In this article, I will show you how to emulate Cisco ASA using Qemu. Once again, please note that ASA is not provided and will not be. So please don’t ask. Also be aware that ASA does not 100% work in Qemu but that’s enough to play with it.
This Howto is still a draft and has been tested only on Linux.
Installation
First compile and patch Qemu as you would do for running JunOS. This will give us pcap, lcap and UDP tunnels (i.e. GNS3/Dynamips connections) capabilities.
Then obtain ASA itself. If you are smart and patient you will find it. I used asa802-k8.bin for my installations. As far as I know, nobody has been able to run ASA > version 8.2 (ASA keeps rebooting).
The next step is to get an initrd and a Linux kernel (inside the initrd) from your ASA image to use them with Qemu and also fix the initrd for our needs. The initrd is zipped and archived in the ASA image, we have to extract it.
There are 2 ways, manually or using a tool I created.
Manual method
Create an hexadecimal dump of your image:
hexdump -C asa802-k8.bin > asa802-k8.hex |
Search for the ZIP header:
grep “1f 8b 08 00 1d” asa802-k8.hex 001228b0 1f 8b 08 00 1d 3d 73 46 00 03 ec 3a 6d 54 14 57 |…..=sF…:mT.W| |
We can see that the ZIP file starts at offset 1228b0.
Let’s find the image size:
ls -la asa802-k8.bin -rwxr-xr-x 1 root staff 14524416 26 Nov 20:14 asa802-k8.bin 14524416 bytes. |
Now we need to find out where in the file we can start extracting the ZIP part.
echo "14524416 ; ibase=16 ; last - 1228B0" | bc | tail -n 1 13334352 |
Extract the zipped part of the ASA image:
tail -c 13334352 asa802-k8.bin > asa802-k8.gz |
Decompress it with gzip:
gzip -d asa802-k8 gzip: asa802-k8.gz: decompression OK, trailing garbage ignored |
Make a temp directory and go into it so we can extract the files contained in the uncompressed archive file (the initrd):
mkdir tmp ; cd tmp |
Now extract the archive with cpio (you must have the administrator rights to successfully extract device files).
cpio -i --no-absolute-filenames --make-directories < ../asa802-k8 |
Copy the Linux kernel to your previous directory:
cp vmlinuz ../asa802-k8.kernel |
Before compressing back the initrd, create the following script in asa/scripts/first_start.sh
This script formats the 256 MB flash on first start to be used by ASA. Loads the network drivers modules for Intel e100 (i82559er in Qemu) and Intel e1000 cards and activates the network interfaces to be used in ASA. I noticed that if we immediately start ASA after this first boot, it freezes (don’t really know why but it seems the system do something and slow down during the first minute …). The next time you start the system, the script will still load the activate the network interfaces and automatically start ASA.
#!/bin/sh ## ## Author: Jeremy Grossmann (2009) ## Contributor: J. Pedro Flor (28 january 2010) ## FIRST_START=no if test ! -e /mnt/disk0/lina_monitor then cd /asa/scripts/ echo "d" > /asa/scripts/fdisk.pf.in echo "o" >> /asa/scripts/fdisk.pf.in echo "n" >> /asa/scripts/fdisk.pf.in echo "p" >> /asa/scripts/fdisk.pf.in echo "1" >> /asa/scripts/fdisk.pf.in echo "1" >> /asa/scripts/fdisk.pf.in echo "" >> /asa/scripts/fdisk.pf.in echo "t" >> /asa/scripts/fdisk.pf.in echo "4" >> /asa/scripts/fdisk.pf.in echo "w" >>/asa/scripts/fdisk.pf.in echo "" echo -n "Initializing partition..." /sbin/fdisk /dev/hda < /asa/scripts/fdisk.pf.in > /dev/null 2> /dev/null echo "done" echo "" echo -n "Formating and mounting partition..." mkdosfs -F 16 /dev/hda1 > /dev/null 2> /dev/null mount -t vfat -o umask=0000,noatime,check=s,shortname=mixed /dev/hda1 /mnt/disk0 > /dev/null 2> /dev/null echo "done" echo "" cp /asa/bin/lina /mnt/disk0/lina cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor FIRST_START=yes fi # load drivers modprobe e100 modprobe e1000 ifconfig eth0 up ifconfig eth1 up ifconfig eth2 up ifconfig eth3 up ifconfig eth4 up ifconfig eth5 up