Tip:
Highlight text to annotate it
X
00:00:01 - Using GNS3 to Practice with the ASA and ASDM.
00:00:05 - What's the single difference between an individual who
00:00:08 - becomes really, really competent at some technology
00:00:11 - and somebody who just knows it fairly well?
00:00:14 - One of the biggest differences is hands-on.
00:00:17 - So what I'm going to do is strongly encourage you to
00:00:19 - build your own simulated environment to practice
00:00:21 - everything at the CLI and the ASDM. 00:00:24 - So when I show you something or
we go through it together 00:00:26 - in the Nugget series, I don't want
you to just watch it. 00:00:29 - I want you to do it.
00:00:30 - So if you have racks and racks of available equipment not
00:00:33 - being used and you can change it, use the live gear.
00:00:36 - That's great. 00:00:37 - If you don't have racks and racks
of live gear all ready 00:00:40 - to be changed at your command,
you should go ahead and build 00:00:43 - a simulated environment using GNS3.
00:00:46 - In mid-2012, GNS3 had an update which now supports 8.4
00:00:51 - extremely well. 00:00:53 - And I would strongly encourage
you to use it. 00:00:55 - So what's this Nugget all about?
00:00:57 - I've organized some high-level tasks that you would want to
00:01:01 - do to put together on your own system the perfect quote,
00:01:05 - unquote simulated lab environment so you can
00:01:08 - practice everything. 00:01:09 - If you're ready, let's jump in.
00:01:11 - Our objective in this video is really simple.
00:01:14 - It's to answer the question, how can I practice in a
00:01:17 - virtualized environment all the techniques and concepts
00:01:20 - that we're learning in this series together?
00:01:23 - And the answer is going to be GNS3. 00:01:25 - Until about mid-2012, emulation
of the ASA had 00:01:30 - major, major issues.
00:01:31 - We're going to leave all those behind because the new and
00:01:34 - current version of GNS3 allows 8.4 support with ASDM.
00:01:39 - It is absolutely wonderful. 00:01:41 - So I wanted to share with you.
00:01:42 - We're going to go through each on of these items as far as
00:01:44 - the ingredients list. 00:01:45 - But let's start from the end result.
00:01:47 - And then we'll backfill it with these individual pieces.
00:01:50 - I'm going show you and walk you through right now, going
00:01:52 - into my GNS3. 00:01:53 - And we'll create, from scratch,
an entire virtualized 00:01:56 - environment.
00:01:57 - Let's begin. 00:01:58 - So starting from the beginning,
the very first 00:02:00 - thing I do when I'm working with
GNS3 is I'm going to turn 00:02:04 - off my virus protection.
00:02:06 - Now you may have a corporate policy or anything else that
00:02:09 - would stop you from doing that. 00:02:10 - I don't want you to break any rules.
00:02:12 - But I want you to know that there's going to be
00:02:13 - interference from a personal firewall between GNS3 and
00:02:17 - virtual machines back and forth. 00:02:19 - So if you want to rule out your
firewall, you may want to 00:02:22 - consider turning it off temporarily.
00:02:25 - So I'm going to my McAfee. 00:02:26 - And it's say turn off the firewall.
00:02:28 - It's going to say, you may not want to do this.
00:02:30 - When do you want to turn it back on?
00:02:31 - I'm going to say, when I restart my PC.
00:02:33 - That way, if this takes me longer than 60 minutes to
00:02:35 - crank out, I won't have it coming and interrupting me.
00:02:38 - So I'm going to say when I restart the PC, you go ahead
00:02:40 - and restart the firewall. 00:02:41 - Then I'm going to click on turn
off. 00:02:42 - It says, your computer's at risk,
your computer's at risk. 00:02:45 - I'm going to take that risk for
a short period of time 00:02:47 - while I work on my GNS3.
00:02:49 - So I'm going to minimize that. 00:02:50 - The next thing I've done is I've
launched GNS3. 00:02:52 - I've installed it.
00:02:53 - I got the all in one installer. 00:02:55 - I installed the latest version
of it. 00:02:57 - And I brought it up.
00:02:58 - And it says, hey, would you like to create a new project?
00:03:00 - I'm going to say, absolutely. 00:03:01 - Yes.
00:03:02 - So I'm going to say also I want to save anything in NVRAM
00:03:05 - and the virtual hard drives. 00:03:07 - And I want to save iOS start up
configurations. 00:03:09 - And I'm going to give it a name.
00:03:11 - So let's call this together Nugget ASA.
00:03:16 - Just like that. 00:03:17 - And then click on OK.
00:03:19 - It's going to take a few moments. 00:03:20 - And it's going to bring up this
new screen right here. 00:03:22 - And I'm going to bring this into
position so 00:03:24 - we can all see it.
00:03:26 - And there we go. 00:03:27 - So it brought up under Nugget ASA.
00:03:28 - There's our topology. 00:03:30 - Now what do we do with it?
00:03:31 - Well, the first thing to do is have a plan, maybe.
00:03:33 - And here's our plan. 00:03:34 - For our basic topology, here's
what we want to do. 00:03:37 - I want to have a PC here, let's
say an XP box. 00:03:40 - And I liked running Windows 32-bit
XP boxes. 00:03:43 - Why?
00:03:44 - Because they don't take terabytes of disc space or
00:03:48 - many gigabytes of disc space. 00:03:49 - XP at 32-bit, fairly small.
00:03:52 - Or we could also run Linux because it's absolutely free.
00:03:55 - Most the time you can find-- 00:03:56 - if you look on the back of a laptop
or something else, an 00:03:59 - old device that you have lying
around-- 00:04:01 - you can find a license for XP.
00:04:03 - So if you have a license for Windows XP 32-bit, you might
00:04:06 - as well go ahead and use it. 00:04:07 - We can put it in something called
VirtualBox. 00:04:10 - So VirtualBox is a free app.
00:04:12 - And you can also use VMware. 00:04:14 - There's nothing wrong with VMware.
00:04:15 - I love VMware too. 00:04:16 - So I choose use VirtualBox because
it's really handy and 00:04:18 - convenient.
00:04:19 - And I run XP 32-bit in that VirtualBox. 00:04:22 - And I have something called a interface,
that's called a VB 00:04:26 - interface, a VirtualBox interface.
00:04:28 - And I connect the XP box. 00:04:30 - I'll walk through exactly how I
do that. 00:04:32 - I also take this the cloud.
00:04:34 - And then I connect it. 00:04:35 - And I use a switch.
00:04:36 - So I've got a switch right out of--
00:04:38 - this guy right here. 00:04:39 - Here's my ethernet switch.
00:04:41 - I have a switch. 00:04:41 - And then I tie that switch to my
ASA. 00:04:44 - And that ASA is going to be one
of my interfaces, maybe 00:04:47 - interface one or two or three or
four or whatever. 00:04:49 - And that's how I connect it up.
00:04:50 - And then if I have a DMZ, I'll go like this to my DMZ.
00:04:53 - I'll use another switch. 00:04:54 - I always like using switches to
all of my interfaces 00:04:57 - because you can hot break the connection.
00:04:59 - If I go directly from, for example, the VirtualBox cloud
00:05:04 - to the ASA and I've got the devices running, it may have
00:05:06 - heartache if I try to remove a connection.
00:05:09 - I always put a switch as an intermediate device, just so I
00:05:11 - can move stuff around when I want to, when I need to,
00:05:14 - without having to shut devices down.
00:05:16 - So here's another switch. 00:05:17 - Maybe this will be our DMZ interface.
00:05:19 - This will be the inside from the ASA's perspective.
00:05:22 - And then I can have another cloud here.
00:05:24 - And maybe that's my VirtualBox number two.
00:05:27 - So VirtualBox network one, VirtualBox network two.
00:05:30 - And then I can hang over here maybe a Linux box.
00:05:33 - I love Ubuntu. 00:05:34 - It's just amazing what the community
with Ubuntu has done 00:05:37 - and made available.
00:05:38 - So Linux desktop. 00:05:40 - I like the desktop not the server,
because it has a 00:05:42 - nicer, more friendly user interface.
00:05:44 - And here we could run FTP, we could run web services, and
00:05:50 - lots of other things that are all free.
00:05:52 - And so you can just download the files you need.
00:05:54 - It has installers to install the programs you need.
00:05:57 - A little help from Google now and again can get you whatever
00:05:59 - you need on this device. 00:06:01 - So there's the XP box.
00:06:02 - We'll have him as a client. 00:06:05 - And we'll have our Linux box acting
as a server. 00:06:08 - And then we have the outside world.
00:06:11 - And for the outside world, I'm going to use another switch.
00:06:14 - There's yet another switch. 00:06:16 - Maybe this is switch one, switch
two, switch three. 00:06:19 - And off here, what I'll do is I'll
have another cloud. 00:06:23 - And that cloud I'm going to have
connect to my Microsoft 00:06:26 - loopback interface.
00:06:30 - All of this is a virtualized. 00:06:32 - All of it.
00:06:33 - 100%. 00:06:34 - And my actual computer, which is
running Windows 7 at the 00:06:36 - moment, it has a Microsoft loopback
interface that's 00:06:39 - bridged to my real interface.
00:06:41 - So effectively, this connects to my home office network
00:06:45 - 192.168.1.0 network. 00:06:50 - And I also have a default gateway
at 0.1. 00:06:52 - And if I point this ASA, if I give
him 00:06:54 - the address of 192.168.--
00:06:56 - I think I used 171 quite a bit in class.
00:06:59 - And I give him a default route that says, the default route
00:07:02 - is 192.168.1.1, this guy, the ASA, through my Microsoft
00:07:07 - loopback cloud connected to the outside interface, is
00:07:09 - directly connect to that network. 00:07:11 - And he can touch and talk to the
internet. 00:07:13 - So this is how you could actually
get your network 00:07:14 - connected to the internet virtually.
00:07:17 - I also want to point out that there's so much documentation
00:07:20 - on VirtualBox. 00:07:22 - It's just fantastic.
00:07:23 - It's already out there on the internet. 00:07:24 - So instead of recreating hours
and hours of content, I wanted 00:07:28 - to let you know that VirtualBox
is something that 00:07:30 - we definitely want to install.
00:07:31 - GNS3, the current version, is something we definitely want
00:07:33 - to install. 00:07:34 - And setting up the Microsoft back
interface and bridging it 00:07:38 - on our computer with a real interface
is also something we 00:07:41 - want to do.
00:07:41 - So let's go ahead and create this network together.
00:07:43 - I think it will be a good experience. 00:07:44 - So where do we want to start?
00:07:45 - Well, let's start with the ASA. 00:07:48 - Setting up the ASA support inside
of GNS3, there's just 00:07:51 - tons of documentation on the internet
for that already. 00:07:55 - So if you do a Google search for
GNS3 ASA 8.4, you're going 00:08:00 - to have boatloads of information
on exactly what 00:08:03 - settings to use and how to point
to them and et cetera, 00:08:05 - et cetera, et cetera.
00:08:06 - So that part's already available. 00:08:08 - I checked.
00:08:08 - There's actually multiple sources that are going to walk
00:08:11 - you through that step by step. 00:08:12 - So let's assume we've got the GNS3
configured to support the 00:08:16 - ASA, and now we just want to build.
00:08:18 - So I'm going to start off with an ASA.
00:08:20 - Now the first thing I'm going to do is I'm going to bring
00:08:21 - the ASA out here. 00:08:22 - And you'll notice, the actual icon,
it looks 00:08:26 - like the old pix icon.
00:08:27 - So we could change that if we wanted to.
00:08:29 - We could change the icon. 00:08:31 - I really-- it doesn't bother me
that much, so I'm just 00:08:33 - going to leave it alone.
00:08:34 - You can also rename it if you want. 00:08:36 - And, by default, if we hover on
it, it's saying that it's 00:08:38 - available in the counsel port at
3001. 00:08:42 - So if I open up SecureCRT or Putty,
or if I double-click on 00:08:47 - it to launch Putty, it's going
to connect to my local machine 00:08:50 - at port 3001 for a console port.
00:08:53 - So let's go ahead and build this guy.
00:08:54 - We're going to use three switches. 00:08:56 - And I mentioned why, because I
like the ability to 00:08:59 - dynamically connect and remove
connections without having to 00:09:02 - turn devices off.
00:09:03 - There's my three switches for the inside, outside, and DMZ.
00:09:06 - And then I'm also going to build some clouds.
00:09:09 - So I want my cloud out here. 00:09:11 - That's going to be my VirtualBox
00:09:13 - connect network one. 00:09:15 - And then I want another cloud.
00:09:17 - They don't have to be numbered one, two, and three, but I'm
00:09:19 - that for convenience sake. 00:09:20 - And that's to be for the DMZ.
00:09:22 - And this will be for the loopback. 00:09:25 - So just as a visual reminder here,
this will be VirtualBox 00:09:29 - network one.
00:09:31 - This will be VirtualBox network two.
00:09:34 - Just logical networks that are hanging
00:09:35 - out inside your computer. 00:09:37 - And this over here will be my Microsoft
loopback that I 00:09:41 - created on this machine.
00:09:44 - That Microsoft loopback is in a bridge pair with the real
00:09:48 - interface, which, on this machine, happens to be
00:09:51 - wireless at the moment. 00:09:52 - Which is, effectively, giving this
connection out to 00:09:54 - 192.168.1.0/24.
00:09:59 - Which is, for many people, what you'd use on the inside
00:10:02 - of your home network that connects out to your cable
00:10:04 - modem or DSL or what have you. 00:10:06 - So that's how those are going to
fit. 00:10:08 - What we need to do is let's go
ahead and tell this cloud, C 00:10:11 - one, what it's connection is.
00:10:13 - I just double-clicked on C one. 00:10:14 - And I'm going to select it and
then go to the generic network 00:10:18 - input output.
00:10:19 - And I'm going to make this a little bit bigger so we can
00:10:21 - all see it. 00:10:22 - And I'm going to tell it that its
connection from this drop 00:10:26 - down list is my VirtualBox host-only
network. 00:10:30 - And that's network number one.
00:10:32 - So I'll click on that, click on add.
00:10:34 - And poof. 00:10:35 - Now this knows this cloud represents
my VirtualBox in a 00:10:39 - local host-only network.
00:10:41 - I'm going to go to cloud number two.
00:10:43 - Double-click on it. 00:10:45 - Click on it again.
00:10:46 - And then from here, I'll make this bigger to so
00:10:48 - we can all see it. 00:10:50 - And I'm going to say this guy is
my VirtualBox host-only 00:10:53 - network number two.
00:10:54 - And I'll show you the interface for
00:10:55 - VirtualBox as well. 00:10:56 - And I want to click on add and
OK. 00:10:59 - Cloud three is going to be my Microsoft
loopback interface 00:11:02 - on my real computer, my real Windows
7. 00:11:04 - So double-click on it to edit it,
select it. 00:11:08 - And then from here, I'm going to
drop down box so I can see 00:11:12 - all my interfaces here.
00:11:13 - We've got by Microsoft loopback driver
00:11:15 - on local host loopback. 00:11:17 - And that's the Microsoft loopback
interface that I've 00:11:19 - created on this machine.
00:11:21 - And I'll click on add to that. 00:11:22 - So now I've got my three clouds
in order. 00:11:25 - That's fantastic and wonderful.
00:11:27 - Let's go ahead and tell the ASA and
00:11:28 - the clouds all connect. 00:11:29 - How do we do that?
00:11:30 - Here's the connection tool right here.
00:11:32 - So if I click on that and we click on manual and I'm going
00:11:36 - to go from the ASA, let's go for E1 on the
00:11:41 - inside to the switch. 00:11:42 - Now that connection E1, if you
want to see that, you can 00:11:45 - actually hit this button right
here. 00:11:47 - And that gives you your connections.
00:11:48 - Now it calls it E1. 00:11:50 - But what that really is going to
end up being is gigabit 00:11:53 - interface number one.
00:11:55 - So on a 5520 or a 5540 it'll be like gig zero, zero; gig
00:11:59 - zero, one; gig zero, two. 00:12:01 - Here they use gig one, gig zero,
gig two, gig three. 00:12:04 - And besides the actual interface
numbering, the rest 00:12:07 - of the logic is all the same.
00:12:08 - So there's our first interface. 00:12:09 - Let's do all three.
00:12:10 - Go back to manual. 00:12:11 - Say, I want to use E2 for the DMZ.
00:12:16 - And I want to use E3 for the outside. 00:12:19 - And this is asking me what switch
port I want to use. 00:12:22 - And for the switch, it doesn't
matter. 00:12:23 - Just consider each switch its own
broadcast domain, it's own 00:12:26 - layer 2 dedicated switch for that
purpose. 00:12:29 - And then let's build the connections
for the cloud. 00:12:31 - From the cloud I have that one
interface as my VirtualBox 00:12:34 - host-only network number one.
00:12:36 - So I click on that. 00:12:37 - Going to the switch.
00:12:38 - I'm going to do the same. 00:12:39 - And you can drag these around if
you want the name's not to 00:12:42 - overlap like that.
00:12:43 - And I'll do the same thing for this guy.
00:12:46 - I'll say I'm going to-- 00:12:48 - that's the virtual network number
two. 00:12:50 - And then I have the Microsoft loopback,
which I'll put to 00:12:54 - switch three.
00:12:55 - Just like that. 00:12:56 - So that's our infrastructure.
00:12:57 - Now let's add some PCs to this mix.
00:12:59 - How do we accomplish that? 00:13:01 - The way we accomplish that, because
this cloud represents 00:13:04 - VirtualBox network one, this cloud
represents VirtualBox 00:13:08 - network two, this cloud represents
my Microsoft 00:13:11 - loopback interface, the rest of
the work or the next part 00:13:14 - of the work is going to be done
inside a VirtualBox for 00:13:17 - this cloud one and cloud two forwarding
to these devices. 00:13:20 - To do that, we're going to bring
up VirtualBox. 00:13:23 - So from the VirtualBox Manager,
the first thing we 00:13:25 - might want to do is consider creating
00:13:27 - some additional networks. 00:13:29 - Now we go to file and preferences.
00:13:32 - And here we can specify under networks the virtual networks
00:13:36 - we want to use with VirtualBox. 00:13:38 - I think it gives you like two by
default. 00:13:41 - But you don't have to use just
two if you want more, so I've 00:13:43 - got VirtualBox--
00:13:44 - this is my network number one, network number two, and
00:13:48 - network number three. 00:13:48 - So I've got cloud number one tied
to this, cloud number two 00:13:52 - tied to this.
00:13:52 - If you want to add or delete you can simply use these
00:13:54 - buttons right here. 00:13:55 - So that's how you specify the networks
in VirtualBox. 00:13:58 - And then you go to your machine
you want to deal with. 00:14:00 - So here I've got a working XP 32-bit
00:14:04 - machine that I've installed. 00:14:05 - If you want to look at the network
00:14:06 - interfaces, you go to settings. 00:14:08 - And under settings, if you get
a network this device is 00:14:12 - connected to my VirtualBox host-only
ethernet adapter 00:14:16 - number one.
00:14:17 - If I wanted to, I could choose network two or network three.
00:14:19 - But I want them on number one. 00:14:21 - If you also notice, I've got this
Ubuntu box. 00:14:23 - If I look at his settings.
00:14:25 - And I've got him configured for network number two.
00:14:29 - And you can do lots of things. 00:14:31 - You can say, I want to do NAT or
I want to do bridging on 00:14:33 - that adapter or internal network
or host-only adaptor. 00:14:36 - I choose host-only adapters because
it's really clean, 00:14:39 - really tight.
00:14:39 - But it's not the only option. 00:14:41 - But it is one that absolutely works.
00:14:43 - So I'm going to go ahead and cancel. 00:14:44 - Not making any changes.
00:14:45 - And then to simply launch one of these guys, you simply
00:14:48 - double-click on it. 00:14:49 - To install a new device, you click
on new and follow the 00:14:52 - bouncing ball.
00:14:53 - If you have a Windows installation disc and you have
00:14:56 - the license keys ready for installing that software,
00:14:59 - that's how you can install a brand new system.
00:15:01 - It'll prompt you on how big you want the hard drive to be
00:15:04 - and how much memory want to give it and everything else.
00:15:07 - Well, I've set up Ubuntu, I've set up Windows XP, and I've
00:15:09 - also set up a copy of backtrack, which is
00:15:11 - a lot of fun too. 00:15:12 - So let's go ahead and launch this
device. 00:15:14 - You can double-click on it to launch
it. 00:15:15 - In the background, this little
Windows XP box is launching. 00:15:19 - I'm going to minimize him.
00:15:20 - We'll come back to him in just a moment.
00:15:21 - And then I can close this control panel.
00:15:23 - If I wanted to launch the device-- 00:15:26 - the Ubuntu box-- on the DMZ, I
could do that as well. 00:15:30 - And that would be down here, the
DMZ. 00:15:32 - What have we done so far?
00:15:33 - We've configured our infrastructure. 00:15:35 - We've made the connections.
00:15:36 - We need to power on the ASA. 00:15:38 - So let me right-click.
00:15:40 - And let's click on start for this ASA.
00:15:43 - And that's starting up. 00:15:44 - Now how do you connect to them?
00:15:45 - You could double-click on it. 00:15:47 - And that would bring up Putty,
which is self-installed as 00:15:50 - part of the all in one install
for GNS3. 00:15:53 - Or you could open up a connection
to them through 00:15:55 - your favorite terminal program.
00:15:57 - Mine happens to be Secure CRT, but it
00:16:00 - doesn't have to be used-- 00:16:01 - you don't have to use Secure CRT
for that. 00:16:03 - ASA one on 3001.
00:16:05 - Because it said that this ASA, the console port is my
00:16:09 - loopback address, 127001, port 3001.
00:16:13 - Let me show you that again. 00:16:15 - So let me close that.
00:16:16 - So if we hover over this, the third line down says the ASA's
00:16:19 - file or wrapper runs on blah, blah, blah, blah.
00:16:21 - The console port is 3001. 00:16:23 - So if you want to connect to that
device, how you do that 00:16:26 - is you'd open up Secure CRT or
whatever program you want and 00:16:30 - go ahead and connect.
00:16:31 - So I'll bring up a new connection. 00:16:32 - File, connect.
00:16:33 - And I'll bring up a new one. 00:16:35 - So we'll say file, connect.
00:16:37 - And we're going say-- 00:16:38 - I want to bring up a new connection
just so you can see 00:16:40 - it from scratch.
00:16:41 - I'm going to use Telnet. 00:16:43 - This is Telnet from my machine
to that port. 00:16:46 - So I'm going to say--
00:16:46 - I'm going to go to 127.0.0.1, which is my loopback address.
00:16:52 - And I'm going to say port 3001. 00:16:55 - Why?
00:16:56 - Because that's the port number where that ASA is currently
00:16:59 - waiting for me. 00:17:00 - So I'll click on connect.
00:17:02 - And I am there. 00:17:03 - So we now have a console connection
to that ASA. 00:17:09 - There we go.
00:17:09 - And it's just finishing its initialization. 00:17:11 - Fantastic.
00:17:12 - There it goes. 00:17:14 - Now another question is, OK, Keith,
where do I-- 00:17:17 - the operating system involved for
the ASA and the license 00:17:20 - keys and everything else-- where
do I have that? 00:17:22 - Just to be clear, Cisco sells hardware.
00:17:25 - And they license their software 00:17:27 - to run on that hardware.
00:17:28 - And there's keys and so forth tied together.
00:17:30 - I would strongly encourage you, if you're interested in
00:17:33 - finding out more about appropriate license keys and
00:17:36 - so forth for GNS3 and 8.4 of the ASA, you might do a really
00:17:40 - quick Google search on that. 00:17:42 - And I think you'll find all the
information that you need. 00:17:45 - So there's tons of documentation
with ASA 8.5 and 00:17:49 - with the GNS3 and how to put all
that together. 00:17:53 - If you just do a little Google,
you'll 00:17:54 - be absolutely great.
00:17:55 - So here we go. 00:17:56 - This is the ASA right here.
00:17:59 - And if we want to initialize the ASA, I'm going to go into
00:18:02 - privilege mode. 00:18:03 - Config t.
00:18:03 - I'm going to say no to the phone home feature.
00:18:06 - And this is-- it thinks a 5520 with six gig interfaces-- gig
00:18:10 - zero through gig five. 00:18:12 - And this is E1 right here.
00:18:13 - So if we wanted to test that real quick, we could say
00:18:16 - interface gig one. 00:18:18 - Again, this says E up here, but
they're actually gigabit. 00:18:21 - And we say, no shut down.
00:18:23 - And we'll give a name if, which will automatically set
00:18:26 - the security level to 100. 00:18:28 - Any other name besides inside would
give it a security level 00:18:30 - by default of 0.
00:18:32 - So we don't have to do the security level command.
00:18:34 - And let's give it an IP address. 00:18:35 - IP address of 10.0.0.1.
00:18:38 - A 24-bit mask. 00:18:41 - And let's try to ping.
00:18:42 - Let's see. 00:18:42 - Let's see if my virtual box is
up. 00:18:44 - I think he is.
00:18:45 - So we'll bring up Mr. VirtualBox in
00:18:47 - the XP box out here. 00:18:49 - Wow, he's big.
00:18:51 - And let's just go to command prompt and do an IP config.
00:18:55 - And he's at 10.0.0.51. 00:18:57 - I hard coded him.
00:18:58 - So it's just normal Windows XP. 00:19:00 - And we'll try a ping real quick.
00:19:02 - Ping 10.0.0.51. 00:19:05 - Just like that.
00:19:08 - So that is handy when it works the first time.
00:19:10 - If my firewall was on, my firewall would have blocked
00:19:13 - that connection from working successfully. 00:19:15 - So I've learned that through hard
experience. 00:19:17 - You need to turn your firewall
off. 00:19:18 - Otherwise it stops that traffic.
00:19:20 - Now to get this going beyond that, the very first video of
00:19:24 - the Nugget series is going to walk us through bootstrapping
00:19:27 - the ASA, getting the basic commands, and also
00:19:31 - loading the ASDM over. 00:19:33 - So what I do, and which is pretty
handy, is if I need to 00:19:37 - get a ASDM on the file system,
I will just use this Windows 00:19:40 - XP box as a TFTP server right here.
00:19:46 - So here's my XP box. 00:19:48 - I'll set him up.
