Wednesday, August 8, 2012

Basic Configuration of ASA


Steps for setting up Inside and ouside interface with their ip address



interface ethernet 0/0 as Insidie : 10.0.0.1            default security level 100
interface ethernet 0/0 as Outside: 170.100.100.1 default security level 0

ciscoasa> en
Password: (there is no password for first time use)
ciscoasa# configure terminal
ciscoasa(config)# interface ethernet 0/0
ciscoasa(config-if)# ip address 10.0.0.1 255.255.255.0
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)#
ciscoasa(config-if)# interface ethernet 0/5
ciscoasa(config-if)# ip address 170.100.100.1 255.255.255.0
ciscoasa(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ciscoasa(config-if)# no shutdown

Confgure ASA to accept HTTPS connections from inside
Configure from global configuration

ciscoasa(config-if)# exit
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.0.0.2 255.255.255.255 inside
ciscoasa(config)#
ciscoasa(config)# copy run disk0:/.private/startup-config

Source filename [running-config]?

Destination filename [/.private/startup-config]?
Cryptochecksum: a33b008e 92e77294 9d7a6088 27ff113f

1596 bytes copied in 2.420 secs (798 bytes/sec)open(ffsdev/2/write/41) failed
open(ffsdev/2/write/40) failed

ciscoasa(config)# username imran password cisco privilege 15
ciscoasa(config)#
ciscoasa(config)# copy run disk0:/.private/startup-config

Source filename [running-config]?

Destination filename [/.private/startup-config]?

%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Cryptochecksum: 231499c4 db3e4734 3c37be8e 166f9b83

1660 bytes copied in 2.850 secs (830 bytes/sec)open(ffsdev/2/write/41) failed
open(ffsdev/2/write/40) failed

REMEMBER to turnoff your local computer FIREWALL

Local PC configuration
IP of loopback interface: 10.0.0.2
copy of asdm-645-204.bin file to TFTP server directory.
Install -> Start/restart of TFTP-server and listen on loopback interface

Check connection:
ASA side

ciscoasa# ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms
ciscoasa#

Local pc side

ping from local pc to ASA inside interface:


ciscoasa(config)# copy tftp: flash:

Address or name of remote host []?  10.0.0.2

Source filename []?   asdm-645-204.bin

Destination filename  [asdm-645-204.bin]?

Accessing tftp://10.0.0.2/asdm-645-204.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing current ASDM file disk0:/asdm-645-204.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
17010808 bytes copied in 44.550 secs (386609 bytes/sec)
ciscoasa(config)#

Show flash memory to see the downloaded file.

ciscoasa(config)# show flash:
--#--  --length--  -----date/time------  path
    6  4096        Apr 05 2012 11:45:10  .private
    7  0           Apr 05 2012 11:23:19  .private/mode.dat
    8  0           Apr 05 2012 11:46:03  .private/DATAFILE
    9  1660        Apr 05 2012 11:46:03  .private/startup-config
   10  4096        Apr 05 2012 11:46:03  boot
   11  0           Apr 05 2012 11:46:03  boot/grub.conf
   12  17010808    Apr 05 2012 12:41:16  asdm-645-204.bin

255320064 bytes total (212803584 bytes free)

Download the ASDM file from ASA using browser. Use HTTPS and ip address: 10.0.0.1


Install and run the ASDM provide credentials

IP:10.0.0.1
Username:imran
Passwordd: cisco


After log-in

Now you can perform configuration using gui

Thursday, April 19, 2012

Installation of GNS3 on Windows

Installation of GNS3 on Windows (7)


It is better if you have already install loopbak interface on your machine.




VMware Workstation: Download from vmware site.

Loopback interface: Installation of loopback interface on windows 7


GNS3:Download GNS3: GNS3 v08.2 all-in-on, this will intstall all necessary tools and packages.

Cisco router IOS images: Download IOS-images from this location

Cisco ASA firewall IOS and ASDM: Download ASA_IOS and ASDM-645-204

TFTP server: Download and run the setup to install.