It is currently Sun Nov 18, 2018 4:50 pm


All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: VirtualBox host-only adapter can't ping interface of ASA FW
PostPosted: Wed Feb 13, 2013 3:52 am 
Offline

Joined: Wed Feb 13, 2013 3:02 am
Posts: 2
Hi,

I am trying to setup a lab which involves an ASA firewall (CBT nuggets series lab for the CCNP FIREWALL 2.0 cert).
The series narrator does not give much hints on how to setup the host-only adapter in VirtualBox...

Here it goes:

In GNS3, I have:

1) A cloud attached to a VirtualBox host-only network adapter
2) The cloud faces a switch which in turn interfaces with an ASA firewall which has the IP address 192.168.56.1/24
3) The ASA has no ACL configured at all, only the interface is configured

In VirtualBox:

1) The host-only network adapter is configured with the static IP address 192.168.56.51/24
2) The VM (Win XP SP3) uses this adapter as its unique adapter

In the VM:

1) The local area connection has the IP address 192.168.56.53/24.

The situation:

1) Both the host and the guest can ping themselves without any problem.
2) However, while in the VM or on the host, I can only ping the firewall 25% of the time (usually on the 2nd ping)

If you ask:

1) In the ARP of the firewall, sometimes I can see the IP and MAC of the host and guest, sometimes I don't (under MAC it shows "incomplete")
2) both firewalls on the guest and on the host are deactivated
3) I use VirtualBox 4.2.6r82870 and GNS 0.8.3.1 with ASA 8.4.2
4) I have tried different connection settings (10/100/auto speeds with full-duplex on both sides and nothing works)
5) MAC/IP address pairs are correct
6) QEMU settings: console=ttyS0,9600n8 bigphysarea=16384 auto nousb ide1=noprobe hda=980,16,32


Running the "debug arp" command from the firewall, here is what I see when pinging it from the host and VM:

----------------------------------------------------------------------------------
Ping from host at 192.168.56.51 to router at 192.168.56.1 (all unsuccessful pings)
----------------------------------------------------------------------------------

Router#debug arp
ARP packet debugging is on
Router#
*Mar 1 00:08:04.571: IP ARP: creating incomplete entry for IP address: 192.168.56.51 interface FastEthernet0
*Mar 1 00:08:04.575: IP ARP: sent req src 192.168.56.1 d000.0378.0000,
dst 192.168.56.51 0000.0000.0000 FastEthernet0
*Mar 1 00:08:04.579: IP ARP req filtered src 192.168.56.1 d000.0378.0000, dst 192.168.56.51 0000.0000.0000 it's our address
*Mar 1 00:08:11.363: IP ARP: rcvd req src 192.168.56.51 0800.2700.c046, dst 192.168.56.1 FastEthernet0
*Mar 1 00:08:11.367: IP ARP: sent rep src 192.168.56.1 d000.0378.0000,
dst 192.168.56.51 0800.2700.c046 FastEthernet0
Router#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.56.1 - d000.0378.0000 ARPA FastEthernet0
Internet 192.168.56.51 0 0800.2700.c046 ARPA FastEthernet0

--------------------------------------------------------------------------------------
Ping from host at 192.168.56.51 to router at 192.168.56.1 (only 2nd ping went through)
--------------------------------------------------------------------------------------
Router#
*Mar 1 00:12:05.799: IP ARP: rcvd req src 192.168.56.51 0800.2700.c046, dst 192.168.56.1 FastEthernet0
*Mar 1 00:12:05.807: IP ARP: creating entry for IP address: 192.168.56.51, hw: 0800.2700.c046
*Mar 1 00:12:05.811: IP ARP: sent rep src 192.168.56.1 d000.0378.0000,
dst 192.168.56.51 0800.2700.c046 FastEthernet0

-------------------------------------------------------------------------------------
Ping from guest at 192.168.56.53 to router at 192.168.56.1 (only 3rd ping went trough
-------------------------------------------------------------------------------------
Router#
*Mar 1 00:16:04.259: IP ARP: rcvd req src 192.168.56.53 0800.27b1.f537, dst 192.168.56.1 FastEthernet0
*Mar 1 00:16:04.267: IP ARP: creating entry for IP address: 192.168.56.53, hw: 0800.27b1.f537
*Mar 1 00:16:04.267: IP ARP: sent rep src 192.168.56.1 d000.0378.0000,
dst 192.168.56.53 0800.27b1.f537 FastEthernet0
*Mar 1 00:16:04.355: IP ARP: rcvd req src 192.168.56.51 0800.2700.c046, dst 192.168.56.53 FastEthernet0
*Mar 1 00:16:14.475: IP ARP: rcvd req src 192.168.56.51 0800.2700.c046, dst 192.168.56.1 FastEthernet0
*Mar 1 00:16:14.475: IP ARP: creating entry for IP address: 192.168.56.51, hw: 0800.2700.c046
*Mar 1 00:16:14.475: IP ARP: sent rep src 192.168.56.1 d000.0378.0000,
dst 192.168.56.51 0800.2700.c046 FastEthernet0

Would this be caused by bad QEMU settings, wrong NIC adapter type, etc?
I am going crazy with this, any help is greatly appreciated.




Attachments:
ASA_Lab.jpg
ASA_Lab.jpg [ 14.74 KiB | Viewed 5712 times ]
Top
 Profile  
 
 Post subject: Re: VirtualBox host-only adapter can't ping interface of ASA
PostPosted: Sat Feb 16, 2013 3:00 am 
Offline

Joined: Wed Feb 13, 2013 3:02 am
Posts: 2
I think I scared you off with my last chapter. :)
I've made some progress on this.

I've replaced the ASA with a 1720 router, configured its unique interface and I was able to ping the VM and vice versa.
Problem seems to lie in the ASA image or GNS 3 settings.

Could someone simply please post GNS3 settings of a working ASA 8.4.2 image please or any other ASA image?

Thank you very much


Top
 Profile  
 
 Post subject: Re: VirtualBox host-only adapter can't ping interface of ASA
PostPosted: Fri Jul 19, 2013 11:16 pm 
Offline

Joined: Fri Jul 19, 2013 11:12 pm
Posts: 1
I have same problem. Did you solve it now?
Please let me know how you do it.

Thanks so much.




Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO