11/30/2021

Gns3 Asav

Gns3 Asav

Jul 24, 2020 When launching the ASAv in GNS3 by default telnet will partially load and you’ll be welcomed by a blank screen. This has caught me out a few times. The fix is detailed in this excellent blog post. For posterity to summarise that post. Boot up the ASAv using console type vnc or if you’re on Linux try using spice.

From GNS3 toolbar, go in Edit Preferences to open the Preferences window. In the QEMU Qemu VMs section, click the New button to create a new virtual machine. Be sure to tick the This is a legacy ASA VM checkbox. GNS3 may display a warning recommending to use ASAv instead, but this is fine (see my comment above on this subject). I reckon you are looking for this option for ASA.We can change the console type from VNC to Telnet from gns3 preferences menu.In new gns3, solar putty is the default console application. Edit Preferences Qemu Qemu Vms Cisco ASAv Edit General Settings Console Type.

In this post I’m going to setup a Clientless SSL VPN via the ASDM GUI and then connect to it via the TinyCore Linux PC all from GNS3.

  • I was tried to convert asav.vmdk files. There are two files first files is boot.vmdk second is disk0.vmdk and I was converted both files to qcow2 format. But Don't know how to install this ti files right on gns3. Please to help to resolve this issue thanks all before.
  • Jul 12, 2016 The ASAv image file is added to GNS3 as a QEMU VM Template, this is where I ran into my first issue, evidently for best performance I need to download GNS3 VM, it is recommended to run this within VMware Workstation rather than VirtualBox. Download the Cisco ASAv hda image file (asav952.qcow2) from the Cisco website.

Topology:

I’m using the topology above. The nodes I’m using will be the ASA with the ASDM connected via the cloud from my local PC, if you want to know how to set the ASA up with access via the ASDM check out one of my other posts: How-To: ASA in GNS3 with ASDM

I’ll also be using R4 and the Remote Worker PC which is running a TinyCore Linux to test the Clientless SSL VPN.

Configure the Clientless SSL VPN on the ASAv via the ASDM GUI

When you log into the ASDM GUI you’ll get the main screen above. Click on Wizards > VPN Wizards > Clientless SSL VPN Wizard…

The Clientless SSL VPN Wizard window will pop up, click on Next. You’ll get the following window.

Here you need to give your Clientless SSL VPN a Connection Profile Name I’ve named this one SSL_Remote_Access and I’ve also selected the Interface that the SSL VPN will connect in on which is the Outside Interface (Internet). I don’t have my own digital certificate so I’m leaving the Certificate set to None, because of this the ASA will provide a self signed certificate. I’ve also given the Connection an Alias of SSL. Click on Next

The next step is to configure User Authentication you’ll have the choice to use an AAA server (which I dont have) or the Local User DB which I’ve selected. Select Authenticate using the local user database and add a new user, here I’m adding Homer once added click on Next

Gns3 asav free

The next step is to setup a group policy or select an existing policy. Here I’ve setup a new policy called Remote_Users, this policy will inherit the DfltGrpPolicy attributes which I can change later if I need to. Click on Next

In the next step you can configure a list of bookmarks that the Remote users will be able to click on to access resources on the Corp LAN. Click on Manage > Add

Here you give the bookmark a name like EMAIL. Click on Add

You need to configure the IP address of the EMAIL server. I don’t have an email server in my lab but the bookmark will appear once I connect to the Clientless SSL VPN (hopefully).

That is it, you’ll get a summary page click on Finish to send the config to the ASA.

With the ASA configured the next step is to configure R4 in my topology. I’ll have to give Gi0/1 an IP address (200.0.0.1/24) and also a default route to send all traffic to the ASA using the command “ip route 0.0.0.0 0.0.0.0 136.1.47.1” as shown below.

Next configure the TinyCore Linux PC with an IP address in the same range as Gi0/1 I’ll use 200.0.0.2 and set the default gateway to 200.0.0.1.

To configure an IP address on the Linux PC click on Control Panel > Network

Set the IP address and the Gateway and click on Apply

It is always good practice to test the connectivity, open a Terminal Window in the Linux PC and ping the Gateway at 200.0.0.1.

Now using the built-in Firefox browser on the Linux PC it is time to test the Clientless SSL VPN and see if we can connect to the Corp LAN. In the address bar enter the URL configured earlier which is: https://136.1.47.1/SSL

Looks good because this is a self signed certificate from the ASA the Firefox brower gives you a warning not to trust the site. Click on I Understand the Risks to continue. Once you accept the risk you will get the following login page.

Enter in the username and password in my case Homer.

Gns3 AsavGns3 Asav

Success !! I have logged in and as you can see the EMAIL bookmark I configured during the Clientless SSL VPN setup is there.

Gns3 Asav Download

I hope you found this useful, get labbing and try it out for yourself.

Gns3 Asav Free

Feedback always welcomed.