LAB OVERVIEW:
Learn how to configure Cisco ASA 8. 4 in latest version of GNS3. Download compatible Cisco ASA 8. 4 image files and setup your complete virtual lab. These platforms was a major stepping stone in Ciscos device architecture as these platforms introduced the removable Compact Flash CF card memory which is commonly used with Digital Cameras.
To run Cisco ASDM GUI (Graphical user interface) on GNS3.
I will be showing here how to access the ASDM GUI from GNS3 for your study purpose. You can then do lot more on ASDM GUI rather than CLI and also this will help you in your organization as most of organization do not provide access to CLI and only you are left out is with GUI.
Usually access to ASDM is little bit tricky as you need to use TFTP client for pushing the ASDM .bin file inside the main ASA file by creating a network loopback adapter.
If incase you are beginner, let me tell you Cisco ASA firewall can be accessed via CLI or GUI and here I’m demonstrating how to access the firewall with the help of GUI (Graphical user interface)
- The only IOS images currently available from Cisco, that will work with the Dynamips emulator are the c7200 images (not the c7200p images!). The images for all of the other platforms Dynamips supported hit End of Support status, and their images were removed.
- – Use same procedure for both Binary images. Else, you may download from CISCO website using registered authorized account. Unpack the IOS Images: To use these Binary images with GNS3, we need to Unpack ASA IOS binary image “asa842-k8.bin”, I’ll use a script developed by a user “dmz” from 7200emu.hacki forum.
- Cisco Firewall:: ASA IOS Version 8.4 Download For GNS3 Apr 2, 2013. I have to test new Cisco ASA's IOS version 8.4 in my GNS3 LAB. Do provide the link for downloading the same.I dont have direct download access from cisco.com.
To demonstrate this, I will be using the topology as above:
PREREQUISITE:
i. GNS3 application
ii. Cisco ASA Firewall [ios image | ASA appliance for GNS3] ios version 9.8(1)
iii. Cisco ASDM [ios image] asdm version 7.8(1)
iv. Windows 7 IE11 VM [ VM image | appliance for GNS3] (only if required, this is optional for this lab, might be you need Windows 7 VM in your future GNS3 lab)
v. TFTP client
vi. Configure ASA Loopback Adapter (refer step #3)
STEP-BY-STEP PROCESS:
I assume by now
– you have downloaded all the Prerequisite files required for this Lab purpose.
– installed GNS3 application and also then setup Cisco ASA firewall with the help of GNS3 appliance.
– installed TFTP client on your computer/laptop
– configured ASA loopback Adapter (refer step#3)
Configure the “management” interfaces of Cisco ASA:
How to configure ASA loopback Adapter in Windows 10:
Rename to “ASA Loopback Adapter” as per our GNS3 topology
Assign an IP address on IPv4 as per our topology
IPv4 : 10.0.0.2
Netmask: 255.255.255.0
RESTARTyour laptop/computer (!!!!very important)
I assume you should be able to ping to your newly created ASA Loopback Adapter from your Cisco ASA firewall
Setup TFTP client for pushing the Cisco ASDM .bin into Cisco ASA’s flash
Current directory – point it to your ASDM .bin ios directory
Server interfaces – 10.0.0.2 as per my GNS3 topology
Verify by “show flash:” and you must be able to view the tftp uploaded ASDM file as below:
Time to configure “http” access on your Cisco ASA
Set a username and password to access the ASDM GUI
Open any browser on your laptop/computer (I prefer Google Chrome)
Accept “I understand the risks and wish to continue”Click on “Install ASDM Launcher“
Username: cisco
Password: cisco
Free Cisco Ios Image Download
You can set your own username and password.
Refer above Step. #7
Follow the on-screen process to install Cisco ASDM security device manager on your laptop
That’s all. We have now successfully installed Cisco ASDM and you need to input username and password once again as we step in #7
We have successfully installed Cisco ASDM.
