I'll specifically show how to run a downgraded version (8.0) in GNS3 since it involves installing and tweaking a third party software. The setup for running 8.4 is pretty straight forward as long as we got the right files for the Qemu options (refer to screenshot).
In GNS3, go to Edit > Preferences > Qemu > ASA tab and select the correct Initrd (unzipped) and Kernel files to emulate the version you wanted. Click Save then OK.
Drag the ASA icon into the GNS3 topology workspace and you'll be prompted to choose which image to run. For this scenario, we choose asa802 that was previously setup.
Once the ASA boots up, it will run a small script. Just leave it open and running.
To complete the ASA's boot up process, type the commands below.
ciscoasa# show interface ip brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down up
Ethernet0/1 unassigned YES unset administratively down up
Ethernet0/2 unassigned YES unset administratively down up
Ethernet0/3 unassigned YES unset administratively down up
Ethernet0/4 unassigned YES unset administratively down up
Ethernet0/5 unassigned YES unset administratively down up
ciscoasa(config)# interface ethernet0/0
ciscoasa(config-if)# ip add 192.168.1.1 255.255.255.0 //IP GATEWAY FOR CLOUD/PC
ciscoasa(config-if)# exit
ciscoasa(config)# username ciscoasa password cisco privilege 15 // MANDATORY CLI
ciscoasa(config)# http server enable // ENABLE ASDM
ciscoasa(config)# http 192.168.1.0 255.255.255.0 inside
ciscoasa(config)# dir
Directory of disk0:/
6 drwx 4096 08:55:44 Jul 22 2013 .private
268136448 bytes total (242642944 bytes free)
ciscoasa(config)# end
ciscoasa# copy tftp://192.168.1.10/asdm-631.bin flash
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
14240396 bytes copied in 41.210 secs (347326 bytes/sec)
ciscoasa# dir
Directory of disk0:/
6 drwx 4096 08:55:44 Jul 22 2013 .private
9 -rwx 14240396 08:59:26 Jul 22 2013 asdm-631.bin
268136448 bytes total (228401152 bytes free)
Even though the ASA is properly setup and loaded with the right ASDM image, the GUI still wouldn't work and prompts an error message. We use an application called Fiddler that would intercept HTTPS traffic and act as a proxy for ASDM access.
In Fiddler, go to Tools > Fiddler Options > HTTPS > Tick "Decrypt HTTPS traffic." Select Yes to Trust the Fiddler Root Certificate > Click OK.
Next, go to Rules > Customized Rules > then a Notepad is launched > Erase all
existing rules (Select All then delete or hit Backspace) > Copy and paste this custom rule > Save and close Notepad.
The final portion would be to configure Java properties: under Control Panel > Java > Network Settings > Use
proxy server > Address: localhost /
Port: 8888. Also go to Advanced > Tick “Use same proxy server for all
protocols” > Click OK.
Re-launch ASDM using the web browser (use IE). Click "Continue to this website (not recommended)" and click OK to accept the ASA self-signed certificate. Input your login info and ASDM should now be accessible.
ciscoasa(config)# show bootvar
BOOT variable = disk0:/asa831-k8.bin
Current BOOT variable = disk0:/asa831-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# no boot system flash:asa831-k8.bin
INFO: Converting flash:asa831-k8.bin to disk0:/asa831-k8.bin
ciscoasa(config)# boot system flash:asa802-k8.bin
INFO: Converting flash:asa802-k8.bin to disk0:/asa802-k8.bin
ciscoasa(config)# show bootvar
BOOT variable = disk0:/asa831-k8.bin
Current BOOT variable = disk0:/asa802-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# asdm image flash:asdm-631.bin
ciscoasa(config)# show asdm image
Device Manager image file, disk0:/asdm-631.bin
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 386ab3ad 07a31f65 2fd32120 125dd48a
2910 bytes copied in 1.280 secs (2910 bytes/sec)
[OK]
ciscoasa(config)# reload noconfirm
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
<OUTPUT TRUNCATED>
ciscoasa> show version
Cisco Adaptive Security Appliance Software Version 8.0(2)
Device Manager Version 6.3(1)
Compiled on Fri 15-Jun-07 19:29 by builders
System image file is "disk0:/asa802-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 17 secs
<OUTPUT TRUNCATED>
ciscoasa# configure terminal
ciscoasa(config)# nat-?
configure mode commands/options:
nat-control
No comments:
Post a Comment