+ Reply to Thread
Results 1 to 3 of 3
  1. Senior Member PhildoBaggins's Avatar
    Join Date
    Sep 2010
    Location
    In America
    Posts
    274

    Certifications
    A+, Net+, MCP, LCP, BAIS, BCNE, CCENT, CCNA, CCNA Security, CCNA Voice, CCDA, CCNP, CUDS, LCSAUC, CIPTDS, NSA 4011, Cisco IOS Security Specialist, Hub
    #1

    Default Virtual ASA Guide, not sure if someone already has this out there.

    I found this junk I had written for some ASA classes I hosted early this year or late last year. These maybe missing a few steps but it will get the job done. Its very handy and I constantly lab ASA items using this setup. I even firewall computers and vpn into myself to test client/ssl/anyconnect etc...


    Phillip's ASA/ASDM Virtual GNS3 Setup Guide

    Download these files, they will be required for the install. These two asa.zip files should contain different items so please rename one of them when you download.


    asa.zip

    http://www.gns3.net/download/

    asa.zip




    Step 1: Open device manager, select the network adapters category. Select action, then add legacy hardware. Choost microsoft, then MS Loopback Adapter.


    Step 2: Reboot your pc if neccessary and set your loopback adapters IP address to 10.100.100.100 255.255.255.0


    Step 3: Install TFTP Server


    Step 4: Install GNS3 0.8.2-BETA2


    Step 5: Create GNS folder for images and such


    Step 6: Open GNS, go to Preferences and set your project directory and image directory


    Step 7: Setup Qemu, Goto ASA


    Identifier Name: ASA802

    Initrd: asa802-k8.initrd.gz

    Kernel: asa802-k8.kernel

    Qemu Options: -hdachs 980,16,32 -vnc :1

    Kernel Cmd Line: console=ttyS0,9600n8 bigphysarea=16384 auto nousb ide1=noprobe hda=980,16,32


    Click Save, Apply, then OK


    Identifier Name: ASA842

    RAM: 1024 MB

    Initrd: asa842-initrd.gz

    Kernel: asa842-vmlinuz

    Qemu Options: -m 1024 -icount auto -hdachs 980,16,32

    Kernel Cmd Line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536


    Click Save, Apply, then OK



    Step 8: Drag an ASA over, select ASA802. Right Click the ASA and click start.


    Step 9: Double click the ASA to open the console, it will take a minute to load. Press enter and drop in the following config.


    modprobe e1000

    ifconfig eth0 hw ether 00:00:AB:CD:10:10

    ifconfig eth1 hw ether 00:00:AB:CD:10:11

    ifconfig eth2 hw ether 00:00:AB:CD:10:12

    ifconfig eth3 hw ether 00:00:AB:CD:10:13

    ifconfig eth4 hw ether 00:00:AB:CD:10:14

    ifconfig eth5 hw ether 00:00:AB:CD:10:15

    ifconfig eth0 up

    ifconfig eth1 up

    ifconfig eth2 up

    ifconfig eth3 up

    ifconfig eth4 up

    ifconfig eth5 up

    cp /asa/bin/lina /mnt/disk0/lina

    cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor

    cd /mnt/disk0

    /mnt/disk0/lina_monitor


    Step 10: The ASA will begin to boot. from here you can setup your configuration. To save the ASA config use the following command:


    copy run disk0:/.private/startup-config


    Step 11: Drag over another ASA, this time select ASA842


    Step 12: Start the ASA842, then double click the ASA


    Step 13: The ASA842 may take a few minutes to boot, once its loaded you can utilize the following command to save configuration


    wr me


    Step 14: Click the stop button on GNS3 to stop the ASAs


    Step 15: Drag over a "Cloud"


    Step 16: Drag over an "Ethernet Switch"


    Step 17: Double click the cloud, select C1, and select the NIO ethernet tab. Choose the MS Loopback adapter, Click Add, Apply, Ok.


    Step 18: Use the Middle finger connector tool to connect the cloud and ASAs to the ethernet switch.


