7 Replies Latest reply: Sep 23, 2013 6:21 AM by Scully RSS

    Having trouble getting ASDM working on my GNS3..

    Pasan

      Hi all,

       

      I have a problem using the ASDM for my ASA setup on GNS3. I am fairly new to GNS3 and CCNA security and trying to get ASA working so I can practice while studying. Here's what I have done so far..

       

      I have setup GNS3 0.8.5 on my windows 8 laptop. Also setup the ASA 8.4 firewall okay.

       

      Then I configured a loopback ethernet interface on my Windows machine and successfully conneted it to the ASA as shown on the image below.

      asa gns3.PNG

       

      I can ping the host from ASA and the host can ping GiEthernet 0 interface(it's gateway, 192.168.0.1/24 as shown above) without any problem.

       

      Then I uploaded adsm-713.bin to the ASA using tftp from my windows machine. It was okay too:

      ciscoasa# sh flash: 
      --#--  --length--  -----date/time------  path
          4  4096        Sep 18 2013 12:55:16  log
          9  4096        Sep 18 2013 12:55:20  coredumpinfo
         10  59          Sep 18 2013 12:55:20  coredumpinfo/coredump.cfg
         46  196         Sep 18 2013 12:55:20  upgrade_startup_errors_201309181255.log
         47  196         Sep 18 2013 13:21:40  upgrade_startup_errors_201309181321.log
         48  196         Sep 18 2013 13:34:08  upgrade_startup_errors_201309181334.log
         49  18097844    Sep 18 2013 14:02:26  asdm-713.bin
         41  0           Sep 18 2013 14:13:03  nat_ident_migrate
      
      
      268136448 bytes total (249663488 bytes free)
      

       

      I have setup the http server as well, giving what I think is adequate permission for the client(my windows machine) to connect via web-browser. But I cannot seem to connect via a web-browser. The ping seems fine. I even put wireshark on my loopback interface, and I can see that the pings are answered by the ASA but it's ignoring all the SYN requests to the ASA:

      wireshark.PNG

       

      Here's is my running confing. Anything I seem to have missed or done wrong?..

       

      ciscoasa# sh run
      : Saved
      :
      ASA Version 8.4(2) 
      !
      hostname ciscoasa
      enable password 8Ry2YjIyt7RRXU24 encrypted
      passwd 2KFQnbNIdI.2KYOU encrypted
      names
      !
      interface GigabitEthernet0
       nameif inside
       security-level 100
       ip address 192.168.0.1 255.255.255.0 
      !
      interface GigabitEthernet1
       shutdown
       no nameif
       no security-level
       no ip address
      !
      interface GigabitEthernet2
       shutdown
       no nameif
       no security-level
       no ip address
      !             
      interface GigabitEthernet3
       shutdown
       no nameif
       no security-level
       no ip address
      !
      interface GigabitEthernet4
       shutdown
       no nameif
       no security-level
       no ip address
      !
      interface GigabitEthernet5
       shutdown
       no nameif
       no security-level
       no ip address
      !
      ftp mode passive
      pager lines 24
      mtu inside 1500
      icmp unreachable rate-limit 1 burst-size 1
      asdm image disk0:/asdm-713.bin
      no asdm history enable
      arp timeout 14400
      timeout xlate 3:00:00
      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
      timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
      timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
      timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
      timeout tcp-proxy-reassembly 0:01:00
      timeout floating-conn 0:00:00
      dynamic-access-policy-record DfltAccessPolicy
      user-identity default-domain LOCAL
      http server enable
      http 192.168.0.0 255.255.255.0 inside
      no snmp-server location
      no snmp-server contact
      snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
      telnet timeout 5
      ssh timeout 5
      console timeout 0
      threat-detection basic-threat
      threat-detection statistics access-list
      no threat-detection statistics tcp-intercept
      webvpn
      username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
      !             
      !
      prompt hostname context 
      no call-home reporting anonymous
      call-home
       profile CiscoTAC-1
        no active
        destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
        destination address email callhome@cisco.com
        destination transport-method http
        subscribe-to-alert-group diagnostic
        subscribe-to-alert-group environment
        subscribe-to-alert-group inventory periodic monthly
        subscribe-to-alert-group configuration periodic monthly
        subscribe-to-alert-group telemetry periodic daily
      crashinfo save disable
      Cryptochecksum:6bfcb8fe21795c5a3a3efa6e857c6165
      : end
      -----------------------
      
      

       

      I'd really appreciate some help here guys. Thanks