway is 111.111.111.1
    but i am not able to ping g0 interface from laptop and asa to loopback intface. Please help

    if i connect router indtead of asa i am able to ping?

  3. Yasser Youssef

    WARNING: IP address and netmask inconsistent
    why should i see this message when i try configure and Set the Firewall to Load the ASDM at next reboot and also identify the management Station IP address allthough the connection between cloud and asa is allright

    1. theluli

      Read the last part , IP should be 10.10.10.2 and mask 255.255.255.255 not 255.255.255.0

  4. Darren Moranda

    Hi all, I have followed the guide, but I too have run in to the issue where I cant seem to ping from the ASA to my loopback adaptor on windows 7, I have disabled the windows firewall

  5. usama

    when i connect asa with switch or hub i got this msg (qemuwrapper dosent support hot link add)plz help

    1. xerunetworks

      Put a switch between both

    2. netbee

      Make sure that ASA is not running. Stop ASA connect all connection and then run asa.

  6. Onkar Ghaisas

    If I add multiple f/ws, only one works at a times or none of them.

  7. Biniyam

    ping from ASA to loopback interface and vice versa not work in GNS3 0.8.5 on windows 7 ??? but on xp it is working!!!

  8. Onkar

    Well, guys, I think problem is with machine OS i.e Windows 7. I created a XP VM and run tftp from VM and it worked perfectly. But a new question arises, why it didnt work with windows 7

  9. Onkar

    %Error reading tftp://10.10.10.2/asdm-647.bin (Unspecified Error)

  1. Configuring Cisco ASA with ASDM | Miftah Rahman (Go)-Blog

    […] (cara setting pake GNS) […]

Leave a Reply

%d bloggers like this: