Solved

GNS3 step by step

Posted on 2010-09-14
12
1,272 Views
Last Modified: 2012-05-10
I am new  with GNS3, I used to work with packet tracer but now i want to test ASA which is not included in packet tracer software!
Actually i would like to know how can I get started with GNS! i guess it needs an IOS! where can i download ASA IOS for free just to make a test!

anyone can help me step by step how can I start with GNS and where can I download the IOS!

Thanks
0
Comment
Question by:yahyooz
  • 6
  • 5
12 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 33676260
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 33686321
You cannot download ASA for free. however there must be some links out there on the internet..

on the other hand, I found this easier than GNS3:

http://asaproject.gromnet.net

You can download an ASA as a VM, or as an installer; it works great and doesn't give you the problem GNS3 does.

As far as I know, ASAs on GNS3 have a problem where you cannot enable any of the interfaces, there are problems saving configurations, etc.
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 33686601
@Pete

Hey, I tried the method you have on your site and I would like to make a correction, or suggest something:

Let people know that they have to copy their device ID and paste it into the script or it will complain about:

Error Initialising interface \Device\NPF_{73E6A630-EF98-4CBB-8C30-A60FA09DF59F}
0
 

Author Comment

by:yahyooz
ID: 33690783
Thanks ddiazp,

I have download the ASA vm but whenever i start it it just freeze on (booting the kernel)!!!
is there any ideas!!!

Thanks
0
 

Author Comment

by:yahyooz
ID: 33690787
and FYI,I am using  VMware Workstation 6.5.3
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 33692662
Yes, that's what it's supposed to
Do. Once you see that go to the folder where you downloaded the file, run start_gw.bat and then run Connect.bat

You will then have access to the console port
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:yahyooz
ID: 33694389
Thanks Pete,

is there possibility to connect ASA vmware with other devices, I mean is it possible to create a virtual switch and hosts and connect them all together to test!!!

Thanks
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 33694413
You can create loopback interfaces on your machine and map these interfaces to the ASA,

DOing this I am able to have 2 ASAs and ping between them through my PC which acts as a router.
0
 

Author Comment

by:yahyooz
ID: 33700449
thanks ddizp,

now i just followed pete instructions and everything works fine, but when i try to ping from ASA to my PC it wont work!! but when i ping from the PC to ASA it works!
ASA e0/0 172.16.254.199/24
Virtual PC LAN 192.168.100.20/24

and what IP address should i give to lookback interface!
Thanks
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 33706340
the loopback interface must be ont he same subnet as your ASA.

Also, make sure you map the loopback to the ASA


In this case, you can give your loopback 172.16.254.200, and this is the IP you want to ping from the ASA first. Once that works, add a default route on the ASA pointing to your loopback:

route inside 0.0.0.0 0.0.0.0 172.16.254.200


For ASA practice, you should use 2 loopback interfaces so you can have an outside and an inside network on your ASA
0
 

Author Comment

by:yahyooz
ID: 33707010
OK, here is the configuration that i made:
int e0/0: inside 172.16.254.199
int e0/1: outside 10.0.0.10
route inside 0 0 172.16.254.200

virtual LAN: ASA-E-0 172.16.254.198
virtual LAN: ASA-E-1 10.0.0.2
loopback interface1 : named (route-inside) 172.16.254.200
loopback interface2: named (route-outside) 10.0.0.1
from the PC i can ping all IPs, but when i try to ping from ASA, still no success!!! I have tried to open ICMP echo,
access-list acl_in permit icmp any any echo-reply
access-list acl_out permit icmp any any echo-reply

but still no success!!  any other idea!
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 33707534
Woop, made a mistake, I meant

Route outside 0 0 10.0.0.1

Also, you'll want to name both your access lists the same

Nat (inside) 1 0.0.0.0 0.0.0.0
Global (outside) 1 interface
Access-group  in interface outside

Make sure your interfaces have the nameif statement with the proper name (inside and outside) and the inside has security level of 100, outside security level lower than inside level, usually 0.

0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now