Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Cisco ASAv Appliance - GNS3

    Încărcat de

    Chimz Kabunda
    266 vizualizări8 pagini
    CIsco ASAv Appliance

    Titlu original

    Cisco ASAv appliance - GNS3

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    CIsco ASAv Appliance

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    266 vizualizări8 pagini

    Cisco ASAv Appliance - GNS3

    Încărcat de

    Chimz Kabunda
    CIsco ASAv Appliance

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 8

    4/21/2017 Cisco ASAv appliance ­ GNS3

    DOWNLOAD DOCUMENTATION COMMUNITY MARKETPLACE ACADEMY

    DOCUMENTATION   /   APPLIANCES   /   CISCO ASAV  Search Documentation

    Last updated
    March 28, 2017
    HOW TO INSTALL
    Contributors
    Julien Duponchelle

    APPLIANCE USAGE
    EDIT THIS ARTICLE

    APPLIANCE REQUIREMENTS

    Cisco ASAv appliance


    APPLIANCE
    DOCUMENTATION

    The Adaptive Security Virtual Appliance is a virtualized network security solution based on the market-leading Cisco ASA 5500-X Series 韛�rewalls. It
    both traditional and next-generation software-de韛�ned network (SDN) and Cisco Application Centric Infrastructure (ACI) environments to provide po
    VERSION SUPPORTED
    enforcement and threat inspection across heterogeneous multisite environments.
    Cisco ASAv 9.7.1

    More informations on http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-韛�rewall/index.html


    Cisco ASAv 9.6.2

    Cisco ASAv 9.6.1


    HOW TO INSTALL
    Cisco ASAv 9.5.2-204

    Download
    Cisco ASAvthe appliance 韛�le: here
    9.5.1-201
    Download the 韛�les for one of the supported version here
    Import the .gns3a 韛�le in GNS3. You can follow this tutorial
    IMPORTANT NOTES ABOUT

    APPLIANCE USAGE
    THE IMAGES

    There is no default
    GETTING password and enable password. A default con韛�guration is present. ASAv goes through a double-boot before becoming active. T
    A CONSOLE
    normalReplace
    and expected.
    the VNC console by a
    telnet console

    APPLIANCE REQUIREMENTS
    USING ASA
    RAM: 2048 MB
    Con韛�gure ASDM
    You need KVM enable on your machine or in the GNS3 VM.

    APPLIANCE
    TROUBLESHOOTING
    DOCUMENTATION
    No console is showing with
    ASAv
    Documentation for using the appliance is available on http://www.cisco.com/c/en/us/support/security/virtual-adaptive-security-appliance-韛�rewall/
    installation-guides-list.html
    Con韛�guration is not saving
    when running ASAv on
    Windows
    VERSION
    Last updated
    SUPPORTED
    March 28, 2017

    Contributors
    Cisco ASAv
    Julien 9.7.1
    Duponchelle

    IMAGES EDIT
    REQUIRE
    THIS ARTICLE

    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 1/8
    4/21/2017 Cisco ASAv appliance ­ GNS3
    File MD5 Size

    asav971.qcow2 cb31f53e70a9e409829d2f832ff09191 200.0 MB Download

    Cisco ASAv 9.6.2

    IMAGES REQUIRE

    File MD5 Size

    asav962.qcow2 a4c892afe610776dde8a176f1049ae96 177.0 MB Download

    Cisco ASAv 9.6.1

    IMAGES REQUIRE

    File MD5 Size

    asav961.qcow2 c8726827cb72f4eed8cb52a64bca091c 174.0 MB Download

    Cisco ASAv 9.5.2-204

    IMAGES REQUIRE

    File MD5 Size

    asav952-204.qcow2 73a1126283de6b70c4cc12edfc46d547 169.0 MB Download

    Cisco ASAv 9.5.1-201

    IMAGES REQUIRE

    File MD5 Size

    asav951-201.qcow2 ca071370278ecbd5dfdb1c5a4161571a 160.0 MB Download

    Other versions

    If you don't have this images you can try to add a new version follow instructions here.

    IMPORTANT NOTES ABOUT THE IMAGES


    Only images validated by VIRL team are known to work correctly with GNS3.  

    Images asav952-204.qcow2 or later are recommend (previous releases may not work). It is very important to use the correct ASA image because o
    image (or a later image validated by VIRL) will work with GNS3.

    GETTING A CONSOLE
    Depending of the image the console of the device could be serial or the graphical output of the VM.
    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 2/8
    4/21/2017 Cisco ASAv appliance ­ GNS3

    If the image display to the graphical output you need to connect using VNC. Otherwise it’s with the telnet connection.

    By default GNS3 appliance use the VNC output because it’s the most common case. If you need to connect via serial you will see this line at the bo

    Lina to use serial port /dev/ttyS0 for console IO

    If you see that just edit the con韛�guration of your node to change the console to telnet.

