Gns3 Ping

I setup a a router in GNS3 with the loopback adapter and cloud connected to it. Now i setup everything up from the guides I have followed and from my physical PC i can ping the loopback interface and the router i have setup in GNS3. However, i cannot ping my physical PC or tftp to it from my GNS3 router. I turned off the firewall and it still does not work.
here is the problem:
Physical host can ping the GNS3 network/router
GNS3 router cannot ping or tftp to the physical host
firewall is off
GNS3 router can ping the loopback interface
route to the GNS3 network is shown in the ROUTE PRINT output on the physical machine
its like i can only initiate communication from the PC and not from within the GNS3 network.

Make sure your GNS3 VM has internet access. I'm a little lost. Are you saying that while the router can reach the Internet through the NAT cloud, as demonstrated in my initial post, but the GNS3 VM that the NAT cloud is running on might not be able to reach the Internet? And that is why ping works but traceroute wouldn't? I can’t ping my loopback adapter Tap0 from my router inside gns3. I opened Gns3 with the sudo command, I check fw and it’s totally turned off. Kind of newbi to linux so i don’t know where else to check. R1 f0/0 (10.1.1.1/24)—— cloud tap0 (10.1.1.2/24) gns3 linux mint (ubuntu) would appreciate any hint.

Cisco ASA (Adaptive Security Appliance) is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. An ASA can be used as a security solution for both small and large networks.

By default,ASA doesn’t allow ICMP from inside to outside interface.

Gns3 ping pong

VPCS (Virtual PC Simulator) is a light-load PC simulator that allows you to use VPCS on your GNS3 project’s network diagram to verify network connectivity such as pings and traceroute. Using VPCS will reduce the load on your PC. This section explains how to configure VPCS and the operations such as Ping and Traceroute. Table of Contents LAB OVERVIEW:PREREQUISITE:STEP-BY-STEP PROCESS:I assume by now Configure the “management” interfaces of Cisco ASA:How to configure ASA loopback Adapter in Windows 10:I assume you should be able to ping to your newly created ASA Loopback Adapter from your Cisco ASA firewall Setup TFTP client for pushing the Cisco ASDM.bin into Cisco ASA’s.

Inside interface is connected to internal network,and outside interface to public network.

Interfaces have associated security levels It’s numeric value, ranging from 0 to 100, used by the ASA to control traffic flow. Traffic is permitted from interfaces with higher security levels to interfaces with lower security levels, but not the opposite. We use Access-lists to permit traffic from lower security levels to higher security levels. The default security level for an outside interface is 0. For an inside interface, the default security level is 100.If we need to publish services to the internet the we would use another interface named DMZ (demilitarized zone) with default security level of 50

In this example inside interface has IP address of 192.168.2.2 and outside 209.165.200.226.We’ll configure ASA to alow ping from client1 to the internet,we’ll also configure NAT on ASA,so when client access to the internet,from the outside perspective it would appear as if traffic comes from ASA’s outside interface.

R1 configuration

See https://zarzyc.wordpress.com/2014/09/04/connecting-the-gns3-to-real-network-device/ for connecting GNS3 router to the internet

R2 config

ASA config

IN and OUT directions can be confusing :),for better understanding go to http://www.virtxpert.com/ins-outs-of-cisco-asa-acls/

Alternativelly,we can use Modular Policy Framework (MPF) to enable ICMP traffic

A class map identifies traffic to which we want to apply actions (we created class map named icm-traffic-we can set any name we want):

ciscoasa(config)# class-map icmp-traffic

Gns3 Ping Command

Default class map is called default-inspection-traffic.The “default_inspection_traffic” is all traffic that is predefined for various protocols,among them ICMP.

ciscoasa(config-cmap)# match default-inspection-traffic
ciscoasa(config-cmap)# exit

Associate actions with prevoiusly created class maps by creating a policy map named my-policy and inspect icmp traffic

Finally,assign policy map to outside interface

To summarize:

class-map:identifies the traffic (icmp in our case,defined in default-inspection-traffic)

policy-map:action to take on traffic specified in class map (inspect icmp)

service-policy:where to apply actions specified in policy map (outside interface)

Enable icmp debugging on ASA:

Ping 8.8.8.8 from the client and observer debugging output:

On R1,see NAT table:

R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.137.63:1202 192.168.3.10:1202 2.22.213.235:80 2.22.213.235:80

From the inside perspective,trafic is originated from the client
Configuring NAT in ASA firewall

Ping gns3 router from host

Create object network for internal network (192.168.3.0) named mynetwork:

ciscoasa(config)# object network mynetwork
ciscoasa(config-network-object)# subnet 192.168.3.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic interface

Creates a NAT rule for traffic sourced from devices
from the inside (192.168.3.0) to the outside,translate the source address of the inside networ and substitute the source address of the outside interface of the ASA (209.165.200.226).Ping again internet from client1 and observe nat translation table

Pro Inside global Inside local Outside local Outside global

icmp 192.168.137.63:10785 209.165.200.226:10785 8.8.8.8:10785 8.8.8.8:10785

Gns3 Ping Pong

Can

Ping Gns3 Router From Pc

Traffic from client1 (192.168.3.10) appears as if it’s from ASA server’s outside interface