00:19:49 - I like 3 com daemon, which has been around for
00:19:52 - like millions of years. 00:19:54 - But it works great.
00:19:55 - It supports TFTP and FTP. 00:19:56 - And there's SolarWinds has some
free stuff too. 00:19:58 - And just use TFTP or FTP server
of your choice. 00:20:02 - And then you can go ahead and copy
the they ASDM file, which 00:20:07 - needs to be on the flash of the
ASA. 00:20:10 - You can go ahead and do a copy
TFTP space flash. 00:20:17 - It'll prompt you and say, what's
the IP address? 00:20:18 - You put in the IP address of your
XP box. 00:20:21 - You specify what the file name
is of ASDM that you want to 00:20:25 - put on the flash.
00:20:26 - And then you'd go ahead and tell it to copy.
00:20:28 - And it will copy over from this virtual machine to this
00:20:32 - virtual machine's hard drive, the flash.
00:20:34 - And then it will be there. 00:20:36 - So if you want to use ASDM, you
need to have 00:20:38 - the ASDM on the flash.
00:20:39 - And in the Nugget series, we'll walk you through the
00:20:41 - exact steps of how to configure where that ASDM is
00:20:45 - and how to enable HTTP services and
00:20:47 - who can access it. 00:20:48 - And that's already included in
all the Nuggets. 00:20:50 - So that part's working.
00:20:52 - Let's do one more just to-- also, let's do the outside
00:20:54 - interface to demonstrate how simple this could be if it
00:20:58 - works correctly. 00:20:59 - And it should.
00:21:00 - It should work perfectly. 00:21:01 - Let's go ahead and configure the
ASA outside 00:21:03 - interface as well.
00:21:05 - So here's the console again for the ASA.
00:21:07 - And on the outside interface let's do interface gig three,
00:21:11 - no shut down. 00:21:13 - Let's give it a name.
00:21:13 - Name if outside. 00:21:17 - That works.
00:21:17 - And we'll also go ahead and do an IP address DHCP.
00:21:21 - Now, if everything's working correctly, what
00:21:24 - should happen is this. 00:21:26 - This outside interface should be
issuing DHCP discovers, 00:21:29 - which should be sent through the
switch and through my 00:21:32 - Microsoft loopback interface, which
is bridged with my real 00:21:37 - interface, which is connected to
the 192.168.1.0 network. 00:21:41 - And I have a little router there
at 192.168.1.1 this 00:21:47 - should be hearing those requests
and responding. 00:21:49 - So if it all works out, I should
have an IP address on 00:21:53 - this ASA if it's working.
00:21:56 - Let's take a look. 00:21:56 - Show IP.
00:21:58 - And sure enough, look at that. 00:22:00 - So there's my--
00:22:01 - I'll make this a wider so it won't wrap like that.
00:22:04 - There we go. 00:22:05 - We've installed GNS3.
00:22:07 - Now where do we install that from? 00:22:08 - GNS3.net.
00:22:10 - When you hit their web page, it talks about, oh, download.
00:22:13 - And there's oftentimes there's banner ads right here.
00:22:16 - Let me refresh this for you. 00:22:17 - This is a mistake you don't want
to make. 00:22:20 - If there's a-- there we go.
00:22:21 - That's a perfect example. 00:22:23 - Right here it says, oh, GNS3 download.
00:22:25 - Well, this is an advertisement for seven zip or something
00:22:28 - crazy like that. 00:22:29 - So you want to make sure you click
on the download from 00:22:31 - GNS3 so you can download GNS3 and
not download some product 00:22:35 - from another advertiser.
00:22:37 - Go to download. 00:22:38 - And then we have the GNS3 8.3 all
in one. 00:22:41 - They've got a flavor for Macintosh
00:22:43 - as well, same version. 00:22:45 - And both work great.
00:22:46 - Now, I personally have been using most of my ASA 8.4
00:22:50 - practice on the Windows side. 00:22:53 - However, I've seen reports that
the Mac side works 00:22:56 - equally as well.
00:22:57 - And if you want to do it there, that's fantastic.
00:22:59 - Either way that works is wonderful. 00:23:01 - The second thing you're going to
want to download and 00:23:03 - install is VirtualBox, which is
also free. 00:23:07 - It's owned by Oracle these days.
00:23:09 - So you go to the Windows flavor, if that's what you're
00:23:11 - running, and download x86/amd64 flavor of it.
00:23:15 - And that will install your VirtualBox. 00:23:17 - As far as the other items on the
list that we'd want to 00:23:19 - have, we'd need a Microsoft loopback
interface. 00:23:23 - These are free.
00:23:24 - You can create one absolutely free. 00:23:26 - Now why do we need that?
00:23:28 - It's because we're going to take our Microsoft loopback
00:23:31 - interface, which is tied to GNS3 from our previous example
00:23:37 - in the cloud, and we're going to create something called a
00:23:40 - bridged interface with-- 00:23:45 - let's say you have a wired connection
from 00:23:47 - your PC, or a wireless.
00:23:48 - It doesn't even matter. 00:23:49 - But we're going to take our Microsoft
loopback interface, 00:23:51 - our wired, and we're going to create
a bridged connection. 00:23:54 - The way you do that is in your
network connections you 00:23:56 - highlight the two interfaces.
00:23:58 - And you say, I'd like to bridge these.
00:24:00 - Poof. 00:24:00 - And it's done.
00:24:02 - You create the Microsoft loopback interface.
00:24:03 - You reboot your machine before you go into GNS3.
00:24:07 - I know that's a big temptation. 00:24:08 - Create the loopback interface.
00:24:09 - You go to GNS3. 00:24:10 - It doesn't show up.
00:24:11 - You have to reboot so that when you've--
00:24:13 - after you reboot everything see that new loopback
00:24:16 - interface, including GNS3. 00:24:18 - So that's the MS loop.
00:24:20 - And you're going to bridge that with your real adapter.
00:24:22 - That's the one that you're really working with on your
00:24:24 - Windows 7 machine. 00:24:26 - And then in VirtualBox, I walked
you through how to 00:24:28 - create additional networks there,
additional interfaces. 00:24:31 - So for the desktop OS, we have
Windows XP. 00:24:34 - I like the 32-bit flavor because
it's fairly small and 00:24:37 - tight and compact.
00:24:39 - If you have a license for Windows 7 and you want to
00:24:41 - install it, that's great. 00:24:42 - But it's going to take longer to
boot. 00:24:43 - It's going to take more resources.
00:24:45 - And really, for just having an end station hiding behind the
00:24:48 - ASA for testing purposes, it's not going to buy that much as
00:24:51 - far as benefit except for slowing down
00:24:53 - your overall machine. 00:24:54 - That's when I use Windows XP 32-bit.
00:24:56 - I use an Ubuntu desktop for the DMZ.
00:24:59 - You could use Ubuntu desktop for both if you wanted to,
00:25:02 - because Ubuntu, there's no licensing conflict.
00:25:05 - If you don't have enough licenses, you can Ubuntu as
00:25:08 - many times as you want. 00:25:09 - It's open source.
00:25:09 - It's not going to require a license to run.
00:25:12 - For the network device OS, I would encourage
00:25:14 - you to Google that. 00:25:15 - That would be your best resource.
00:25:17 - So, as I mentioned earlier, Cisco sells hardware.
00:25:21 - They license their software. 00:25:22 - A lot of that software runs on
their hardware. 00:25:25 - So you can't just give away software.
00:25:27 - So as far as getting the OS information that you need for
00:25:31 - GNS3 working with 8.4 of the ASA, I would
00:25:36 - recommend you use Google. 00:25:38 - And you search for ASA 8.4.
00:25:43 - These going to be spaces right there.
00:25:44 - GNS3. 00:25:46 - And that will very likely lead
you to all of the detailed 00:25:49 - information that you might need
to answer your questions 00:25:52 - regarding that.
00:25:53 - Supporting files. 00:25:54 - The other thing you might need
is ASDM. 00:25:57 - And I say you might need, you are
going to want that. 00:25:59 - ASDM the graphical user interface
that you're going to 00:26:02 - use to work with your ASA.
00:26:05 - So the ASDM image file would need to get copied over to the
00:26:09 - ASA on flash. 00:26:11 - So you can do that by setting up
your Windows XP box and 00:26:15 - then copy it.
00:26:15 - From the ASA, just do a copy, TFTP, flash.
00:26:20 - Press enter. 00:26:21 - It'll ask you, what's the IP address
of the XP box? 00:26:23 - What's the file name of ASDM?
00:26:24 - It'll copy it over. 00:26:26 - And then once it's one flash, you
are good to go. 00:26:29 - Then in GNS3, the emulated hard
drive and the ASDM will 00:26:33 - all still be available right there
on that ASA. 00:26:37 - So let me walk you through creating
that Microsoft 00:26:39 - loopback adapter.
00:26:39 - It's worthwhile seeing right here. 00:26:41 - So to do that, we're going to open
up a command prompt or 00:26:44 - just do a start, run and run this
command-- 00:26:46 - HDWWIZ, which is short for the
hardware wizard. 00:26:51 - Once we run that by pressing enter,
it's going to launch 00:26:54 - the hardware wizard.
00:26:55 - What we're going to do is we're going to say, I want to
00:26:57 - go ahead and click on Next. 00:26:58 - And I want to do it manually.
00:27:00 - So make sure we select this option right here.
00:27:02 - Don't have it go out searching. 00:27:04 - We're just going to tell it, hey,
we want 00:27:05 - a new network interface.
00:27:06 - We want the Microsoft loopback. 00:27:08 - Please go ahead and just give it
to us. 00:27:10 - So we'll say next.
00:27:11 - And then you're going to say, I want a
00:27:12 - network interface card. 00:27:13 - So we'll scroll down to network
adapters right here. 00:27:15 - Click on next.
00:27:16 - And then we're going to go down to Microsoft.
00:27:18 - Just go ahead, hit M. Take you down the list to Microsoft.
00:27:21 - On the right-hand, side scroll down to the
00:27:23 - Microsoft loopback adapter. 00:27:25 - Click on next.
00:27:26 - And it says, great. 00:27:27 - If you click on next, I'll do it.
00:27:29 - What the heck. 00:27:29 - We'll do it.
00:27:30 - I already have a couple Microsoft loopback adapters.
00:27:33 - What's one more? 00:27:34 - Join the party.
00:27:35 - So we'll click on finish. 00:27:36 - And what it did, it just generated
this new connection 00:27:38 - right here.
00:27:39 - If I go to properties of that, this is a Microsoft loopback
00:27:43 - adapter number three. 00:27:44 - So I can rename that for sanity
purposes. 00:27:47 - So I'm going to rename it.