    Replace the VNC console by a telnet console

    If you want to able to use your terminal application instead of VNC you need to enable the serial console in the appliance.

    ciscoasa#conf t
    ciscoasa(config)# cd coredumpinfo
    ciscoasa(config)# copy coredump.cfg disk0:/use_ttyS0

    After that stop the appliance and change the console type from VNC to telnet.

    See this thread if you want to create an image with ASAv serial console always enabled:

    https://gns3.com/qa/how-to-con韛�gure-any-asav-qcow2-

    USING ASA

    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 3/8
    4/21/2017 Cisco ASAv appliance ­ GNS3

    Once the ASA appliance is imported into GNS3, you can create topologies such as the following:

    The cloud is linked to an eth2 interface of the GNS3 VM. In order to have an eth2 interface in the VM in the GNS3 VM settings in VMware (not in GN
    parameters of the VM in VMware) add a third network adapter with host only.

    We use a generic switch between the cloud and the ASAv vm because a qemu limitation of the current version of GNS3 prevent a direct link betwee
    and a cloud.

    Our cloud con韛�guration:

    The ASA is connected to the switch via is Management 0/0 interface.

    After that boot the ASAv it will take a long time with a reboot the 韛�rst time. Open the console and will see a prompt:

    ciscoasa>

    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 4/8
    4/21/2017 Cisco ASAv appliance ­ GNS3

    Switch to the con韛�gure mode (by default password is empty):

    ciscoasa> enable
    Password: 
    ciscoasa# configure terminal
    ciscoasa(config)# 

    ***************************** NOTICE *****************************

    Help to improve the ASA platform by enabling anonymous reporting,
    which allows Cisco to securely receive minimal error and health
    information from the device. To learn more about this feature,
    please visit: http://www.cisco.com/go/smartcall

    Would you like to enable anonymous error reporting to help improve
    the product? [Y]es, [N]o, [A]sk later: n
    In the future, if you would like to enable this feature,
    issue the command "call­home reporting anonymous".

    We can now change the hostname and write the con韛�g

    ciscoasa(config)# hostname gns3asav
    gns3asav(config)# write
    Building configuration...
    Cryptochecksum: 5c5f8e54 7203401c 38a17bec c74e13c6 

    7413 bytes copied in 0.240 secs
    [OK]

    Remember GNS3 will not save this for you. When you save in GNS3 you save the design of topology not the memory of the devices. Like in the real
    need to ask the OS to save before turning it off.

    Con韛�gure ASDM

    In order to manage ASA with asdm we need to setup an ip on the Management 0/0 interface. Because the cloud is a VMware host only adapter we
    DHCP to do that.

    ciscoasa(config)# interface Management 0/0
    ciscoasa(config­if)# ip address dhcp
    ciscoasa(config­if)# no shutdown  
    ciscoasa(config­if)# nameif mgmt
    INFO: Security level for "mgmt" set to 0 by default.
    ciscoasa(config­if)# exit
    ciscoasa(config)# show ip                 
    System IP Addresses:
    Interface                Name                   IP address      Subnet mask     Method 
    Management0/0            mgmt                   172.16.16.156   255.255.255.0   DHCP  
    Current IP Addresses:
    Interface                Name                   IP address      Subnet mask     Method 
    Management0/0            mgmt                   172.16.16.156   255.255.255.0
    We can see that our ASA as the IP 172.16.16.156

    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 5/8
    4/21/2017 Cisco ASAv appliance ­ GNS3

    Now we need to enable the HTTP server

    ciscoasa(config)# http server enable
    ciscoasa(config)# http 0.0.0.0 0.0.0.0 mgmt

    Now open https://172.16.16.156 and ignore the HTTPS certi韛�cate error.

    You will see this page

    Click on install ASDM launcher. And when you have ASDM on your computer opened it. Enter the IP of the ASA and OK

    You will see the ASDM interface

    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 6/8
    4/21/2017 Cisco ASAv appliance ­ GNS3

    The warning about the licence is normal. The appliance provided by Cisco is dedicated to learning not a production usage where you need to pay.

    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 7/8
    4/21/2017 Cisco ASAv appliance ­ GNS3

    TROUBLESHOOTING

    No console is showing with ASAv

    Depending of the image, the serial console could be not activated. If it’s the case you need to connect to via VNC to enable the serial console see th
    post for more details:

    https://gns3.com/qa/how-to-con韛�gure-any-asav-qcow2-

    Con韛�guration is not saving when running ASAv on Windows

    ASAv is not supported by the version of Qemu provided for Windows you need to run it using the GNS3 VM.

    https://docs.gns3.com/appliances/cisco­asav.html#appliance_supported 8/8

    S-ar putea să vă placă și