Hi guys,

For the last 2 days I have struggling to upload asdm image via tftp, after finaly getting both the ASA and the Virtual windows xp machine to ping each other I got stuck

I followed the tutorial mentioned in the original post:

http://www.youtube.com/watch?v=-vSIM7JWKvA

but keep getting an error. The error on the asa is not helpfull as it just says "undefined error code"

the error on the tftpd32 says:
------------------------------------------------------------------------------------------------------------------

Connection received from 192.168.10.1 on port 1034 [23/05 19:55:53.093]
Read request for file <asdm-602.bin>. Mode octet [23/05 19:55:53.093]
File <asdm-602.bin> : error 2 in system call CreateFile The system cannot find the file specified. [23/05 19:55:53.093]
Connection received from 192.168.10.1 on port 1034 [23/05 19:56:08.109]
Connection received from 192.168.10.1 on port 1034 [23/05 19:56:08.109]
Warning : received duplicated request from : [23/05 19:56:08.109]
Read request for file <asdm-602.bin>. Mode octet [23/05 19:56:08.109]
File <asdm-602.bin> : error 2 in system call CreateFile The system cannot find the file specified. [23/05 19:56:08.109]
Unexpected request 5 from peer [23/05 19:56:08.125]
Returning EBADOP to Peer [23/05 19:56:08.125]
Connection received from 192.168.10.1 on port 1034 [23/05 19:56:08.359]
Warning : received duplicated request from : [23/05 19:56:08.359]
Read request for file <asdm-602.bin>. Mode octet [23/05 19:56:08.359]
File <asdm-602.bin> : error 2 in system call CreateFile The system cannot find the file specified. [23/05 19:56:08.359]
Connection received from 192.168.10.1 on port 1034 [23/05 19:56:08.609]
Read request for file <asdm-602.bin>. Mode octet [23/05 19:56:08.609]
File <asdm-602.bin> : error 2 in system call CreateFile The system cannot find the file specified. [23/05 19:56:08.609]
Warning : received duplicated request from : [23/05 19:56:08.609]
Connection received from 192.168.10.1 on port 1034 [23/05 19:56:08.859]
Warning : received duplicated request from : [23/05 19:56:08.859]
Read request for file <asdm-602.bin>. Mode octet [23/05 19:56:08.859]
File <asdm-602.bin> : error 2 in system call CreateFile The system cannot find the file specified. [23/05 19:56:08.859]
Connection received from 192.168.10.1 on port 1034 [23/05 19:56:09.109]
Read request for file <asdm-602.bin>. Mode octet [23/05 19:56:09.109]
File <asdm-602.bin> : error 2 in system call CreateFile The system cannot find the file specified. [23/05 19:56:09.109]
Connection received from 192.168.10.1 on port 1035 [23/05 19:57:57.312]
Read request for file <asdm-602.bin>. Mode octet [23/05 19:57:57.328]
Using local port 1147 [23/05 19:57:57.328]
File <asdm-602.bin> : error 10054 in system call recv An existing connection was forcibly closed by the remote host. [23/05 19:57:57.343]
----------------------------------------------------------------------------------------------------------------------

Im using Windows 7
VMware workstation in host only network mode

Im wondering if my file system is slightly different to the tutorial (maybe I have a different image)

here is the output of my file system on the ASA:

File Systems:

Size(b) Free(b) Type Flags Prefixes
* 255320064 229826560 disk rw disk0: flash:
- - disk rw disk1:
- - network rw tftp:
- - opaque rw system:
- - network ro http:
- - network ro https:
- - network rw ftp:
- - network rw smb:

Directory of disk0:/

6 drwx 4096 18:21:54 May 23 2011 .private

255320064 bytes total (229826560 bytes free)

so maybe my "copy tftp://X.X.X.X/asdm-602.bin disk0://soft/asdm-602.bin" needs to be different

I tried amending it so it would fit my file system but it still would not work

I think this may be the likley cause of the problem so I will need the correct image

Thanks for help in advance

great now im trying to get the image from:


http://www.mediafire.com/?p1izkcij9rkbp87#2

and its giving me an error

arghhgghghgh its always something

FINALY !!

got it working !!


ciscoasa# copy tftp://192.168.10.2/ disk0:

Address or name of remote host [192.168.10.2]?