If you are a beginner into Network Security (CCNA security) then go ahead and explore the GUI.
I will cover lot more topics here on Cisco ASA like IPSec, AAA, NTP, SSLVPN so please stay tuned and subscribe to my blog and YouTube channel.
FAQs
• Remember, ASDM version must match with that of ASA’s IOS version
So in our case,
Link: Refer to ASA and ASDM compatibility per model.
The links I provided above in Prerequisite is for matching versions but incase you already have Cisco ASA in your GNS3 and now only need ASDM IOS file then follow the Cisco official link and download the right ASDM version.
• Once you create the ASA Loopback Adapter please “Restart” your laptop/computer and then goto GNS3 and try to ping the loopback IP from your Cisco ASA.
• You need Java at the very end before launching Cisco ASDM, you can download Java
Facebook Comments
In this blog post, I will demonstrate how to emulate CISCO ASA 8.4 firewall with GNS3 1.x and QEMU Emulator.
In this procedure, I’ll be using following Binary IOS images:
Get the required IOS Binary Images:
You may copy these from CISCO hardware ASA device using following commands:
# copy flash: tftp:
> provide file to send to TFTP Server
> provide tftp server’s ip here
> just press enter to copy with same name.
– Use same procedure for both Binary images.
Else, you may download from CISCO website using registered authorized account.
Unpack the IOS Images:
To use these Binary images with GNS3, we need to Unpack ASA IOS binary image “asa842-k8.bin”, I’ll use a script developed by a user “dmz” from 7200emu.hacki forum. You can download script from link given below:
Download repack.v4.sh
– Copy downloaded Script “repack.v4.sh.gz” and “asa842-k8.bin” binary IOS image to linux instance. I’ll be using CentOS 7.
# cd /usr/local/src
# gunzip repack.v4.sh.gz
# chmod +x repack.v4.sh
asa842-initrd-original.gz – original extracted initrd
asa842-initrd.gz – patched initrd
– Among these, we need
asa842-initrd.gz – patched initrd
– copy these two files to GNS3 Images Directory.
NOTE: If facing Error:
# ./repack.v4.sh asa842-k8.bin
Repack script version: 4
which: no xxd in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
which: no mkisofs in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
ERROR: xxd command not found
Solution: Install ‘vim’ or ‘vim-enhanced’ package to get it
# yum install vim -y
Configure GNS3 to use ASA Firewall in topologies:
“QEMU VMs” > “New”
Add:
– Name: Any Name for ASA device, I’ll give “ASA1”
– Select “ASA 8.4(2)” from Drop Down Menu.
Ios Image Download
– Browse “asa842-initrd.gz” file for “Initial RAM disk” option.
– Browse “asa842-vmlinuz” file for “Kernel Image” option.
– Create new topology, Drag ASA1 Icon to work space and make some topology, I’ll create topology for two ASA firewalls with on VirtualBox XP VM connected via Ethernet switch as shown below:
Add ASDM image to ASAs in topology:
– Start first ASA device.
– console it
– Assign IP to ASA interface of same network as of XP VMBox Instance, in my scenario, it is 10.0.0.0/24 network.
– just press enter when asked for “Password”, as there’s not set any.
# configure terminal
# show int ip brief //show present interfaces.
# interface g0 //I’ve connect g0 interface with switch.
# no shutdown
# ip address 10.0.0.1 255.255.255.0 //assign IP to g0 interface
# nameif inside //Assign this interface to “Inside” network of firewall.
– Copy ASDM into ASA firewall in GNS3:
# copy tftp: flash:
> provide tftp server ip, 10.0.0.5
> give file name to copy, asdm-645-206.bin
> just press enter to save with same filename.
– it will start copy.
Cisco Ios Images
# http server enable //Enable HTTP/S server.
# http 0 0 inside //Allow HTTP/S access from any host from Inside network interface.
– Just select “OK” when asked for user credentials, as we’ve not configured any user on ASA yet.
– Done,