eve-ng images collection – Expert Network Consultant https://www.expertnetworkconsultant.com Networking | Cloud | DevOps | IaC Tue, 22 Dec 2020 19:42:38 +0000 en-GB hourly 1 https://wordpress.org/?v=6.3.5 Configure Cisco ASAv on GNS3 for Hands-on Labs https://www.expertnetworkconsultant.com/installing-and-configuring-network-devices/configure-cisco-asav-on-gns3-for-hands-on-labs/ Tue, 22 Dec 2020 20:37:04 +0000 http://www.expertnetworkconsultant.com/?p=4252 Continue readingConfigure Cisco ASAv on GNS3 for Hands-on Labs]]> In this Configure Cisco ASAv on GNS3 for Hands-on Labs, we delve into getting the most popular Cisco virtualised firewall ASAv in GNS3 step by step.

GNS3 labs must be rich and cover contexts of networking which gives great hands-on experience for the student and professional alike. Imagine being able to configure site-to-site vpns between your ASAv and a Cloud Instance, and being able to perform a myriad of tasks in order to understand how the real world expectation might be between the chosen technologies?

The beauty of scalability that comes with virtualised appliances in network design architectures to prove a concept or test and troubleshoot scenarios?

With the Cisco® Adaptive Security Virtual Appliance (ASAv), you have the flexibility to choose the performance you need for your business. ASAv is the virtualized option of our popular ASA solution and offers security in traditional physical data centers and private and public clouds. Its scalable VPN capability provides access for employees, partners, and suppliers—and protects your workloads against increasingly complex threats with world-class security controls.

Create the initial master template for your ASAv

Download the ASAv qcow2 file with the OS version of your choice from Cisco.com.
Open GNS3 and click on File > + New Template >

Select Firewalls from the GNS3 Appliances List
Configure Cisco ASAv on GNS3 for Hands-on Labs

Install the Appliance on GNS3 VM as Recommended
Configure Cisco ASAv on GNS3 for Hands-on Labs

Choose “Default” for the VM type and hit next. Name the VM (ASAV 9.8.1 for example) and hit next. Select the x86_64 Qemu binary and set the RAM to 2048mb. Hit next.

Configure Cisco ASAv on GNS3 for Hands-on Labs

Select ASAv Version and Install and Click Next

GNS3 would locally locate the downloaded *qcow2 appliance and populate the list for you to make a choice. Select your ASAv version and click Next.
Select ASAv version appliance and click next

Click Next and Continue

It is a good idea to trial your idea with a single ASAv and once this has worked out well, apply it to the master template as the gold image for future replica ASAv firewalls.

Create a new GNS3 Project

Create a new GNS3 project

Drag ASAv into Workspace
Drag ASAv into Workspace

Right click on ASAv and change the symbol (this is an optional step)

Select Symbol for your ASAv,change the category to Security Devices, and set the console type to vnc. We will change this to telnet later in the guide as we apply this to our master ASAv appliance.

Select ASAv Symbol and Click OK

Select vnc from the drop down to set console type to vnc
select console type as vnc

Uncheck Use as linked base VM(This is recommended initially until you’ve got it all working as should)

Uncheck use as a linked base VM for ASAv
(It is recommended to perform all the necessary configurations before enabling this option which will make newer instances inherit the global settings. We shall do it as the final step once we get each bit done.)

Configure Cisco ASAv on GNS3 for Hands-on Labs

Start the ASAv and Click open with Console

Configure Terminal
Configure Terminal in ASAv VNC

Set Telness Access: Follow steps below
copy coredumpinfo to use_ttyS0

copy coredump.cfg from the coredumpinfo directory to disk0:/

ciscoasav#conf t
ciscoasav#cd disk0:/coredumpinfo/
ciscoasav#copy coredump.cfg disk0:/use_ttyS0

coredumpinfo successfully copied as use_ttyS0

Verify you work (always check if what you did worked)

ciscoasav# dir disk0:/

Directory of disk0:/

10     drwx  4096         07:29:52 Dec 18 2020  smart-log
8      drwx  4096         07:28:58 Dec 18 2020  log
11     drwx  4096         07:29:56 Dec 18 2020  coredumpinfo
7      -rwx  59           07:36:44 Dec 18 2020  use_ttyS0

1 file(s) total size: 59 bytes
8571076608 bytes total (8549355520 bytes free/99% free)

ciscoasav# 

Once the above steps are completed, go ahead and configure the master template. Now that we are happy that the telnet access works,

Set Console Type to Telnet

Now that you have set the use_ttyS0 on the ASAv, go ahead and power the ASAv off.

  • Right click on the ASAv and select configure.
  • Change the console type from vnc to telnet.
  • You must power the ASAv off to do this. You can change it with the device powered on, but you would encounter the error “No connection could be made because the target machine actively refused it”.

  • Click Apply > OK to save.
  • select telnet for vm and test access via ssh

    Click the Advanced settings tab. Uncheck the “Use as a linked base VM” box. We will check this later in the guide. Click OK then Apply > OK to save the device. This device will be configured as the “master template” for the ASAv.

    Check Use as a linked base VM
    Configure the ASAv for telnet access

    Close the preferences page, click Apply > OK to save the template.

    Now that we have Cisco ASAv working exceptionally well in GNS3, let us now go into configuring a sample Cisco ASA 5506-X Deployment Topology.

    Figure 1.0 Sample Cisco ASA 5506-X Deployment Topology
    install asav on gns3

    In this lab we shall Configure ASAv for the Internet using the following configuration sample.

    Figure 1.1: ASA 5506-X Factory Default Configuration

    
    !
    interface GigabitEthernet1/0
     nameif inside
     security-level 100
     ip address 192.168.1.254 255.255.255.0 
    !
    
    interface GigabitEthernet1/1
     nameif outside
     security-level 0
     ip address dhcp setroute 
    !
    
    !
    dns domain-lookup outside
    dns server-group DefaultDNS
     name-server 8.8.8.8 
     name-server 8.8.4.4 
    object network obj_any
     subnet 0.0.0.0 0.0.0.0
    !
    
    
    !
    object network obj_any
     nat (inside,outside) dynamic interface
    route outside 0.0.0.0 0.0.0.0 8.8.8.8 1
    !
    
    
    !
    dhcpd address 192.168.1.100-192.168.1.200 inside
    dhcpd dns 8.8.8.8 8.8.4.4 interface inside
    dhcpd enable inside
    !
    
    
    !
    class-map inspection_default
     match default-inspection-traffic
    !
    
    !
    policy-map global_policy
     class inspection_default
      inspect icmp 
    !
    
    
    

    Thanks for stopping by to read this article on how to Configure Cisco ASAv on GNS3 for Hands-on Labs. Below is a related article: How to Configure Cisco ASA 5506-X for Internet

    ]]>