if test $FIRST_START = yes then echo "" echo " Cisco ASA with <NO> Multiple Security Contexts" echo " ==============================================" echo "" echo "This is your first boot, please wait about 2 minutes for 'disk0' creation" echo "and then execute the following commands inside the Linux prompt:" echo "" echo " # cd /mnt/disk0" echo " # /mnt/disk0/lina_monitor" echo "" echo "" echo "" echo "Please note to use the following command under ASA to save your configs:" echo "" echo " ciscoasa(config)# boot config disk0:/.private/startup-config" echo " ciscoasa(config)# copy running-config disk0:/.private/startup-config" echo "" echo "" echo "" echo "To get webvpn working, execute the following commands:" echo "" echo " ciscoasa# mkdir disk0:/var" echo " ciscoasa# mkdir disk0:/var/log" echo " ciscoasa# mkdir disk0:/csco_config" echo " ciscoasa# mkdir disk0:/csco_config/97" echo " ciscoasa# mkdir disk0:/csco_config/97/webcontent" echo "" echo " ( Powered by Pedro Flor )" echo " ( pedro.flor@gmail.com )" echo "" exit fi echo "" echo "" echo "Starting Cisco ASA with <NO> Multiple Security Contexts..." echo "" cd /mnt/disk0 /mnt/disk0/lina_monitor |
In order for the script to be loaded at startup, edit etc/init.d/rcS and change /asa/bin/lina_monitor by /asa/scripts/first_start.sh
Change first_start.sh permissions:
chmod 755 first_start.sh |
Now you can compress all the file and have the initrd ready to use in Qemu:
find . | cpio -o -H newc | gzip -9 > ../asa802-k8.initrd.gz |
Automated extraction method
TODO
Using ASA with Qemu
Create a FLASH (this is a virtual hard disk).
qemu-img create FLASH 256M |
Then you can start Qemu.
qemu -hda FLASH -kernel asa802-k8.kernel -hdachs 980,16,32 \ -initrd asa802-k8.initrd.gz -m 512 -no-kqemu -nographic -append \ "console=ttyS0,9600n8 hda=980,16,32 bigphysarea=16384 auto nousb ide1=noprobe" |
TODO: networking of ASA. Very similar with JunOS emulation.
Using ASA with GNS3
To be completed:
In Preferences -> Qemu -> Qemuwrapper section:
Set the path to Qemuwrapper (can be found in the GNS3 package)
Set the working directory (e.g. /tmp).
Set the path to your patched Qemu in “Path to Qemu”
In ASA section:
Set the paths to your initrd and kernel.
Drag and Drop an ASA symbol on the scene, start the firewall and telnet to it.
Hi frndz,
please help me….. for this installation…
I followed the blog and installed GNS3 on my windows xp machine.
Following is the configuration on GNS3.
http://img651.imageshack.us/f/qemu.jpg/
http://uploadpic.org/showpic-79426/qemuhost.html
http://www.imagehousing.com/imageupload.php?id=507223
———
Qemu started successfully:
got the final message as: ok, booting the kernel
——
Prob: @asa console
i copied:
modprobe e1000
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth3 up
ifconfig eth4 up
ifconfig eth5 up
cp /asa/bin/lina /mnt/disk0/lina
cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor
cd /mnt/disk0/mnt/disk0/lina_monitor
========
still no use:
geting the following:
#
only hash promt:so please help me
# ls ——–showing the following….
asa dev init linuxrc proc sbin usr
bin etc lib mnt root sys
###################################
stopped at # propmt
Thanks in Advance
hi
I have the same problem as fernando has.
I’m working on Ubuntu 10.04 and my GNS3 version is 0.7.2
I have installed qemu step by step , my problem is , when my ASA has no link with any other equipments, it can start and I also telnet it successful,however,when I have linked the ASA interfaces to a router or a switch, it can’t start.
I try to start the ASA first and then link to routers , but I can’t ping from the asa to the router.
tobie,
your custom kernel and initrd’s are great, but here is a problem I am facing while running it in multiple security context mode using “lina -m”, i.e I can see only limited commands in interface config mode, like I can’t even assign ip add to interfaces
Regards/Zali