+ Reply to Thread
Results 1 to 15 of 15

Thread: Asa > gns3

  1. Member
    Join Date
    Sep 2008
    Posts
    60

    Certifications
    MCDST (Charter), MCSA 2000+M, MCSA 2003+M, CCNA, MCSE 2003, MCITP:SA, MCITP:EA
    #1

    Default Asa > gns3

    Has anyone got an ASA working in GNS3 ?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member ConstantlyLearning's Avatar
    Join Date
    Dec 2006
    Location
    Dublin, Ireland
    Posts
    444

    Certifications
    JNCIA-JunOS, CCNP, CCNA-Security, CCNA, CCENT, CWNA, JNCIA-FWV, Security+, Network+, A+, MCP, MCSA, ITIL Foundation V3
    #2
    I havn't but have you tried this? How to run ASA 8 firewall on GNS3 0.7.3 | GNS3 Vault

    Looks promising.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #3
    Quote Originally Posted by danc_101 View Post
    Has anyone got an ASA working in GNS3 ?
    Yes.

    Quote Originally Posted by ConstantlyLearning View Post
    I havn't but have you tried this? How to run ASA 8 firewall on GNS3 0.7.3 | GNS3 Vault
    Looks promising.
    That works, try this video, might be a little easier:

    ‪GNS3 - How to configure GNS3 and Cisco ASA Firewall‬‏ - YouTube

    Of course, I've only seen the 8.02 running. If somehow had instructions on how to get 8.4 running, I'd use that, LOL.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  5. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #4
    Quote Originally Posted by danc_101 View Post
    Has anyone got an ASA working in GNS3 ?
    yep it works.
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP
    Reply With Quote Quote  

  6. Senior Member alan2308's Avatar
    Join Date
    Apr 2010
    Location
    Ann Arbor, MI
    Posts
    1,807

    Certifications
    CCNA, CCNA Sec, MCSA 2008, MCSA 2012, CISSP
    #5
    Quote Originally Posted by instant000 View Post
    Of course, I've only seen the 8.02 running. If somehow had instructions on how to get 8.4 running, I'd use that, LOL.
    You and me both. Nobody has managed anything beyond 8.02.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #6
    Quote Originally Posted by alan2308 View Post
    You and me both. Nobody has managed anything beyond 8.02.
    No kidding.

    I'm almost to the point of buying a couple ASA's, just to stock up my lab properly.

    However, I just looked at the CCIE Security objectives, and the ASA on there was 8.x. It would seem if they really needed something higher than that, it'd specifically say so. (especially considering that 8.5 is already out for the FWSM)

    Besides, the emulated pix 8.x is a lot easier to run. I got one running 8.0 pretty smooth in just a few minutes.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  8. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #7
    Isnt the draw back to this ASA emulation , not being able to save configs?
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #8
    Quote Originally Posted by chrisone View Post
    Isnt the draw back to this ASA emulation , not being able to save configs?
    I can save mine.

    Let me show you some note's I've collected (from various places on the net, mind you).


    =========================

    How to get the ASA running
    ===========================


    1. Cisco Network Resources > Free Tools
    download: cisco asa 8 initrd.gz
    download: cisco asa8 kernel
    2. launch gns3 > edit > preferences > Qemu > ASA
    initrd: specify the file you downloaded earlier
    kernel: specify the other file you downloaded
    make sure to give it a name
    then, you can save, apply, and ok
    3. in GNS3, bring the firewall over
    start it
    minimize the window that comes up
    4. open the ASA console
    wait for one minute (it is loading up)
    5. after waiting one minute, enter this command:
    cd /mnt/disk0
    /mnt/disk0/lina_monitor


    ================================================== ==============

    Formatting the Flash (for when saving fails)
    =======================

    1. enter this command from enable mode:

    format flash:

    2. restart the ASA
    in GNS3 right click on the ASA Icon – “stop”
    give it a few seconds then select “start”

    3. open your ASA console
    f asked run the command
    cd /mnt/disk0
    /mnt/disk0/lina_monitor

    4. now try dir again … note the 0 bytes has gone :O)

    5. You can now save your configs !!

    copy run disk0:/.private/startup-config

    ================================================== ======
    Saving ASA Configuration
    ========================

    copy /noconfirm running-config disk0:/.private/running-config
    copy /noconfirm disk0:/.private/running-config disk0:/.private/startup-config
    configure terminal
    boot config disk0:/.private/startup-config
    exit
    ==============================


    The next thing I'm going to confirm steps for is making the interfaces pingable , and so far, I think the key is to separate them by switches, but I need to test this first.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #9
    Hey what version of OS are you using? I can't get 8.4 to run. I have read of the no one can run 8.0 or newer.

