Configuring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3

Similar documents
Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

VII. Corente Services SSL Client

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

SIS offline. Getting Started

NetBrain Technologies Inc. NetBrain Consultant Edition. Quick Start Guide

Installing the Operating System or Hypervisor

Cisco Unified Serviceability

Lab Configuring an ISR with SDM Express

Lab #4 TECH 4281 Spring 2015

RNDC / NDC MicroStrategy Supplier Web Troubleshooting Guide

NETWORK LAB 2 Configuring Switch Desktop

IT Essentials v6.0 Windows 10 Software Labs

APP-J: WHAT IS APPLICATION JUKEBOX?

Contents Overview... 2 Part I Connecting to the VPN via Windows OS Accessing the Site with the View Client Installing...

CIS 231 Windows 7 Install Lab #2

Chapter 10 Lab B: Configuring ASA Basic Settings and Firewall Using ASDM

Lab Using the CLI to Gather Network Device Information Topology

NetBackup 7.6 Replication Director A Hands On Experience

ISE TACACS+ Configuration Guide for Cisco ASA. Secure Access How-to User Series

UNT System Campus VPN Guide

Mobile Zero Client Management Console User Guide

CIS 231 Windows 10 Install Lab # 3

FireFox. CIS 231 Windows 10 Install Lab # 3. 1) Use either Chrome of Firefox to access the VMware vsphere web Client.

Connecting to the Virtual Desktop Infrastructure (VDI)

Web Console Setup & User Guide. Version 7.1

Orbital provide a secure (SSL) Mailserver to protect your privacy and accounts.

Table of Contents. Troubleshooting Guide for Home Users

Contents. Introduction

Setup Guide for Hard-Wire Ethernet Connected TP-Link TL-WR841N 300 Mbps Wireless N Router AARP Foundation Tax-Aide Colorado Technology Specialist

SharePoint General Instructions

Cisco Integrated Management Controller (IMC) Supervisor is a management system that allows you to manage rack mount servers on a large scale.

WISP Setup Guide for TP-Link TL-WR841N 300 Mbps Wireless N Router AARP Foundation Tax-Aide Colorado Technology Specialist

Lab Capturing and Analyzing Network Traffic

N-central 6.7 Express Essentials. Cisco Partner Guide for Deployment and Best Practices

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 3: Configuring VMware ESXi

Purchase and Setup instructions for SWVPS (Sept 15, 2014)

Nextiva Drive The Setup Process Mobility & Storage Option

1) Use either Chrome of Firefox to access the VMware vsphere web Client. FireFox

Lab Configuring and Verifying Extended ACLs Topology

Remote Deposit Capture (CC21) Software Installation Guide for Firefox or Internet Explorer

Deposit Wizard TellerScan Installation Guide

Configuring a Palo Alto Firewall in AWS

CIS 231 Windows 2012 R2 Server Install Lab #1

NetExtender for SSL-VPN

Lab 11-1 Lab User Profiles and Tracking

FireFox. CIS 231 Windows 2012 R2 Server Install Lab #1

1) Use either Chrome of Firefox to access the VMware vsphere web Client. FireFox

Installing the WHI Virtual Private Network (VPN) for WHIX Users Updated 12/16/2016

BIZPRAC 12 GUIDE RE-INSTALLATION

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Getting Started With Windows 10

Cisco CTL Client setup

Getting started guide

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

SLS-ENVR16 Network Video Recorder V2.1 Quick Setup Guide

Ebrary User Guide. Downloading a Book: Reading ebrary books online: Accessing BookShelf: Using the Bookshelf:

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Using SourceTree on the Development Server

eggplant v11.0 Mac OS X EggPlant: Getting Started

Lab Student Lab Orientation

Device Manager. Managing Devices CHAPTER

5. A small dialog window appears; enter a new password twice (this is different from Dori!) and hit Go.

Cisco CTL Client Setup

Troubleshooting. Participants List Displays Multiple Entries for the Same User

FUJITSU Cloud Service S5

Practice Labs User Guide

VDI Users Guide. Mac OS X

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

Document the CCIE Lab

Troubleshooting. Participants List Displays Multiple Entries for the Same User

Installing and Configuring vcloud Connector

Lab Zero: A First Experiment Using GENI and Jacks Tool

Configuring RentalPoint Web Services

Transport Gateway Installation / Registration / Configuration

Easy Setup Guide. Cisco ASA with Firepower Services. You can easily set up your ASA in this step-by-step guide.

