lunes, 22 de octubre de 2012

Cisco ASA & ASDM en GNS3

Herramientas:
Configuración de ASA en GNS3

Abrimos GNS3, nos vamos al menu
Edit > Preference > QEMU > ASA

RAM: 1024 MiB
Number de Nics: 6
Quemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Initrd: C:\Program Files\GNS3\ios\IOS_ASA\asa842-initrd.gz
Kernel: C:\Program Files\GNS3\ios\IOS_ASA\asa842-vmlinuz

Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

Configuración de ASA en GNS3.

Topologia.
Iniciamos ASA
Loading hardware drivers...
Intel(R) PRO/1000 Network Driver - version 7.3.21-k3-NAPI
Copyright (c) 1999-2006 Intel Corporation.
e1000 0000:00:02.0: found PCI INT A -> IRQ 9
e1000 0000:00:02.0: sharing IRQ 9 with 0000:00:06.0
e1000: 0000:00:02.0: e1000_probe: (PCI:33MHz:32-bit) 00:ab:cd:92:52:00
e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000 0000:00:03.0: found PCI INT A -> IRQ 11
e1000: 0000:00:03.0: e1000_probe: (PCI:33MHz:32-bit) 00:00:ab:b1:0b:01
e1000: eth1: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000 0000:00:04.0: found PCI INT A -> IRQ 9

e1000: 0000:00:04.0: e1000_probe: (PCI:33MHz:32-bit) 00:00:ab:d6:5c:02
e1000: eth2: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000 0000:00:05.0: found PCI INT A -> IRQ 11
pci 0000:00:01.3: IRQ routing conflict: have IRQ 9, want IRQ 11
e1000: 0000:00:05.0: e1000_probe: (PCI:33MHz:32-bit) 00:00:ab:d1:82:03
e1000: eth3: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000 0000:00:06.0: found PCI INT A -> IRQ 9
e1000 0000:00:06.0: sharing IRQ 9 with 0000:00:02.0
e1000: 0000:00:06.0: e1000_probe: (PCI:33MHz:32-bit) 00:00:ab:52:cb:04
e1000: eth4: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000: 0000:00:07.0: e1000_probe: (PCI:33MHz:32-bit) 00:00:ab:b5:3f:05
e1000: eth5: e1000_probe: Intel(R) PRO/1000 Network Connection
e100: Intel(R) PRO/100 Network Driver, 3.5.23-k6-NAPI
e100: Copyright(c) 1999-2006 Intel Corporation
loaded.
Initializing random number generator... done.
Starting network...
e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth0 entered promiscuous mode
e1000: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth1 entered promiscuous mode
e1000: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth2 entered promiscuous mode
e1000: eth3 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth3 entered promiscuous mode
e1000: eth4 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth4 entered promiscuous mode
e1000: eth5 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
device eth5 entered promiscuous mode
Initializing partition -  hda: hda1
done!
mkdosfs 2.11 (12 Mar 2005)

System tables written to disk
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 0 files, 0/65463 clusters
dosfsck(/dev/hda1) returned 0
FAT: "posix" option is obsolete, not supported now
TIPC: Started in network mode
TIPC: Own node address <1 data-blogger-escaped-.1.1=".1.1">, network identity 1234
TIPC: Enabled bearer , discovery domain <1 data-blogger-escaped-.1.0=".1.0">, priority 10
msrif: module license 'Cisco Systems, Inc' taints kernel.
msrif module loaded.
Clocksource tsc unstable (delta = 117925313 ns)
grep: /mnt/disk0/.private/startup-config: No such file or directory
Starting Likewise Service Manager
Processor memory 650117120, Reserved memory: 62914560
WARNING: LINA Monitor notification queue not created
No such file or directory
IMAGE ERROR: An error occurred when reading the controller type

Total NICs found: 6
secstore_buf_fill: Error reading secure store -  buffer 0xddfffb08, size 0x14
key_nv_init: read returned error 1, len 129
L4TM: Unknown ASA Model

INFO: Unable to read firewall mode from flash
       Writing default firewall mode (single) to flash
Verify the activation-key, it might take a while...
Failed to retrieve permanent activation key.
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
The Running Activation Key is not valid, using default settings:

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Disabled       perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 0              perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Cisco Adaptive Security Appliance Software Version 8.4(2)
_le_open: fd:4, name:eth0 ---Device eth0 (fd: 4) opened succesful!
_le_open: fd:8, name:eth1 ---Device eth1 (fd: 8) opened succesful!
_le_open: fd:9, name:eth2 ---Device eth2 (fd: 9) opened succesful!
_le_open: fd:10, name:eth3 ---Device eth3 (fd: 10) opened succesful!
_le_open: fd:11, name:eth4 ---Device eth4 (fd: 11) opened succesful!
_le_open: fd:12, name:eth5 ---Device eth5 (fd: 12) opened succesful!

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

Copyright (c) 1996-2011 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

config_fetcher: channel open failed
ERROR: MIGRATION - Could not get the startup configuration.
COREDUMP UPDATE: open message queue fail: No such file or directory/2

INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201210220208.log'
Type help or '?' for a list of available commands.
ciscoasa>
Inicialización de ASA.

Configuración para utilizar ASDM

Para utilizar ASDM debemos configurar algunos parametros minimos como el habilitar la conexion HTTP y crear un usuario.
ciscoasa> enable
Password:
ciscoasa#
ciscoasa# show int ip brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0           unassigned      YES unset  administratively down up
GigabitEthernet1           unassigned      YES unset  administratively down up
GigabitEthernet2           unassigned      YES unset  administratively down up
GigabitEthernet3           unassigned      YES unset  administratively down up
GigabitEthernet4           unassigned      YES unset  administratively down up
GigabitEthernet5           unassigned      YES unset  administratively down up
ciscoasa#
ciscoasa# configure terminal
ciscoasa(config)#

***************************** NOTICE *****************************

Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall

Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)#
ciscoasa(config)# interface gigabitEthernet0
ciscoasa(config-if)# ip address 192.168.2.1 255.255.255.0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# nameif management
INFO: Security level for "management" set to 0 by default.
ciscoasa(config-if)# http server enable
ciscoasa(config)#
ciscoasa(config)# http 192.168.2.2 255.255.255.255 management
ciscoasa(config)# username delfirosales password cisco privilege 15
ciscoasa(config)# end
ciscoasa#
Configuración básica para utilizar ASDM.

Realizamos una prueba de conectividad con la interface Loopback de nuestra PC que tiene la direccion IP 192.168.2.2
ciscoasa# ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms

Tenemos conexion ahora configuramos el TFTP, en mi caso Solarwins que tiene una carpeta por default llamada TFTP-Root donde copiaremos el archivo ASDM asdm-645.bin

Copiar ASDM desde el Servidor TFTP

ciscoasa# copy tftp: flash:
Address or name of remote host []? 192.168.2.2
Source filename []? asdm-645.bin
Destination filename [asdm-645.bin]?
Comienza el proceso de copiado de ASDM.

Accessing tftp://192.168.2.2/asdm-645.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing current ASDM file disk0:/asdm-645.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
16280544 bytes copied in 100.60 secs (162805 bytes/sec)
ciscoasa# conf t
ciscoasa(config)# dir

Directory of disk0:/

2      drwx  4096         02:08:09 Oct 22 2012  log
9      drwx  4096         02:08:14 Oct 22 2012  coredumpinfo
11     -rwx  196          02:08:14 Oct 22 2012  upgrade_startup_errors_201210220208.log
12     -rwx  16280544     02:17:56 Oct 22 2012  asdm-645.bin

268136448 bytes total (251813888 bytes free)
Al finalizar el copiado verificamos.

Especificamos el archivo imagen de ASDM. Una vez que hemos especificado el archivo de imagen ASDM, puede utilizar el comando show asdm image para ver la ubicación y nombre del archivo.
ciscoasa(config)#
ciscoasa(config)# asdm image flash:asdm-645.bin
ciscoasa(config)# end
ciscoasa# wr
Building configuration...
Cryptochecksum: 83e572a4 edd8be50 3a7df498 7eef42ca

2376 bytes copied in 1.50 secs (2376 bytes/sec)
[OK]
ciscoasa#

Acceso al ASDM

Despues habrimos un navegador web para acceder al ASDM por primera vez. En la siguiente imagen se muestra accesando al ASDM.

Accesando al ASDM

La pagina nos muestra tres opciones.

Install ASDM Launcher and Run ASDM: El launcher y ASDM se ejecutaran como aplicaciones nativas desde la PC sin necesidad de un navegador web.

Run ASDM: Ejecutara ASDM desde el navegador web como una aplicación Java.

Run Startup Wizard: ASDM iniciará un asistente que nos guiará a través de la configuracion inicial de ASA,
si aún no se ha hecho.

La primera opcion es la mas comun y se debe realizar solo una vez. Ya que tengamos instalado Cisco ASDM-IDM Launcher en nuestra PC ya podremos ejecutar la aplicacion directamente para iniciar una sesion ASDM. La primera opción es la opción más común y se debe hacer sólo una vez. Después de la aplicación Launcher está instalado, puede ejecutarlo directamente para iniciar una sesión de ASDM.

Para iniciar una sesion ejecutamos esta aplicacion el cual nos pedirá la direccion IP, nombre de usuario y contraseña. La dirección IP será almacenada en memoria caché para que la proxima vez que queramos iniciar sesion podamos elegirla de nuevo.

Aplicacion ASDM Launcher

Una vez que lanzamos esta aplicación se conecta al ASA correctamente y con esto ya tenemos ASDM listo para trabajar.

5 comentarios:

Víctor González dijo...

Excelente tutorial :D gracias!

Delfi dijo...

Gracias Victor!
Saludos.

Manfred Aglietti dijo...

Se puede utilizar el asdm messages? .. no lo he logrado

Mrnavaone dijo...

asa842-initrd.gz no encuentro el enlace para descargarlo

Anónimo dijo...

Hola a todos, tengo una duda consrespecto al ASA, si de favor alguien puede ayudarme se los agraceceria infinitamente.
Es el siguiente en GNS3 ya configuré el ASA pero al querer crear una vlan no encuentro el comando vlan
ciscoasa(config)# interface ?

configure mode commands/options:
GigabitEthernet GigabitEthernet IEEE 802.3z
Null Null interface
Port-channel Ethernet Channel of interfaces
Redundant Redundant Interface
Virtual Virtual interface

ciscoasa(config)# interface vlan 1
^
ERROR: % Invalid input detected at '^' marker.
Si Alguien sabe que estoy haciendo mal y me puede ayudar se los agradezco

Saludos