    EDIT: Nevermind. Have you found any draw backs from using an OS that old.
    Reply With Quote Quote  

  11. Senior Member alan2308's Avatar
    Join Date
    Apr 2010
    Location
    Ann Arbor, MI
    Posts
    1,807

    Certifications
    CCNA, CCNA Sec, MCSA 2008, MCSA 2012, CISSP
    #10
    Quote Originally Posted by instant000 View Post
    However, I just looked at the CCIE Security objectives, and the ASA on there was 8.x. It would seem if they really needed something higher than that, it'd specifically say so. (especially considering that 8.5 is already out for the FWSM)
    I saw that too, and I don't see any specific version listed for the CCNP Security exams so I have to assume it won't require a higher version than the CCIE Security requires. 8.0.2 should be fine for the foreseeable future. If not, the security lab at school has a stack of 5510's running 8.4 so I can always spend a few long nights there.

    And thanks for the quick and dirty how to. I was also unable to save configs, so I'll run through that next time I fire up GNS3.
    Reply With Quote Quote  

  12. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #11
    Thanks for the info instant000 , seems like you cant run a suitable lab comfortable without constant nagging problems with the emulation lol

    I have 5510's, 20's and 40's at work that i can play with. Plus i plan on buying a pair of 5505's for my studies, it only seems right if i plan on moving towards the CCIE Security track. 5505s are cheap these days
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #12
    Quote Originally Posted by chrisone View Post
    Thanks for the info instant000 , seems like you cant run a suitable lab comfortable without constant nagging problems with the emulation lol

    I have 5510's, 20's and 40's at work that i can play with. Plus i plan on buying a pair of 5505's for my studies, it only seems right if i plan on moving towards the CCIE Security track. 5505s are cheap these days
    There is alot they can't do that seems like it would be covered in the objectives if I recall correctly. IPS being one of them.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #13
    Quote Originally Posted by Bl8ckr0uter View Post
    There is alot they can't do that seems like it would be covered in the objectives if I recall correctly. IPS being one of them.
    Look at this.

    how much can we run CCIE Security labs in gns3 - IEOC - Internetwork Expert's Online Community

    Then, see these links below.

    CCIE SEC Virtual Racks

    CCIE SEC Mini-Scenarios

    http://ccie18473.net/dynamips4/ine-cciesec-vrack.v3.net

    http://ccie18473.net/dynamips4/qemu-start-asa-ips.txt

    Hope this helps!
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  15. Senior Member alan2308's Avatar
    Join Date
    Apr 2010
    Location
    Ann Arbor, MI
    Posts
    1,807

    Certifications
    CCNA, CCNA Sec, MCSA 2008, MCSA 2012, CISSP
    #14
    Quote Originally Posted by instant000 View Post
    However, I just looked at the CCIE Security objectives, and the ASA on there was 8.x. It would seem if they really needed something higher than that, it'd specifically say so. (especially considering that 8.5 is already out for the FWSM)
    Bad news on this. I was just looking at the exam objectives for the 642-617 FIREWALL v1.0 exam, and in the comments it says that FIREWALL and VPN are both based on 8.2. I still can't find anything official from Cisco though.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #15
    Well, botnet detection is an 8.2 feature

    Cisco ASA Botnet Traffic Filter - Cisco Systems

    There are several videos on it. Go over those, and you should be OK.

    I think I'm going to make a study checklist, to make sure I'm hitting all the topics. I found several security design guides on their site, and my best hope is to try to read those, and hope that gets me by. If I somehow fail the exam due to the design section, then I'll try getting the official book.

    It's basically an experiment for me, because I think I'll learn more thoroughly, if I don't have a book that tells me what's supposed to be on the test.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks