Skip navigation
Login   |   Register
Cisco Learning Home > Certifications > Security (CCNA Security) > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
2518 Views 0 Replies Latest reply: Aug 21, 2011 6:19 PM by Luciano RSS

Currently Being Moderated

Trying to Simmulate PIX Firewall with GNS3

Aug 21, 2011 6:19 PM

Luciano 41 posts since
Dec 17, 2010

Hi Everybody,

 

      I'm trying to start in the PIX/ASA Firewalling world. In order to do that, I'm trying to setup a small sample lab, following this tutorial: http://www.brainbump.net/tutorials/voice/asdm-gns3.htm (btw: GREAT TUTORIAL..!).

 

      So, I first configured GNS3, setting up a LAN (pixfirewall ip's: 10.0.1.3/24, vbox hostonly adapter's ip's: 10.0.1.2). I'm being able to ping in both ways.

 

      pixfirewallarch.png

 

      After loading the asdm image, enabling http server, telling which the asdm image is, and configuring username and password,  I'm not being able to connect to the web interface (I'm getting this error with chrome (with other browsers I get, basically, the same error):

SSL connection error

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.)

Just in case, the Chrome configuration is set to use ssl 3.0 and tls 1.0

HTTPS/SSL


 

Besides, when trying to acces throug ASDM Launcher, I get the following error: Unable to launch ASDM from 10.0.1.3. Remote host closed connection during Handshake

 

 

I ran Wireshark to capture the Three Way Handshake. I attach you both captures for the ASDM and Web Interaction.

     I hope anyone can help me. Honestly I'm going crazy trying to figure where the mistake is.

 

 

 

running-configuration of the Pix Firewall:

 

pixfirewall# sh runn

: Saved

:

PIX Version 7.2(4)

!

hostname pixfirewall

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet1

speed 100

duplex full

nameif inside

security-level 100

ip address 10.0.1.3 255.255.255.0

!

interface Ethernet2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet4

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

pager lines 24

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-524.bin

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http 10.10.10.0 255.255.255.0 inside

http 10.10.10.2 255.255.255.255 inside

http 10.0.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

username lvaschetti password s7VIXfcZb8QdyRjZ encrypted privilege 15

!

!

prompt hostname context

Cryptochecksum:22964ca323086dca25775da0bb2e861b

: end

Attachments:

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)