Asa > gns3

danc_101danc_101 Member Posts: 60 ■■□□□□□□□□
Has anyone got an ASA working in GNS3 ?

Comments

  • ConstantlyLearningConstantlyLearning Member Posts: 445
    I havn't but have you tried this? How to run ASA 8 firewall on GNS3 0.7.3 | GNS3 Vault

    Looks promising.
    "There are 3 types of people in this world, those who can count and those who can't"
  • instant000instant000 Member Posts: 1,745
    danc_101 wrote: »
    Has anyone got an ASA working in GNS3 ?
    Yes.
    I havn't but have you tried this? How to run ASA 8 firewall on GNS3 0.7.3 | GNS3 Vault
    Looks promising.

    That works, try this video, might be a little easier:

    ‪GNS3 - How to configure GNS3 and Cisco ASA Firewall‬‏ - YouTube

    Of course, I've only seen the 8.02 running. If somehow had instructions on how to get 8.4 running, I'd use that, LOL.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    danc_101 wrote: »
    Has anyone got an ASA working in GNS3 ?

    yep it works.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    instant000 wrote: »
    Of course, I've only seen the 8.02 running. If somehow had instructions on how to get 8.4 running, I'd use that, LOL.

    You and me both. Nobody has managed anything beyond 8.02.
  • instant000instant000 Member Posts: 1,745
    alan2308 wrote: »
    You and me both. Nobody has managed anything beyond 8.02.

    No kidding.

    I'm almost to the point of buying a couple ASA's, just to stock up my lab properly.

    However, I just looked at the CCIE Security objectives, and the ASA on there was 8.x. It would seem if they really needed something higher than that, it'd specifically say so. (especially considering that 8.5 is already out for the FWSM)

    Besides, the emulated pix 8.x is a lot easier to run. I got one running 8.0 pretty smooth in just a few minutes.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Isnt the draw back to this ASA emulation , not being able to save configs?
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • instant000instant000 Member Posts: 1,745
    chrisone wrote: »
    Isnt the draw back to this ASA emulation , not being able to save configs?

    I can save mine.

    Let me show you some note's I've collected (from various places on the net, mind you).


    =========================

    How to get the ASA running
    ===========================


    1. Cisco Network Resources > Free Tools
    download: cisco asa 8 initrd.gz
    download: cisco asa8 kernel
    2. launch gns3 > edit > preferences > Qemu > ASA
    initrd: specify the file you downloaded earlier
    kernel: specify the other file you downloaded
    make sure to give it a name
    then, you can save, apply, and ok
    3. in GNS3, bring the firewall over
    start it
    minimize the window that comes up
    4. open the ASA console
    wait for one minute (it is loading up)
    5. after waiting one minute, enter this command:
    cd /mnt/disk0
    /mnt/disk0/lina_monitor


    ================================================================

    Formatting the Flash (for when saving fails)
    =======================

    1. enter this command from enable mode:

    format flash:

    2. restart the ASA
    in GNS3 right click on the ASA Icon – “stop”
    give it a few seconds then select “start”

    3. open your ASA console
    f asked run the command
    cd /mnt/disk0
    /mnt/disk0/lina_monitor

    4. now try dir again … note the 0 bytes has gone :O)

    5. You can now save your configs !!

    copy run disk0:/.private/startup-config

    ========================================================
    Saving ASA Configuration
    ========================

    copy /noconfirm running-config disk0:/.private/running-config
    copy /noconfirm disk0:/.private/running-config disk0:/.private/startup-config
    configure terminal
    boot config disk0:/.private/startup-config
    exit
    ==============================


    The next thing I'm going to confirm steps for is making the interfaces pingable , and so far, I think the key is to separate them by switches, but I need to test this first.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Hey what version of OS are you using? I can't get 8.4 to run. I have read of the no one can run 8.0 or newer.

    EDIT: Nevermind. Have you found any draw backs from using an OS that old.
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    instant000 wrote: »
    However, I just looked at the CCIE Security objectives, and the ASA on there was 8.x. It would seem if they really needed something higher than that, it'd specifically say so. (especially considering that 8.5 is already out for the FWSM)

    I saw that too, and I don't see any specific version listed for the CCNP Security exams so I have to assume it won't require a higher version than the CCIE Security requires. 8.0.2 should be fine for the foreseeable future. If not, the security lab at school has a stack of 5510's running 8.4 so I can always spend a few long nights there. :D

    And thanks for the quick and dirty how to. I was also unable to save configs, so I'll run through that next time I fire up GNS3.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Thanks for the info instant000 , seems like you cant run a suitable lab comfortable without constant nagging problems with the emulation lol

    I have 5510's, 20's and 40's at work that i can play with. Plus i plan on buying a pair of 5505's for my studies, it only seems right if i plan on moving towards the CCIE Security track. 5505s are cheap these days :D
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    chrisone wrote: »
    Thanks for the info instant000 , seems like you cant run a suitable lab comfortable without constant nagging problems with the emulation lol

    I have 5510's, 20's and 40's at work that i can play with. Plus i plan on buying a pair of 5505's for my studies, it only seems right if i plan on moving towards the CCIE Security track. 5505s are cheap these days :D

    There is alot they can't do that seems like it would be covered in the objectives if I recall correctly. IPS being one of them.
  • instant000instant000 Member Posts: 1,745
    There is alot they can't do that seems like it would be covered in the objectives if I recall correctly. IPS being one of them.

    Look at this.

    how much can we run CCIE Security labs in gns3 - IEOC - Internetwork Expert's Online Community

    Then, see these links below.

    CCIE SEC Virtual Racks

    CCIE SEC Mini-Scenarios

    http://ccie18473.net/dynamips4/ine-cciesec-vrack.v3.net

    http://ccie18473.net/dynamips4/qemu-start-asa-ips.txt

    Hope this helps!
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    instant000 wrote: »
    However, I just looked at the CCIE Security objectives, and the ASA on there was 8.x. It would seem if they really needed something higher than that, it'd specifically say so. (especially considering that 8.5 is already out for the FWSM)

    Bad news on this. I was just looking at the exam objectives for the 642-617 FIREWALL v1.0 exam, and in the comments it says that FIREWALL and VPN are both based on 8.2. I still can't find anything official from Cisco though.
  • instant000instant000 Member Posts: 1,745
    Well, botnet detection is an 8.2 feature

    Cisco ASA Botnet Traffic Filter - Cisco Systems

    There are several videos on it. Go over those, and you should be OK.

    I think I'm going to make a study checklist, to make sure I'm hitting all the topics. I found several security design guides on their site, and my best hope is to try to read those, and hope that gets me by. If I somehow fail the exam due to the design section, then I'll try getting the official book.

    It's basically an experiment for me, because I think I'll learn more thoroughly, if I don't have a book that tells me what's supposed to be on the test.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
Sign In or Register to comment.