Source filename []? asdm-602.bin

Destination filename [asdm-602.bin]?

Accessing tftp://192.168.10.2/asdm-602.bin;int=in ... !!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


I tried a couple of things, anoiningly I was not sure which one did the trick as I didn't do it one by one

I used another virtual machine which was windows server 2008 and installed tftpd32 and it worked

I also gave the asa another IP address as I noticed that there was the same address being used by the VMNET adapter on the actual physical machine
now I hope to be able to use the ASDN gui I will report back !!

Wooot !!

Im on the Gui baby !!

I had to use the xp vm this time as it had an older version of IE so that I could download the asdm msi

the one on the serer 2008 machine would not work as it was a newer version and the java was different

Hi guys,

Am having some issues with ASA GNS3 setup on Win 7. Am running GNS3 0.7.3, have followed the setup guide and all seems to be working well but ASA does not recognize most of the config commands. Looks like am missing something as I have not seen anyone with same issue, Can someone pls help?

for example:

ciscoasa(config)# access-list ?
ERROR: % Unrecognized command

ciscoasa(config)# vlan ?
ERROR: % Unrecognized command

ciscoasa(config)# access-group ?
ERROR: % Unrecognized command

Tks in advance.

DD

Hi Digitaldot,

For sure you boot ASA in "multiple mode" and enter all the commands in "system context" !
To fix it boot in single mode or create the "admin context" and any other contexts...

To check that do a:

Tks tranzitwww for saving the day.

Booting in single mode I was able to run the commands with no problems.

Tks

DD

Ping problem solved.
It wasn't GNS fault.....

Same issue had sunil84
traffic do not pass asa
:(

here is solutions:
I prefered 3rd.
Everything works fiiiineee.


Solution 1: Use access-lists to allow pings from inside/DMZ to the outside.
To allow pinging from the inside to the outside interfaces, you will need to configure an access-list for the outside interface.

access-list OUTSIDE_IN_ACL permit icmp any any echo-reply
Then apply the access-list to the outside interface.

access-group OUTSIDE_IN_ACL in interface outside
This will allow only ping. If you would like to allow trace route, you will also need to allow time-exceeded.

access-list OUTSIDE_IN_ACL permit icmp any any time-exceeded
Solution 2: Use access-list to allow ping and trace route from the internet to your dmz/inside servers.
To do this, we are going to build off of what we did above, so you should already have this in the config.


access-list OUTSIDE_IN_ACL permit icmp any any echo-reply
access-list OUTSIDE_IN_ACL permit icmp any any time-exceeded
access-group OUTSIDE_IN_ACL in interface outside
Now all we need to do is allow echo into the network.

access-list OUTSIDE_IN_ACL permit icmp any any echo
Even though we are allowing icmp, we still need to have a static mapping to allow the packets to reach the DMZ.

static (dmz,outside) PUBLIC_IP DMZ_IP netmask 255.255.255.255
Of course, you will need to have a static mapping for every server you want to have reachable from the internet.

Solution 3: This is a bit more complex, but will allow higher security level interfaces to ping/trace route lower security level interfaces without the use of access-lists. To do this, we will tell the ASA to inspect icmp in a service policy. If you are using a ASA, you should have a default policy in the base config called global_policy.

global_policy:

class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
To add icmp inspection.

FW-ASA(config)# policy-map global_policy
FW-ASA(config-pmap)# class inspection_default
FW-ASA(config-pmap-c)# inspect icmp

I'm able to run the ASA 8.0.2 and ASDM 6.4.5 using GNS 0.73. But I do have two questions

1. Why it is identified as FWSM in the ASDM
2. The ASDM is showing some basic features. VPN section is not available. I think license is the reason. Is there any workaround or demo license available?

Thanks in advance.

Elac

Hello folks...I am trying to get the ASA working in GNS3...but in spite me following the Exact steps outlined in the forum its still not working....I am able to see "uncompressing Linux .....Ok, booting the kernel" but when I minimize this window and open start the console, all I see is a blank cursor....Again I watched the video provided by this forum...and followed the exact steps....Plzz help!!!!

Thanks & regards....