Tag Archives: Cisco ISE LAB

ISE + ASA Home Lab Part 1

Yesterday I have written my plan of setting up a Lab at home to get familiar with the Cisco ISE and ASA (I heard that is going to be in CCIE security test…). Today I have some screen shot and have proved that the basic stuff works.

First of all, follow the links I posted yesterday for the ASA 8.4(2) run on GNS3 first. The next step is to setup a topology in GNS3. I haven’t completed the full lab, but this is what I have done today.

GNS Setup

C1 is the host computer running ADSM GUI to configure the ASA.

C2 is the Virtual Machine running Cisco ISE NFR 1.1.1.

C2 setting map to VMnet1

I setup an Inside interface with ip address in the same subnet as the ISE.

ASA Inside : 10.100.64.100
ISE : 10.100.64.70

I have done some ping test to make sure the connectivity are good. Then I add the ASA in the network device list on the ISE.

adding GNS3-ASA to ISE

The next step is add the AAA server in the ASA. Once this step is completed, I used a “test” username and password to test the radius authentication with ISE from the ASA.

test radius connection with ISE

As I haven’t setup anything on the ISE, I have expected the authentication will be failed. Now we can check the log on the ISE to see if it has captured the fail login.

The fail login was logged

I am happy to the result today. I am going to build a remote VPN lab by using ISE when I have time again. Enjoy!

7b7ee8b16c7921bd6c5b5a19f4639c6a
Share

Creating an ISE, ASA Lab at home without buying any hardware

I created a Lab to simulate a client’s situation yesterday on a ASA using GNS3 simulator. Suddenly, I want to create a Lab using the ability to connect GNS3 to a virtual machine. I am not sure if this will work, but I would like to write down the step here and share to everyone who have time to experiment this..

What you need (at least I believe what you need to have….)
– A powerful PC which you can run a few VMs
– A ISE VM
– A GNS3 installed on the host PC (prefer Windows OS, as all the guides are based on windows 7)

Using the ability to connects real device from GNS3, (in this case will be GNS3 connecting VM machines and host machines), enabling ip routing on the windows and allowing multiple VM networks to communicates…. I am hoping to do the following……

I have the Cisco ISE 1.0 NFR (Which I have upgraded to 1.1.2 by following the steps from Cisco Web Site). You can find my previous post about the Cisco ISE and the upgrade. The Cisco ISE is running in a VM. Now, what I need is the GNS3 and ASA. You can follow the steps from this link to setup an ASA in GNS3.

http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/

Once you have done that, follow the link below to create connection between the ASA in the GNS3 and other real machines. You can get the idea from this link and have it connected to your VM machine interface.

http://www.xerunetworks.com/2012/03/connect-gns3-network-to-real-networks-other-gns3-network/

The next step, I will be following the cisco support forum able setting up the “VPN inline Posture using iPEP ISE and Cisco ASA”.

https://supportforums.cisco.com/docs/DOC-24412

239e3153b77508cfb0378c0eda826f66
Share