ASA in GNS3

Install ASA in GNS3  – Integrate ASDM to ASA 


Downloads

Topology

We are going to implement the bellow Topology in GNS.

Untitled-Diagram1-Copy


Step 1: Extract ASA zip file.

It contains the  two image file ‘asa842-vmlinuz.kernel’ & ‘asa842-initrd’. Now you need to open GNS3.  Go to preferences in the edit tab.  Then go to Quemue VM. Opne a new Quemue VM by clicking new. Now set the name and type of the Quemue VM  ‘ASA8.4(2)‘.

Remember OLD DR
Introduction - Preemption vs Remember OLD DR. Remembering old DR is an optimization of DR/BDR election process. It's a Cisco proprietary and use to enable fast DR recovery in a multi-access network.
Tags   dr ospf remember old dr 
1

Step 2: Set the Quemue Binary executable path and RAM size.

2

Step 3: Choose initrd and kernel image into proper boot specific location.

3
4
4
Untitled Diagram(1) - Copy

Please note that at the time of importing do not make these image as default for this platform.     Now ASA rendering to GNS is complete. Its time to explore the rest of the ASA magic. Before that please take a look of my network diagram(physical and virtual) and how I actually implemented in my virtual platform.  

Now to implement in my system I did the following simple steps. Please follow.

Set two Virtual network through Vmware network editor.

5
6

Once you open it. You need to power UP two Virtual Network Adapter and set their properties and attributes.

Here VMnet0 is the Internal network having 192.168.0.0/24 subnet and VMnet8 is the external having 192.168.239.0/24 subnet. For both of them we need to connect a host to this Virtual adapter and VMnet0 should be host only and VMnet9 should be NAT as a property.

Now all the vegetables are ready to cook. Open GNS3 and create a Network like the bottom one. Here I took a ASA with Two cloud and two Ethernet SW. The Cloud1 and Cloud2 should be configured properly to get access of your Virtual Network card to GNS module.

Topology

Now see how to configure the Cloud. Its very simple. Right click on the cloud and open settings and select proper network card and render. As the diagram says the Cloud1 should be mapped to VMnet0 and Colod2 should be mapped to VMnet8.

Cloud 1 Configuration
8
Cloud 2 Configuration
9

Before going to turn on the ASA I will show you a simple thing, how to share your internet connection to VMnet8(NAT Virtual Adatper). Open the Netowrk You are using to browse current Internet connection. Open properties and enable sharing the Internet over VMnet8. See this is how you can share the Internet over VMnet8.

10

Now Its time to launch the ASA into action


Untitled Diagram(1) - Copy
Topology

Before that lets have a look at the topology once again.    

FireUP the ASA and open the console now.

Do some besic configuration to enable the HTTP access from my inside network to launch the ASDM.


Inside Configuration

ciscoasa(config)#  int Gi0 
ciscoasa(config-if)# ip add 192.168.0.10 255.255.255.0 
ciscoasa(config-if)#  nameif 
inside INFO: Security level for "inside" set to 100 by default. 
ciscoasa(config-if)# 
ciscoasa(config-if)# security-level 0 c
iscoasa(config-if)# username admin password Admin.123 privilege 15 
ciscoasa(config)#  http server enable 
ciscoasa(config)#  http 192.168.0.0 255.255.255.0 inside 
ciscoasa(config)# int gi0 
ciscoasa(config-if)# no sh 
ciscoasa(config-if)# 

Outside configuration

ciscoasa(config)# interface gi1 
ciscoasa(config-if)# ip add 192.168.239.10 255.255.255.0 
ciscoasa(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default. 
ciscoasa(config-if)# security-le 
ciscoasa(config-if)# security-level 100 
ciscoasa(config-if)# no sh 
ciscoasa(config-if)# 

Import ASDM

Now we need to copy the ASDM image to ASA Flash.  Before that please ensure that icmp is enable from both side and able to ping. Now turn on the TFTP server and load the ASDM on it.

ciscoasa# copy tftp: flash: Address or name of remote host []? 192.168.0.1 Source filename []? asdm-647.bin Destination filename [asdm-647.bin]? Accessing tftp://192.168.0.1/asdm-647.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Now its all OK after copying the ASDM to ASA. Now time to open the ASA internal IP(192.168.0.10 => Gi0 Interface)

It will show a SSL error as the certificate is self signed. You need to accept the risk. Now the rest of the procedure is simple software installation of ASDM Launcher along with Java.

Launch the ASDM.

11
12
14

It will open the JAVA ASDM Console for ASA.


  Previous Next  

Leave a Reply