    Step 19: Click the Start button in GNS3


    Step 20: Drop the following commands into the ASA802 (COPY THE EMPTY SPACES)


    en



    conf t

    int e0/0

    ip add 10.100.100.2 255.255.255.0

    no shut

    nameif LAN

    sec 100

    exit

    icmp permit any LAN

    ping 10.100.100.100




    Step 21: If the pings are successful, then start your TFTP server


    Step 22: Run the following command in the ASA802 (press enter through the prompts)


    copy tftp://10.100.100.100/asdm-602.bin flash




    Step 23: Enter the following commands once ASDM has been written to flash


    conf t

    enable pass tech@dp

    passwd tech@dp

    username admin pass tech@dp priv 15

    http server enable

    aaa authentication http console LOCAL

    http 0.0.0.0 0.0.0.0 LAN


    Step 24: You can now browse to https://10.100.100.2 to login to ASDM (REMEMBER TO USE THE CUSTOM WR ME FOR ASA802)


    Step 25: Start ASA842


    Step 26: Double click the ASA842 to open the console, drop in the following config including the empty spaces



    en



    conf t

    int g0

    ip add 10.100.100.1 255.255.255.0

    no shut

    nameif LAN

    sec 100

    exit

    icmp permit any LAN

    ping 10.100.100.100


    copy tftp://10.100.100.100/asdm-641.bin flash






    enable pass tech@dp

    passwd tech@dp

    username admin pass tech@dp priv 15

    http server enable

    aaa authentication http console LOCAL

    http 0.0.0.0 0.0.0.0 LAN



    Step 27: You can now browse to https://10.100.100.1 to login to ASDM (REMEMBER TO USE THE REGULAR WR ME FOR ASA842)
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member ElvisG's Avatar
    Join Date
    Feb 2007
    Posts
    167

    Certifications
    A+, Network+, Security+, MCTS: Vista, MCP, MCSA:S, CCENT, CCNA
    #2
    Thank you from the bottom of my heart!
    Reply With Quote Quote  

  4. Senior Member Kreken's Avatar
    Join Date
    Sep 2012
    Location
    NYC
    Posts
    280

    Certifications
    CCNP R&S, CCDP, CCNP:S
    #3
    Thank you. This is a great post. I just have a couple of questions.

    1. It looks like you cannot run 8.2 and 8.4 at the same time. Is there a way around it? I get IRQ conflicts.

    2. I didn't look at 8.2 version yet but looking at 8.4 "sh ver" output license information leads me to believe this is 5510 without Security Plus license rather than 5520. Even though it says it is ASA 5520.

    Licensed features for this platform:
    Maximum Physical Interfaces : Unlimited perpetual
    Maximum VLANs : 100 perpetual
    Inside Hosts : Unlimited perpetual
    Failover : Disabled perpetual
    VPN-DES : Disabled perpetual
    VPN-3DES-AES : Disabled perpetual
    Security Contexts : 0 perpetual
    GTP/GPRS : Disabled perpetual
    AnyConnect Premium Peers : 5000 perpetual
    AnyConnect Essentials : Disabled perpetual
    Other VPN Peers : 5000 perpetual
    Total VPN Peers : 0 perpetual
    Shared License : Disabled perpetual
    AnyConnect for Mobile : Disabled perpetual
    AnyConnect for Cisco VPN Phone : Disabled perpetual
    Advanced Endpoint Assessment : Disabled perpetual
    UC Phone Proxy Sessions : 2 perpetual
    Total UC Proxy Sessions : 2 perpetual
    Botnet Traffic Filter : Disabled perpetual
    Intercompany Media Engine : Disabled perpetual

    This platform has an ASA 5520 VPN Plus license.

    Maximum VLANs : 100 perpetual
    5520 should have 150 max vlans.

    VPN-DES : Disabled perpetual
    VPN-3DES-AES : Disabled perpetual
    Only 5505 and 5510 require licenses to enable 3DES.

    Failover : Disabled perpetual
    Again, this is only for 5505 and 5510 disabled without a license.

    Edit: Found the solution to #2. You need to apply the following two activation codes to enable the features.
    activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
    activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
    Last edited by Kreken; 09-21-2012 at 12:46 PM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks