GNS3 step by step

I am new  with GNS3, I used to work with packet tracer but now i want to test ASA which is not included in packet tracer software!
Actually i would like to know how can I get started with GNS! i guess it needs an IOS! where can i download ASA IOS for free just to make a test!

anyone can help me step by step how can I start with GNS and where can I download the IOS!

Thanks
yahyoozAsked:
Who is Participating?
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
0
 
ddiazpCommented:
You cannot download ASA for free. however there must be some links out there on the internet..

on the other hand, I found this easier than GNS3:

http://asaproject.gromnet.net

You can download an ASA as a VM, or as an installer; it works great and doesn't give you the problem GNS3 does.

As far as I know, ASAs on GNS3 have a problem where you cannot enable any of the interfaces, there are problems saving configurations, etc.
0
 
ddiazpCommented:
@Pete

Hey, I tried the method you have on your site and I would like to make a correction, or suggest something:

Let people know that they have to copy their device ID and paste it into the script or it will complain about:

Error Initialising interface \Device\NPF_{73E6A630-EF98-4CBB-8C30-A60FA09DF59F}
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
yahyoozAuthor Commented:
Thanks ddiazp,

I have download the ASA vm but whenever i start it it just freeze on (booting the kernel)!!!
is there any ideas!!!

Thanks
0
 
yahyoozAuthor Commented:
and FYI,I am using  VMware Workstation 6.5.3
0
 
ddiazpCommented:
Yes, that's what it's supposed to
Do. Once you see that go to the folder where you downloaded the file, run start_gw.bat and then run Connect.bat

You will then have access to the console port
0
 
yahyoozAuthor Commented:
Thanks Pete,

is there possibility to connect ASA vmware with other devices, I mean is it possible to create a virtual switch and hosts and connect them all together to test!!!

Thanks
0
 
ddiazpCommented:
You can create loopback interfaces on your machine and map these interfaces to the ASA,

DOing this I am able to have 2 ASAs and ping between them through my PC which acts as a router.
0
 
yahyoozAuthor Commented:
thanks ddizp,

now i just followed pete instructions and everything works fine, but when i try to ping from ASA to my PC it wont work!! but when i ping from the PC to ASA it works!
ASA e0/0 172.16.254.199/24
Virtual PC LAN 192.168.100.20/24

and what IP address should i give to lookback interface!
Thanks
0
 
ddiazpCommented:
the loopback interface must be ont he same subnet as your ASA.

Also, make sure you map the loopback to the ASA


In this case, you can give your loopback 172.16.254.200, and this is the IP you want to ping from the ASA first. Once that works, add a default route on the ASA pointing to your loopback:

route inside 0.0.0.0 0.0.0.0 172.16.254.200


For ASA practice, you should use 2 loopback interfaces so you can have an outside and an inside network on your ASA
0
 
yahyoozAuthor Commented:
OK, here is the configuration that i made:
int e0/0: inside 172.16.254.199
int e0/1: outside 10.0.0.10
route inside 0 0 172.16.254.200

virtual LAN: ASA-E-0 172.16.254.198
virtual LAN: ASA-E-1 10.0.0.2
loopback interface1 : named (route-inside) 172.16.254.200
loopback interface2: named (route-outside) 10.0.0.1
from the PC i can ping all IPs, but when i try to ping from ASA, still no success!!! I have tried to open ICMP echo,
access-list acl_in permit icmp any any echo-reply
access-list acl_out permit icmp any any echo-reply

but still no success!!  any other idea!
0
 
ddiazpCommented:
Woop, made a mistake, I meant

Route outside 0 0 10.0.0.1

Also, you'll want to name both your access lists the same

Nat (inside) 1 0.0.0.0 0.0.0.0
Global (outside) 1 interface
Access-group  in interface outside

Make sure your interfaces have the nameif statement with the proper name (inside and outside) and the inside has security level of 100, outside security level lower than inside level, usually 0.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.