Dreamweaver CS6. Table of Contents. Setting up a site in Dreamweaver! 2. Templates! 3. Using a Template! 3. Save the template! 4. Views!

KLAS v7 Workstation Installation Self-Hosted Progress Version 10.2B / Windows 7

Lab Zero: A First Experiment Using GENI and Jacks Tool

Version June 2016

Recommended Browser Settings

Installing + Configuring

Ross Whetten, North Carolina State University

Volume. Enterprise Secure File Transfer (ESFT) User Guide

Book IX. Developing Applications Rapidly

Lab 3.4.6a Configure the PIX Security Appliance using Setup Mode and ASDM Startup Wizard

SLS-ENVR16 Network Video Recorder V2.1.5 Quick Setup Guide

Cisco ACI vcenter Plugin

Premium Pro Enterprise Local Installation Guide for Database Installation on a desktop PC (Cloudscape)

IT 341 Introduction to System Administration Project I Installing Ubuntu Server on a Virtual Machine

Version /20/2012. User Manual. AP Manager II Lite Business Class Networking

Deposit Wizard Panini Installation Guide

Lab 7 Configuring Basic Router Settings with IOS CLI

NetBrain POC Walk-Through

ACE Live on RSP: Installation Instructions

BASIC USER TRAINING PROGRAM Module 5: Test Case Development

IBM WebSphere Java Batch Lab

Deploying Cisco ASA Firewall Features (FIREWALL) v1.0. Global Knowledge European Remote Labs Instructor Guide

Transcription:

Configuring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3 From Cisco s website, here are the minimum requirements for CCP 2.7 and CCP 2.8:

The following info comes from many posts I ve read, as well as personal experience. Despite meeting the specs Cisco outlines on their website (above), I could not get CCP running with anything but IE11 and Java version 6. Many others were able to get it running with IE9 and Java 6. When I tried to run CCP with Java 7 and IE9, it would give me the following error message (even though I was running something HIGHER than what it was recommending!): Cisco Configuration Professional requires Internet Explorer Java plug-in 1.6.0_11 or above. Browser: IE11 Note: From the issues I came across, CCP is always looking for IE when it launches. I set up my PC to use Chrome and Firefox as the default browser and it simply wouldn t work with anything but IE. Regardless of the IE browser version you use, you must add your loopback address in Compatibility mode for CCP to work correctly. Open IE and press the Alt key to display the menus at the top. Click on Tools Compatibility View Settings and add the standard PC loopback address (127.0.0.1) in the Add this website field, then click Add: Java: Java version 6 Update 11 (build 1.6.0_11-b03). Another user in the Cisco Learning Network (Darren Starr) recommended Java 6 Update 45 (stating he s tested it quite a bit). I list Java 6 update 11 because that is what I had to use to get things working. Java filename: jre-6u11-windows-i586-p-s.exe You can search for older Java versions at the following URL (called the Java Archive ). I can t recall where I found my file at, as it s not listed on Oracle s archive page. As long as it s version 6, it should work: http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloadsjavase6-419409.html TFTP Server: GNS3 comes with SolarWinds TFTP Server. If you have a favorite tftp server, you can use that too. Virtual Hardware Requirements From various posts I came across while figuring out how to set up this lab, it seems that you need an 1841 router (or comparable router) running 12.4(20)T1 (or comparable IOS). It must support zone-based firewalls, IPS, and CCP.

ASA 5505 OS version 8.4.(2) ASDM version 6.4(5) or comparable You can Google ccna security grab-bag.zip and download most of these files. This zip file contains router IOS, ASA OS, and ASDM software needed for this lab. Getting the ASA Running With GNS3 running, take the following steps to get the ASA booted for the first time: 1. Edit Preferences. 2. Click on the QEMU arrow to expand it and select QEMU VMs. 3. Click New on the window that appears. 4. In the New QEMU VM window, give it a name and type: 5. In the next window ( QEMU binary and memory ), leave it at its default settings (Qemu Binary and RAM). 6. Browse to the folder that holds the two files needed to boot the ASA (asaxxxinitrd.gz and asaxxx-vmlinuz). The Kernel image it asks for is the file ending in vmlinuz (as shown). Once you have selected the two files, click Finish: 7. You should now be back at the main GNS3 interface. In the left-hand column (where the main icons are located), click on the icon highlighted in blue below (which is the browse security devices icon). A side panel should pop up to the right with the ASA icon (as shown):

8. At this point, you can drag the ASA to the main work area of GNS3 and start it like any other device in GNS3 device. NOTE: After completing the steps above, I had a problem getting the ASA to boot. It would open Putty, but at the top of the Putty program it said "network error: connection refused". After Googling, I found the solution. I had to go back into the ASA settings in GNS3 (Edit Preferences QEMU QEMU VMs), click Edit, click on the Advanced settings tab and change the Additional Settings Options to the following string. That fixed this issue: -vnc none -vga none -m 512 -icount auto -hdachs 980,16,32 Getting the ASDM GUI Working A very good tutorial on how to set up ASDM can be found at xerunetworks (URL provided below). I borrowed heavily from this website (with their permission. Thanks Muhammad!) and added some additional info. You can either use the URL below, or the steps I outline right after the URL: http://www.xerunetworks.com/2012/03/asa-84-asdm-on-gns3-step-by-stepguide/ Adding a Loopback Interface to Your PC This should go without saying, but I ll say it as a reminder here. Make sure the IP address you configure on the ASA is in the same subnet as your PC s loopback address. 1. On your PC, click the Start button and enter hdwwiz.exe. In the list of items that s displayed, you should see hdwwiz.exe. Click hdwwiz.exe to start

hardware wizard (you can also access the hardware wizard through the Control Panel. It s just easier this way). 2. In the first window that pops up, click Next. 3. Click the radio button shown below, then click Next: 4. Scroll through the list in the next window and select Network Adapters, then click Next. 5. In the next window, select Microsoft in the left-hand window, then Loopback adapter in the right-hand window pane: 6. Click Next again to install the loopback. 7. Click Start and enter Network Connections. Look for View Network Connections in the list of items that appears, then click on View Network Connections. You should see the loopback you just created. 8. Restart your PC. Getting the ASDM GUI Working Creating the Topology 1. In GNS3, drag a Cloud icon into your work area. 2. Right-click the Cloud icon and click Configure. 3. In the Node Configurator window, click on Cloud1 (that s the default name for the cloud icon. If you changed it, select the name you gave it). You should see something like this: 4. On the NIO Ethernet tab, click the dropdown box and select Local Area Connection corresponding to the loopback interface you created earlier. You can look in Network Connections to determine which one to select. In my

case, the only loopback I had configured was Local Area Connection 3 (as seen below). That s why I selected this connection in the Cloud 1 Configuration box above: 5. Click Apply, then OK. 6. Drag an Ethernet Switch into your work area (you need this because you can t make a direct connection between the Cloud and ASA FW). 7. Connect the FW and Cloud to the switch (make a note of which interface you used in the ASA to connect to the switch. You ll need this info shortly). 8. Start all devices and log into the ASA. 9. Go back to Windows 7 and open Network and Sharing Centre (you can just click the Start button and enter sharing. You should see Network and Sharing Center and the top of the search results list. Click on Network and Sharing Center. 10.In the Networking and Sharing Center window, click on the Local Area Connection that was created when you configured the loopback. In my case, this was Local Area Connection 3: 11.Click on Properties. 12.Double-click Internet Protocol Version 4 (or click it once, then click Properties).

13.Enter the following info int the Properties box, then click OK to back out to the Network Sharing window (note: The 10.10.10.3 gateway address shown below is the IP address I configured on the virtual router that I m using for this lab. You don t need it to load the ASDM software, since the loopback and ASA are on the same subnet. However, you will need it when trying to access the router using CCP). 14.Turn off Windows Firewall (click Start, enter Windows Firewall and click on Windows Firewall from the list of items that pop up in the search results). This will display the Firewall GUI. 15.In the left-hand window panel, click Turn Windows Firewall on or off. 16.In the next window, select the radio buttons shown below:

WARNING: Make sure you go back and re-enable Windows Firewall once you have loaded the ASDM software into the ASA, which is explained next: Configuring the ASA 1. Configure the ASA as follows (this assumes you used Gig0 to connect the ASA to the switch): ciscoasa# config t ciscoasa(config)# int gig0 ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0 ciscoasa(config-if)# nameif management ciscoasa(config-if)# no shut 2. From the ASA, verify you can ping 10.10.10.2 (your loopback address). If successful, continue to the next step. If unsuccessful, verify all previous steps. 3. Open the SolarWinds tftp server (or whatever tftp server you are using). In this example, I ll use SolarWindws. 4. In the SolarWinds TFTP Server interface, click on File Configure. 5. On the General tab, browse to the location of your ASDM file, click the folder that is holding the ASDM bin file, then click OK. I stored my file in the following folder: 6. Upload the asdm binary file to the ASA (replace the filename shown with whatever filename you are using): ciscoasa# copy tftp flash Address or name of remote host []? 10.10.10.2 Source filename []? asdm-647.bin Destination filename [asdm-647.bin]? Accessing tftp://10.10.10.2/asdm-647.bin!!!!!!!!!!!!!!!!!!!!!!!! 7. Complete the config to be able to allow the ASDM GUI to talk to the ASA: ciscoasa# config t ciscoasa(config)# asdm image flash:asdm-647.bin ciscoasa(config)# http server enable ciscoasa(config)# http 10.10.10.2 255.255.255.255 management ciscoasa(config)# username cisco password cisco privilege 15 ciscoasa(config)#wr Yes, you can execute the write command in config mode in the ASA!

