Solved: Is ASA in packet tracer restricted?

SayoFrenchFries · ‎04-07-2022

Hello, I am a learner who just started to study ASA(5506-X) with packet tracer 8.0.1.

I tried some commands with my book but I have faced troubles because some commands are not supported like "show conn", and "logging enable". So I found all available commands but I couldn't find such commands even though my book showed so and the Cisco document says that it's available too.

FW1(config)#?
  aaa             Enable, disable, or view user authentication, authorization
                  and accounting
  access-group    Bind an access-list to an interface to filter traffic
  access-list     Configure an access control element
  boot            Set system boot parameters
  class-map       Configure MPF Class Map
  clock           Configure time-of-day clock
  configure       Configure using various methods
  crypto          Configure IPSec, ISAKMP, Certification, authority, key
  dhcpd           Configure DHCP Server
  domain-name     Change domain name
  enable          Configure password for the enable command
  end             Exit from configure mode
  exit            Exit from configure mode
  group-policy    Configure or remove a group policy
  hostname        Change host name of the system
  http            Configure http server and https related commands
  interface       Select an interface to configure
  ipv6            Global IPv6 configuration commands
  name            Associate a name with an IP address
  names           Enable/Disable IP address to name mapping
  no              Negate a command or set its defaults
  ntp             Configure NTP
  object          Configure an object
  object-group    Create an object group for use in 'access-list', etc
  passwd          Change Telnet console access password
  policy-map      Configure MPF Parameter Map
  route           Configure a static route for an interface
  router          Enable a routing process
  service-policy  Configure MPF service policy
  setup           Pre-configure the system
  ssh             Configure SSH options
  telnet          Add telnet access to system console or set idle timeout
  tunnel-group    Create and manage the database of connection specific records
                  for IPSec connections
  username        Configure user authentication local database
  webvpn          Configure the WebVPN service

So, is ASA in packet tracer quite different from real ASA? or... How can I study ASA with packet tracer? I might be totally wrong, so please share your knowledge if you know about this.

(Well...Honestly, I'm not sure how I ask a question clearly.)

Thank you.

* It's the first time to ask on a Cisco community. Please understand if I was immature.

@SayoFrenchFries

Georg Pauwen · ‎04-08-2022

Hello,

the ASA in Packet Tracer is VERY limited when it comes to commands, compared to a 'real' ASA. It has just a small subset of the commands that are usually available.

View solution in original post

balaji.bandi · ‎04-08-2022

Unfortunaly as i mentioned i am not a PT user, but i am able to use in CML and other emulator/simulator full features.

if you keen to learn get GNS3 / PNET/EVE or paid CML 200$ version

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

johnlloyd_13 · ‎04-09-2022

hi,

the old first gen ASA FW should be cheap in ebay or online marketplace.

go for a 5505 or 5510. maybe you could ask the seller to load the latest OS if he's technical enough.

ASA version 9.1 above should be good for your studies.

View solution in original post

balaji.bandi · ‎04-07-2022

Can you post-show version from #

Most of them should work as expected, except for some limitations hardware vs virtual

.

on my Lab (not PT) but different emulator :

ciscoasa# show conn 
0 in use, 8 most used




ciscoasa(config)# logging enable 
ciscoasa(config)# end




ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 9.1(5)16 
Device Manager Version 7.3(3)




ciscoasa# show firewall 
Firewall mode: Router

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SayoFrenchFries · ‎04-07-2022

Here is the result of the command "show version" in ASA(Packet Tracer).

ciscoasa#show version

Cisco Adaptive Security Appliance Software Version 9.6(1)
Device Manager Version 7.6(1)

Compiled on Fri 18-Mar-16 14:04 PDT by builders
System image file is "disk0:/asa961-lfbff-k8.SPA"
Config file at boot was "startup-config"

ciscoasa up 25 minutes 34 seconds

Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 7168MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
                             Number of accelerators: 1

 1: Ext: GigabitEthernet1/1  : address is 0090.2B54.ED01, irq 255
 2: Ext: GigabitEthernet1/2  : address is 0090.2B54.ED02, irq 255
 3: Ext: GigabitEthernet1/3  : address is 0090.2B54.ED03, irq 255
 4: Ext: GigabitEthernet1/4  : address is 0090.2B54.ED04, irq 255
 5: Ext: GigabitEthernet1/5  : address is 0090.2B54.ED05, irq 255
 6: Ext: GigabitEthernet1/6  : address is 0090.2B54.ED06, irq 255
 7: Ext: GigabitEthernet1/7  : address is 0090.2B54.ED07, irq 255
 8: Ext: GigabitEthernet1/8  : address is 0090.2B54.ED08, irq 255
 9: Int: Internal-Data1/1    : address is 0090.2B54.ED09, irq 0
10: Int: Internal-Data1/2    : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3    : address is 0000.0001.0003, irq 0
13: Int: Management1/1       : address is 0090.2B54.ED09, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 30             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 4              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 50             perpetual
Total VPN Peers                   : 50             perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total UC Proxy Sessions           : 160            perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA 5506 Security Plus license.

Serial Number: JMX1536DL8X-
Running Permanent Activation Key: 0x667D913D 0x55068191 0x085889BB 0x9946108D 0x2851A88D
Configuration register is 0x1
Image type                : Release
Key Version               : A
Configuration has not been modified since last system restart.

and, thank you for your response!

@SayoFrenchFries

balaji.bandi · ‎04-07-2022

what command does not work, that should be good as per output.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SayoFrenchFries · ‎04-08-2022

Here is the command that doesn't work(actually I wrote the commands which I can't use on the question),

The ASA in packet tracer considers my commands as invalid inputs.

ciscoasa(config)#show conn
                  ^
% Invalid input detected at '^' marker.

ciscoasa(config)#logging enable
                 ^
% Invalid input detected at '^' marker.

@SayoFrenchFries

Georg Pauwen · ‎04-08-2022

Hello,

the ASA in Packet Tracer is VERY limited when it comes to commands, compared to a 'real' ASA. It has just a small subset of the commands that are usually available.

SayoFrenchFries · ‎04-08-2022

Thank you for your simple and intuitive answers!

If so, what should I study ASA without purchasing real ASA appliances? I've studied networking with only Cisco Packet Tracer, so I think it's time to use other software(platform) to continue my study.

Can you give me some advice about my further learning? It would be very helpful to me.

Thank you.

@SayoFrenchFries

johnlloyd_13 · ‎04-09-2022

hi,

the old first gen ASA FW should be cheap in ebay or online marketplace.

go for a 5505 or 5510. maybe you could ask the seller to load the latest OS if he's technical enough.

ASA version 9.1 above should be good for your studies.

balaji.bandi · ‎04-08-2022

Unfortunaly as i mentioned i am not a PT user, but i am able to use in CML and other emulator/simulator full features.

if you keen to learn get GNS3 / PNET/EVE or paid CML 200$ version

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SayoFrenchFries · ‎08-28-2022

Now I'm studying ASA with GNS3.

Thank you.

@SayoFrenchFries