GNS3 ASA Transparent Mode

Has anyone been able to run cisco ASA in transparent mode using GNS3 (I'm on Windows 7)? I can run routed single mode and multiple context fine. When I try transparent mode I'm getting a weird error when I enter:

ciscoasa(config)# firewall transparent    

WARNING: Config register and NV boot data structure damaged, it has been recreated.

Failed to write offset 218 to IDPROM ARRAY slot 0,I2C addr 0x4, dev 0xb0, error 7ERROR: Password recovery was not changed, unable to access the configuration register.

 

If I enter the command again. It takes without error. I can save the config "copy run disk0:/.private/startup-config" just fine. Upon reboot a show firewall is correct. It just won't pass traffic.

 

ciscoasa(config)# sh firewall

Firewall mode: Transparent

 


interface Ethernet0/0
nameif inside
security-level 100
!

interface Ethernet0/1
nameif outside
security-level 0

 

I have router 1 on the inside vlan with eth0/0 and router 2 on the outside on a differnt vlan with eth0/1. I have TCP and ICMP inspection added to the default MPF. The traffic just will not pass across.

Anyone run into this issue?

 

Comments

  • I get the same error message here when using GNS3/dynamips, but even though I get the error, it works for me.

    Are you setting up a global IP Address to your ASA device on the same network as R1 and R2? If you don't have an IP address set, your ASA will not pass traffic

    HTH

    Good luck!

  • Hello

    Transparent FW runs fine with PIX images. I have used it in great extend without any problems in both WinXP and Win7.  With ASA there is a GNS3 bug and cannot pass any traffic.

    Regards

  • Hello

    Transparent FW runs fine with PIX images. I have used it in great extend without any problems in both WinXP and Win7.  With ASA there is a GNS3 bug and cannot pass any traffic.

    Regards

    PIX is definitely more stable on GNS3/dynamips; I have seen people having problems with the ASA as well. However, I managed to get my ASA working, there are a lot of people who did it as well, it does require a little bit of work, though.

    Just my 2 cents

  • I do have the ASA set on the same network. I can ping from ASA to RTR1 (which is on the inside interface). I can also ping from RTR1 to the ASA.

  • qqabdal, I think you are right. If I ping from my router on the inside to the global IP address of the ASA when I have:

    logging on
    logging console 7 

    I see the packets. When I try pinging accross the asa to RTR2 I don't even see the packets hit the ASA at all.

    Thanks 

  • Yes, I bet if you ping from ASA to RTR2 you will see timeouts as well. Are you facing the same issues when running on Router mode?

    It could be that your ASA image is not fine, have you tried some other image? You will really have to try things out here as it is very finicky, sometimes it works, sometimes it not. Once you get it to work, I am sure it will work forever, but it does take some time to get to that point, you will have to try a lot of different things, images, etc.

    HTH

    Good luck!

  • I'm using asa802-k8.initrd.gz.

    Everything works fine in routed mode.

    I will serach for some new images.

    Thanks

  • I followed this link

    http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/

    and used the image on the page and was able to get transparent mode working. The version is 8.4 so the initial configuration to get the transparent mode configured was different then version 8.0.2. But at least I will get to mess with the ARP inspection as the commands seem to be the same. I had to use this configuration to get the following working.

    R1-->inside-->Gi0 ASA GI1 --> outside --> R2


    interface GigabitEthernet0
     nameif inside
     bridge-group 1
     security-level 100
    !
    interface GigabitEthernet1
     nameif outside
     bridge-group 1
     security-level 0
    !
    interface BVI1
     ip address 172.16.34.50 255.255.255.0 


  • Awesome!! Great news! Glad you got it working!

    Good studies!

Sign In or Register to comment.