8. Open your browser and point it to https://10.10.10.1 (if you re using a proxy, disable it for now). You should see a window like this pop up in a few seconds: 9. Click on Install ASDM Launcher and Run ASDM. If you see this warning, click Continue: 10.Once it completes the install and you tell it to run, you should see the following window. Enter the IP of your loopback interface (which we configured as 10.10.10.1 at the beginning of this doc). The login is cisco / cisco (which is what we configured earlier in the ASA: 11.In the next window, click OK.

12.You should now see the main ASDM GUI: NOTE: When I installed this software initially, I saw the following error message (instead of the GUI shown above): After Googling, I came across a post from someone who said the problem is the space between ASA and 5520 (they didn t really say where they were seeing this at). The recommendation was to downgrade to a previous version of ASDM. I had initially tried asdm-721.bin, but used asdm-647.bin and this fixed the problem. Here are a few of videos that may help you in setting up ASA and ASDM: https://www.youtube.com/watch?v=vgofxwb1qvi http://www.youtube.com/watch? v=bpizwtt7zye&list=uuzsiahvmbqxaeogsubphb6q&index=6 http://www.youtube.com/watch?v=moqmn74reky

Did you remember to re-enable Windows Firewall??? Minimum Router Config for CCP Here s a video that shows how to configure a Cisco device to communicate with CCP: http://www.youtube.com/watch?v=uryo3xbek4e but in a nutshell, the basic config to be able to use CCP with a device is below (Note: Typically you would choose either ip http server or ip http secure-server). You do not need to set up the vty lines, because CCP is accessing the router using http/s. username xxx priv 15 secret xxx ip http server ip http secure-server ip http authentication local! Using CCP to Configure a Cisco Device 1. After installing CCP, you should have an icon on your desktop named Cisco Configuration Professional. Before you start CCP, you ll want to make sure you can communicate with the router first. You do this by bringing up a browser window (use IE, as this is what CCP will use). 2. Since we configured both telnet and ssh, you can either use https or http to access the router (I ll use https in this example). In the IE window, enter https://10.10.10.3/ and press enter. You may get a warning saying There is a problem with this website s security certificate. Ignore it by clicking Continue to this website (not recommended). 3. You will be prompted to log in. Use the local account you set up earlier to log in (which is cisco / cisco for this setup). After you enter your credentials, you will see a basic screen of info. This verifies you can at least communicate with the router:

4. Start CCP. Once it loads, click Manage Devices at the bottom left of the window. 5. In the Manage Devices window that appears, enter the IP address, username and password of the device you want to connect to. If you want to use https, also click the checkbox to the far right of the line and click the dropdown error to verify which ports it will use: Do the same thing for each device you want to manage with CCP, then click the checkbox in the lower right-hand corner (labeled Discover all devices). Click OK. Back at the main window, highlight the device you want to access and click Discover (note: The discovery process can take 30-45 seconds!). As it s trying to discover the device, you will see the status. Once it s done (and assuming it was successful), the Discover Status will say Discovered. Once is shows Discovered, you can begin configuring the device using the Configure button near the top left-hand corner of the window. Other Troubleshooting Tips If you run CCP and only see CCP in about a fourth of the window, try pressing Ctrl+ to expand the windows. You need to run CCP as Admin. Right-click the CCP icon, click Properties, then click the Compatibility tab. In the bottom left-hand corner, verify the Run this program as an administrator is checked. https://learningnetwork.cisco.com/thread/57763?start=15&tstart=0 http://blog.pluralsight.com/cisco-configuration-professional-installation https://www.youtube.com/watch?v=vgofxwb1qvi Some have said you need to have an IE window already opened before running CCP, but I haven t ran into that issue. Some also say you need to run CCP with admin privileges. When CCP was installed, it was already configured to run as admin. To check, right-click the CCP icon, click the Compatibility tab, and verify it s set for Run as admin.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback