Cisco 5500 series ASA firewall initial configuration

Adding ASA image file:

1. Go to: Edit > Preferences.

2. Select Qemu. Select Tab: ASA and configure as follows:

Preconfiguration: ASA 8.4(2)

Identifier name: asa842
RAM: 1024 MB
Initrd: asa842-initrd.gz
Kernel: asa842-vmlinuz
Click Save > Apply > OK.
Qemu Options:
-vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
Kernel cmd line:
-append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb
console=ttyS0,9600 bigphysarea=65536

To run two ASAs, use following Qemu:

Qemu Options: -vnc :2 none -vga none -m 1024 -icount auto -hdachs 980,16,32

3. Start a new Porject in GNS3 and drag/drop a ASA (8.4) firewall to the topology.

Here, My_PC uses MSLoopback adapter. Configure IP of loopback adapter as 192.168.30.2

with subnet mask 255.255.255.0.

4. Now start all devices in GNS3 and use following commands on the firewall to give an IP.
Ciscoasa> enable
ciscoasa# configure terminal
ciscoasa(config)# interface gigabitEthernet 1
ciscoasa(config-if)# ip address 192.168.30.1 255.255.255.0
ciscoasa(config-if)# nameif management
// or inside
ciscoasa(config-if)# no shutdown
5. Now PC is ready to talk to firewall, lets try.
ciscoasa# ping 192.168.30.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
ciscoasa#
6. The next step is to copy ASDM to Firewall. If already have TFTP Server is installed, cool
otherwise Download and start the TFTP Application:

7. Download ASDM from Cisco website. I have ASDM 6.4(7) downloaded.

8. On the TFTP application browse to the folder where you have downloaded ASDM (here
i.e. C:\Root).
9. On the firewall use following command to download TFTP Image:
ciscoasa# copy tftp flash
Address or name of remote host []? 192.168.30.2
Source filename []? asdm-647.bin
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm647.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Output Omited
Writing current ASDM file disk0:/asdm-647.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Output Omited
17902288 bytes copied in 56.500 secs (319683 bytes/sec)
ciscoasa#
10. Set the Firewall to Load the ASDM at next reboot and also identify the management
Station IP address
ciscoasa# sh flash
# length date/time path
2 4096
Mar 05 2012 13:40:42 log
9 4096
Mar 05 2012 13:40:47 coredumpinfo
10 59
Mar 05 2012 13:40:47 coredumpinfo/coredump.cfg
11 196
Mar 05 2012 13:40:47 upgrade_startup_errors_201203051340.log
12 17902288 Mar 05 2012 14:00:48 asdm-647.bin
268136448 bytes total (250191872 bytes free)
ciscoasa# config t
ciscoasa(config)# http server enable
ciscoasa(config)# http 192.168.30.2 255.255.255.255 management
ciscoasa(config)# asdm image flash:asdm-647.bin
ciscoasa(config)# username cisco password cisco privilege 15

// or inside

11. Use wr mem or copy running-config startup-configcommand and then reload the
firewall using 'reload' command
12. Launch browser and go to https://192.168.30.1 (Disable Proxy if you are using any).
Continue with Run ASDM.

Next, Open with > OK

Continue clicking Later

Click Yes

Give username and password (here: both are cisco).

Once the firewall is up and running use following activation keys:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5

It will take a while (10-15 min) to accept the second activation key and will take the same
time at first reboot. Now click Update Activation Key.