Alright! Bam! Excited? I surely am. Cisco ASA on my laptop and I can lab anywhere! Now lets establish more than console access via GNS3 and get SSH/HTTPS/ASDM running. The reason I am so pushy to get ASA on a device is because certification guides all show how to do a task both ways. Handy in my opinion. Plus it doesn’t hurt for study reasons!
- tftpd32 – TFTP application
- Legal version of ASDM 8.4.2 – Pretty GUI for the ASA
- Administrator Rights – Need to bridge your interfaces!
Setup GNS3 for a host
Before we go making SSH access we need to connect our device into GNS3. Simple enough but can be daunting for some. I currently use Windows 7 on my lab machine due to the speed of spinning up VMs and the easy of connecting them in. I have dabbled with taps in Linux and it hurts my face and wastes my labbing time.
To connect your host to GNS3 I made a bridge interface with a pre-existing VM interface and my Gig Ethernet interface of my laptop.
- Open up network connections
- Select Ethernet connection and VM Connection
- Right Click > Bridge Connection
- Assign an IP address to your device.
Now that we have created this adapter and assigned this address ( other end is g0 on the ASA – 192.168.2.1 ) we can create a magical unicorn (cloud) link!
- Open up GNS3 – Drag a cloud next to your ASA and place an Ethernet Switch down too.
- Right click on the cloud and configure. Select the MAC address bridge and add that connection.
- Cable the cloud to the switch and then the switch to the ASA
Back to the ASA!
Now lets get some initial configuration on this ASA and get connectivity from our Windows machine! We are getting there people! Slow and steady wins the race.
Note: GNS3 lists interfaces as E0-5. The ASA sees them as G0-5.
Alright – Basic ASA configuration and required Interfaces
interface GigabitEthernet2 nameif MANAGEMENT security-level 0 ip address 192.168.2.1 255.255.255.0 username asa password xGIkoVq88G4kwjuv encrypted privilege 15
Now to make the SSH keys
domain name ciscoinferno.net crypto key generate rsa ssh 192.168.2.0 255.255.255.0 MANAGEMENT aaa authentication ssh console LOCAL ssh timeout 5
Voila! Subnet 192.168.2.0 from the Management interface has been allowed for SSH. Now to test a ping from the 192.168.2.2 host and then connect via SSH!
C:\Users\CiscoInferno>ping 192.168.2.1 Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 time=4ms TTL=255 Reply from 192.168.2.1: bytes=32 time=1ms TTL=255 Ping statistics for 192.168.2.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 4ms, Average = 2ms
Now let’s TFTP the ASDM software from 192.168.2.2 onto the ASA at 192.168.2.1. Rather simple process. TFTD32 is installed onto the host at 192.168.2.2 and the file ASDM-641.bin is in the tftp root.
ASA1# copy tftp disk Address or name of remote host ? 192.168.2.2 Source filename ? asdm-641.bin Destination filename [disk]? Accessing tftp://192.168.2.2/asdm-641.bin...!!!!!! !!!!!!! 15841428 bytes copied in 41.550 secs (386376 bytes/sec) ASA1#
Installed. Now we just enable the HTTPS web service and off we go. So close! Study can almost begin!
The commands to set up the HTTPS web server are not far away and very similar to the SSH syntax. We first enable the service then allow what subnet on which interface to access it.
http server enable http 192.168.2.0 255.255.255.0 MANAGEMENT aaa authentication http console LOCAL
Let’s save this as a basic config.
copy run start copy start disk<span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; white-space: normal;"><span style="text-decoration: underline;">ASDM Access time</span></span>
Now we open up Internet Explorer (Chrome went funky chicken on me) and lets browse to https:\\192.168.2.1 and see what happens.
Now – let us login via ASDM and use the web gui! Click Run ASDM. After some loading check out what will appear next!
And with that we have working ASDM! Now go forth and spread the good work. Let me know how you have found this post and I will attempt to help those below who cannot get this working. Again I will not give out any software illegally. Happy Labbing!