GNS3 and Cisco ASA 8.4 (Part 2)

Alright! Bam! Excited? I surely am. Cisco ASA on my laptop and I can lab anywhere!  Now lets establish more than console access via GNS3 and get SSH/HTTPS/ASDM running. The reason I am so pushy to get ASA on a device is because certification guides all show how to do a task both ways. Handy in my opinion. Plus it doesn’t hurt for study reasons!

  • tftpd32 – TFTP application
  • Legal version of ASDM 8.4.2 – Pretty GUI for the ASA
  • Administrator Rights – Need to bridge your interfaces!

Setup GNS3 for a host

Before we go making SSH access we need to connect our device into GNS3. Simple enough but can be daunting for some. I currently use Windows 7 on my lab machine due to the speed of spinning up VMs and the easy of connecting them in. I have dabbled with taps in Linux and it hurts my face and wastes my labbing time.

To connect your host to GNS3 I made a bridge interface with a pre-existing VM interface and my Gig Ethernet interface of my laptop.

  1. Open up network connections
  2. Select Ethernet connection and VM Connection
  3. Right Click > Bridge Connection
  4. Assign an IP address to your device.

Think Smart and It’s simple!

Now that we have created this adapter and assigned this address ( other end is g0 on the ASA – ) we can create a magical unicorn (cloud) link!

  1. Open up GNS3 – Drag a cloud next to your ASA and place an Ethernet Switch down too.
  2. Right click on the cloud and configure. Select the MAC address bridge and add that connection.
  3. Cable the cloud to the switch and then the switch to the ASA

Pick the right interface lest their be judgment most Righteous


Back to the ASA!

Now lets get some initial configuration on this ASA and get connectivity from our Windows machine! We are getting there people! Slow and steady wins the race.

Note: GNS3 lists interfaces as E0-5. The ASA sees them as G0-5.

Alright – Basic ASA configuration and required Interfaces

interface GigabitEthernet2
 security-level 0
 ip address
username asa password xGIkoVq88G4kwjuv encrypted privilege 15

Now to make the SSH keys

domain name
crypto key generate rsa
aaa authentication ssh console LOCAL
ssh timeout 5

Voila! Subnet from the Management interface has been allowed for SSH. Now to test a ping from the host and then connect via SSH!

Pinging with 32 bytes of data:
Reply from bytes=32 time=4ms TTL=255
Reply from bytes=32 time=1ms TTL=255
Ping statistics for
 Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 1ms, Maximum = 4ms, Average = 2ms

Looky Looky – SSH keys

and one day…. I got in

Now let’s TFTP the ASDM software from onto the ASA at Rather simple process. TFTD32 is installed onto the host at and the file ASDM-641.bin is in the tftp root.

ASA1# copy tftp disk
Address or name of remote host []?
Source filename []? asdm-641.bin
Destination filename [disk]?
Accessing tftp://!!!!!!  !!!!!!!
15841428 bytes copied in 41.550 secs (386376 bytes/sec)

Installed. Now we just enable the HTTPS web service and off we go. So close! Study can almost begin!
The commands to set up the HTTPS web server are not far away and very similar to the SSH syntax.  We first enable the service then allow what subnet on which interface to access it.

http server enable
aaa authentication http console LOCAL

Let’s save this as a basic config.

copy run start
copy start disk
<span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; white-space: normal;"><span style="text-decoration: underline;">ASDM Access time</span></span>

Now we open up Internet Explorer (Chrome went funky chicken on me) and lets browse to https:\\ and see what happens.


Here we go!

Now – let us login via ASDM and use the web gui! Click Run ASDM.  After some loading check out what will appear next!

Jobs done!

And with that we have working ASDM! Now go forth and spread the good work. Let me know how you have found this post and I will attempt to help those below who cannot get this working. Again I will not give out any software illegally. Happy Labbing!

Previous Post GNS3 and Cisco ASA 8.4 (Part 1)

13 thoughts on “GNS3 and Cisco ASA 8.4 (Part 2)

        • Gino says:

          I had the same problem, but it was solved after following all steps and create a new project. I spent several hours with same project, I just only modified settings, that was the problem. When I create a new project, ASA worked fine!!!

  1. Well done Anthony except…

    The copy command
    should be “ASA1# copy tftp: disk0:” so it does not copy the
    image to a file name “disk”. This can be verified by “dir”.

    You also seemed to have missed “asdm image
    disk0:asdm-641.bin” after copy tftp: which selects the image
    used by http server…

    Keep up the good work…

    • Thanks. I will update. I just copied and pasted from the CLI.
      Regarding the second one I didn’t need to do that as it chose the asdm image by default as it was the only one there.

      In this simulated environment there is nothing on the desk at all; opposed to asdm/asa image being installed locally on a physical. The command is great if you have multiple versions of ASDM and want to select a particular one.

      thank you for reading. I appreciate the feedback!

Leave a Reply

Your email address will not be published. Required fields are marked *