Cisco ASA Firewall installation in GNS3 - Part VII

Last few days I have spent a lot of time on PA to setup its initial configuration and use PA with GNS3. Now I’m satisfied with GNS3 1.3.11 version to run PA deployed in a VB and used it in GNS3. For this same version of GNS3, here I’m going to try on Cisco ASA firewall.

Gosh! The ASA takes very longer time to load and comes to enable mode. Even with high RAM ASA is lagging when we putting commands. 4/5 ASA fails to load. So I assume, this is a bug in GNS3 1.3.11 version. Now I’m going to install my old monster gns3 0.8.7. Hope both ASA and PA will work there.

Checklist

For all versions of GNS3 takes average time to start PA at VB. This take little more time. Currently. I’m testing it on GNS3 v0.8.7. First attempted failed. Then I stop the PA at GNS3 and start again. After few minutes as usual PA started to work.

But wait. It stuck at system initializing. Here don’t press CTRL-C to bypass. Wait until VB load the PA. Problem is getting more time to success. However after 3-4 minutes I able to get the PA running and access the web console successfully. 

GNS3 Version	Palo Alto	ASA
1.3.11	VBox Worked (normal)	Working avg 20%. But takes very long time.
1.5.2	Not worked. Windows 7 may not support for this version of GNS3
2.1.3	VMware worked (normal)	ASAv not worked
0.8.7	VBox, Put any key (Ctrl-Break)	ASA worked (1 GB RAM most compatible)

For ASA I have configured different size of RAM capacity. But seems to be 1 GB is the most compatible for the ASA 842 at GNS3 v0.8.7.

Installation

Below materials are used to launch ASDM.

• TFTPD 64 v4.50 (Run as administrator)
• asa842-initrd, asa842-vmlinuz (Location: Z:\GNS3 Projects\ASA842-ios image). Use readme file to configure the ASA in GNS3.
• Asdm-647.bin (C:\tftpd64.450)
• MS Loopback adapter. (IP 10.10.10.10/24 default GW as 10.10.10.1) – Here I remove IP configuration set at VB HO adapter 192.168.1.0 network. Otherwise MS loopback IP may conflict the same class C default GW. For best practice you can remove other configuration under network setting configured in adapters: physical machine and disable them to use ASDM. Once you going to use PA, make sure to enable the particular adapter and configure the IP address with respect to the PA lab topology.

# configure terminal

# interface GigaEthernet 0

# ip address 10.10.10.1 255.255.255.0

# nameif inside

# no shutdown

# exit

Verify > Ping from ASA to MS loopback network and able to ping. You can test from you physical machine, use cmd to ping 10.10.10.1 ASA. It will work as well. Now copy asdm file to flash.

# copy tftp://10.10.10.2/asdm-647.bin flash

After loading the asdm-647.bin file to flash, enter below commands to continue. Here you configure the ASA to load with the image which you have copy to flash in previous step. Then you have to provide privilege and allow your machine (MS loopback adapter) IP address to inside network.

# configure terminal

# asdm image flash:asdm-647.bin

# http server enable

# http 10.10.10.2 255.255.255.255 inside

# username abc password abc privilege 15

Now you successfully configure the ASA to load ASDM. Put https://10.10.10.1 in the web browser. Then you can download the asdm-launcher to load asdm. Then Install the asdm-launcher.

Go to the installation location where C: programs files, you can see cisco folder, in that folder click on asdm-launcher. Use your credentials to login which you have given in the configuration. (Here I didn’t configure any credentials).

Note: If ASDM doesn’t launch first time or couldn’t find the location where the launcher app installed, install the JAVA web start and try for ASDM. ASDM launcher will install to the location you have selected through the installation process. Go to the location and open asdm launcher (In my case it shows as a WINRAR file. First I confused, but it loads ASDM without any errors.

Conclusion > GNS3 0.8.7 version is supporting for both PA and ASA firewall.