0 Replies Latest reply: Aug 21, 2011 6:19 PM by Luciano RSS

    Trying to Simmulate PIX Firewall with GNS3

    Luciano

      Hi Everybody,

       

            I'm trying to start in the PIX/ASA Firewalling world. In order to do that, I'm trying to setup a small sample lab, following this tutorial: http://www.brainbump.net/tutorials/voice/asdm-gns3.htm (btw: GREAT TUTORIAL..!).

       

            So, I first configured GNS3, setting up a LAN (pixfirewall ip's: 10.0.1.3/24, vbox hostonly adapter's ip's: 10.0.1.2). I'm being able to ping in both ways.

       

            pixfirewallarch.png

       

            After loading the asdm image, enabling http server, telling which the asdm image is, and configuring username and password,  I'm not being able to connect to the web interface (I'm getting this error with chrome (with other browsers I get, basically, the same error):

      SSL connection error

      Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.)

      Just in case, the Chrome configuration is set to use ssl 3.0 and tls 1.0

      HTTPS/SSL

       


       

      Besides, when trying to acces throug ASDM Launcher, I get the following error: Unable to launch ASDM from 10.0.1.3. Remote host closed connection during Handshake

       

       

      I ran Wireshark to capture the Three Way Handshake. I attach you both captures for the ASDM and Web Interaction.

           I hope anyone can help me. Honestly I'm going crazy trying to figure where the mistake is.

       

       

       

      running-configuration of the Pix Firewall:

       

      pixfirewall# sh runn

      : Saved

      :

      PIX Version 7.2(4)

      !

      hostname pixfirewall

      enable password 8Ry2YjIyt7RRXU24 encrypted

      passwd 2KFQnbNIdI.2KYOU encrypted

      names

      !

      interface Ethernet0

      shutdown

      no nameif

      no security-level

      no ip address

      !

      interface Ethernet1

      speed 100

      duplex full

      nameif inside

      security-level 100

      ip address 10.0.1.3 255.255.255.0

      !

      interface Ethernet2

      shutdown

      no nameif

      no security-level

      no ip address

      !

      interface Ethernet3

      shutdown

      no nameif

      no security-level

      no ip address

      !

      interface Ethernet4

      shutdown

      no nameif

      no security-level

      no ip address

      !

      ftp mode passive

      pager lines 24

      mtu inside 1500

      icmp unreachable rate-limit 1 burst-size 1

      asdm image flash:/asdm-524.bin

      no asdm history enable

      arp timeout 14400

      timeout xlate 3:00:00

      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

      timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

      timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

      timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

      http server enable

      http 10.10.10.0 255.255.255.0 inside

      http 10.10.10.2 255.255.255.255 inside

      http 10.0.1.0 255.255.255.0 inside

      no snmp-server location

      no snmp-server contact

      snmp-server enable traps snmp authentication linkup linkdown coldstart

      telnet timeout 5

      ssh timeout 5

      console timeout 0

      username lvaschetti password s7VIXfcZb8QdyRjZ encrypted privilege 15

      !

      !

      prompt hostname context

      Cryptochecksum:22964ca323086dca25775da0bb2e861b

      : end