00:27:48 - Now the trick is, once we add a loopback interface, we'd
00:27:51 - want to make sure we reboot the entire machine before we
00:27:55 - try to use that inside of GNS3 or anything else.
00:27:59 - So that's the trick that you need to remember.
00:28:00 - Reboot after you create your loopbacks, as well after you
00:28:03 - create your VirtualBox network connections as well so they're
00:28:07 - are all available wherever you need them.
00:28:09 - There was three types of interfaces we talked about.
00:28:12 - We talked about the Microsoft loopback interface, which
00:28:14 - we've just created a couple more of them.
00:28:16 - Here's my original one right here. 00:28:17 - We also have the VirtualBox interface,
which is created 00:28:20 - from the VirtualBox tools.
00:28:22 - And then we have the bridged interface. 00:28:24 - Let me show you how to create one.
00:28:25 - So to create the bridged connection, here's my original
00:28:29 - loopback that I created. 00:28:30 - Then I use my labs and testing.
00:28:32 - And I'm going to highlight that by clicking on it.
00:28:34 - And here's my real network interface card.
00:28:36 - It's a wireless. 00:28:37 - It's a Linksys.
00:28:38 - And it's working great. 00:28:39 - If you had a land based connection--
which I don't at 00:28:41 - the moment-- currently active,
you can click on it. 00:28:43 - So you hold the control key down.
00:28:45 - Select your Microsoft loopback interface and the real
00:28:48 - interfaces connected to your real network.
00:28:51 - And then, on either one of them while their both
00:28:53 - highlighted, right-click and say, I want to bridge those
00:28:56 - two connections. 00:28:57 - Da da da da.
00:28:59 - Hold out the cigarette lighter. 00:29:02 - This is now the network bridged
connection. 00:29:05 - This'll come active in a few moments.
00:29:07 - And what it just means is that, hey, this network
00:29:10 - interface card and this loopback are in the same layer
00:29:12 - 2 broadcast domain. 00:29:14 - So now, as we have this now completed,
00:29:16 - when we link the ASA-- 00:29:20 - ASA will be the outside interface.
00:29:22 - We have a switch right here. 00:29:25 - And that switch connects to a cloud.
00:29:26 - And that cloud is our Microsoft loopback interface,
00:29:30 - effectively. 00:29:31 - Because the loopback interface,
this one right 00:29:33 - here, is also bridged to my real
network interface card, 00:29:36 - which is tied to the 192.168.1.x
network. 00:29:41 - Then anything it happens on this
interface is also 00:29:44 - happening on this network.
00:29:46 - So I could be a DHCP client. 00:29:47 - I could communicate.
00:29:48 - I could tell the ASA my default gateway is 0.1.
00:29:50 - And I could be on the network, on the internet.
00:29:53 - It's really handy, too, as you test things.
00:29:55 - So the big picture is you have an XP box or you have your
00:29:58 - Linux box right here on the inside. 00:30:00 - And it has an IP address.
00:30:01 - It has a default route using the ASA.
00:30:03 - Maybe this is the 10 network. 00:30:04 - Maybe this is the 192.168.1.x network.
00:30:08 - Same one as down here. 00:30:10 - So you pull an IP address that's
not in use from your 00:30:13 - real network.
00:30:14 - And you do a default gateway that says the
00:30:16 - default gateway is 0.1. 00:30:17 - And you're off to the races.
00:30:18 - The rest of the matter is just configuring the ASA with the
00:30:21 - appropriate policies, which is the entire Nugget series for
00:30:24 - firewall that will teach you step by step
00:30:26 - exactly how to do. 00:30:28 - So in this Nugget, we've taken
a look at the ingredients for 00:30:31 - the recipe called How Do I Practice
with my own Virtual 00:30:34 - Environment?
00:30:35 - It includes GNS3, which is free. 00:30:37 - VirtualBox, which is free.
00:30:39 - The interfaces, which can be created for free.
00:30:42 - Then your desktop operating system. 00:30:44 - If you have a license for Windows
XP, that's great. 00:30:46 - If you don't, you can use Ubuntu,
which is a free 00:30:49 - download, free install.
00:30:50 - It has all the bells and whistles of DHCP client and IP
00:30:53 - addressing and default routes all that stuff.
00:30:56 - So it will work just fine. 00:30:57 - You can use that for your inside
and your 00:30:58 - DMZ if you need to.
00:31:00 - And we also took a look at some of these supporting files
00:31:02 - that would be required. 00:31:03 - So we need the OS for the ASA and
we need an OS for iOS, 00:31:08 - which we haven't talked about specifically.
00:31:10 - But if you do use IOS with routers, you'd also want to
00:31:13 - make sure you decompress it. 00:31:16 - And there's just tons of videos
on how to do that and 00:31:19 - how to optimize it and the idle
PC timers that all are 00:31:22 - related to IOS.
00:31:23 - So if you do that Google search on ASA 8.4 GNS3,
00:31:27 - there's just tons of documentation on the exact
00:31:30 - settings to find that sweet spot in your network.
00:31:32 - There's also for the ASA ASDM, which is the image file.
00:31:37 - Copy the ASDM image to flash so you can actually launch
00:31:40 - ASDM from the PC, pulling it off of the flash to
00:31:45 - graphically manage your ASA. 00:31:47 - I hope this has been informative
for you, and I'd 00:31:50 - like to thank you for viewing.