In this article, I will show you how to emulate Cisco ASA using Qemu. Once again, please note that ASA is not provided and will not be. So please don’t ask. Also be aware that ASA does not 100% work in Qemu but that’s enough to play with it.
This Howto is still a draft and has been tested only on Linux.
Installation
First compile and patch Qemu as you would do for running JunOS. This will give us pcap, lcap and UDP tunnels (i.e. GNS3/Dynamips connections) capabilities.
Then obtain ASA itself. If you are smart and patient you will find it. I used asa802-k8.bin for my installations. As far as I know, nobody has been able to run ASA > version 8.2 (ASA keeps rebooting).
The next step is to get an initrd and a Linux kernel (inside the initrd) from your ASA image to use them with Qemu and also fix the initrd for our needs. The initrd is zipped and archived in the ASA image, we have to extract it.
There are 2 ways, manually or using a tool I created.
Manual method
Create an hexadecimal dump of your image:
hexdump -C asa802-k8.bin > asa802-k8.hex |
Search for the ZIP header:
grep “1f 8b 08 00 1d” asa802-k8.hex 001228b0 1f 8b 08 00 1d 3d 73 46 00 03 ec 3a 6d 54 14 57 |…..=sF…:mT.W| |
We can see that the ZIP file starts at offset 1228b0.
Let’s find the image size:
ls -la asa802-k8.bin -rwxr-xr-x 1 root staff 14524416 26 Nov 20:14 asa802-k8.bin 14524416 bytes. |
Now we need to find out where in the file we can start extracting the ZIP part.
echo "14524416 ; ibase=16 ; last - 1228B0" | bc | tail -n 1 13334352 |
Extract the zipped part of the ASA image:
tail -c 13334352 asa802-k8.bin > asa802-k8.gz |
Decompress it with gzip:
gzip -d asa802-k8 gzip: asa802-k8.gz: decompression OK, trailing garbage ignored |
Make a temp directory and go into it so we can extract the files contained in the uncompressed archive file (the initrd):
mkdir tmp ; cd tmp |
Now extract the archive with cpio (you must have the administrator rights to successfully extract device files).
cpio -i --no-absolute-filenames --make-directories < ../asa802-k8 |
Copy the Linux kernel to your previous directory:
cp vmlinuz ../asa802-k8.kernel |
Before compressing back the initrd, create the following script in asa/scripts/first_start.sh
This script formats the 256 MB flash on first start to be used by ASA. Loads the network drivers modules for Intel e100 (i82559er in Qemu) and Intel e1000 cards and activates the network interfaces to be used in ASA. I noticed that if we immediately start ASA after this first boot, it freezes (don’t really know why but it seems the system do something and slow down during the first minute …). The next time you start the system, the script will still load the activate the network interfaces and automatically start ASA.
#!/bin/sh ## ## Author: Jeremy Grossmann (2009) ## Contributor: J. Pedro Flor (28 january 2010) ## FIRST_START=no if test ! -e /mnt/disk0/lina_monitor then cd /asa/scripts/ echo "d" > /asa/scripts/fdisk.pf.in echo "o" >> /asa/scripts/fdisk.pf.in echo "n" >> /asa/scripts/fdisk.pf.in echo "p" >> /asa/scripts/fdisk.pf.in echo "1" >> /asa/scripts/fdisk.pf.in echo "1" >> /asa/scripts/fdisk.pf.in echo "" >> /asa/scripts/fdisk.pf.in echo "t" >> /asa/scripts/fdisk.pf.in echo "4" >> /asa/scripts/fdisk.pf.in echo "w" >>/asa/scripts/fdisk.pf.in echo "" echo -n "Initializing partition..." /sbin/fdisk /dev/hda < /asa/scripts/fdisk.pf.in > /dev/null 2> /dev/null echo "done" echo "" echo -n "Formating and mounting partition..." mkdosfs -F 16 /dev/hda1 > /dev/null 2> /dev/null mount -t vfat -o umask=0000,noatime,check=s,shortname=mixed /dev/hda1 /mnt/disk0 > /dev/null 2> /dev/null echo "done" echo "" cp /asa/bin/lina /mnt/disk0/lina cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor FIRST_START=yes fi # load drivers modprobe e100 modprobe e1000 ifconfig eth0 up ifconfig eth1 up ifconfig eth2 up ifconfig eth3 up ifconfig eth4 up ifconfig eth5 up if test $FIRST_START = yes then echo "" echo " Cisco ASA with <NO> Multiple Security Contexts" echo " ==============================================" echo "" echo "This is your first boot, please wait about 2 minutes for 'disk0' creation" echo "and then execute the following commands inside the Linux prompt:" echo "" echo " # cd /mnt/disk0" echo " # /mnt/disk0/lina_monitor" echo "" echo "" echo "" echo "Please note to use the following command under ASA to save your configs:" echo "" echo " ciscoasa(config)# boot config disk0:/.private/startup-config" echo " ciscoasa(config)# copy running-config disk0:/.private/startup-config" echo "" echo "" echo "" echo "To get webvpn working, execute the following commands:" echo "" echo " ciscoasa# mkdir disk0:/var" echo " ciscoasa# mkdir disk0:/var/log" echo " ciscoasa# mkdir disk0:/csco_config" echo " ciscoasa# mkdir disk0:/csco_config/97" echo " ciscoasa# mkdir disk0:/csco_config/97/webcontent" echo "" echo " ( Powered by Pedro Flor )" echo " ( [email protected] )" echo "" exit fi echo "" echo "" echo "Starting Cisco ASA with <NO> Multiple Security Contexts..." echo "" cd /mnt/disk0 /mnt/disk0/lina_monitor |
In order for the script to be loaded at startup, edit etc/init.d/rcS and change /asa/bin/lina_monitor by /asa/scripts/first_start.sh
Change first_start.sh permissions:
chmod 755 first_start.sh |
Now you can compress all the file and have the initrd ready to use in Qemu:
find . | cpio -o -H newc | gzip -9 > ../asa802-k8.initrd.gz |
Automated extraction method
TODO
Using ASA with Qemu
Create a FLASH (this is a virtual hard disk).
qemu-img create FLASH 256M |
Then you can start Qemu.
qemu -hda FLASH -kernel asa802-k8.kernel -hdachs 980,16,32 \ -initrd asa802-k8.initrd.gz -m 512 -no-kqemu -nographic -append \ "console=ttyS0,9600n8 hda=980,16,32 bigphysarea=16384 auto nousb ide1=noprobe" |
TODO: networking of ASA. Very similar with JunOS emulation.
Using ASA with GNS3
To be completed:
In Preferences -> Qemu -> Qemuwrapper section:
Set the path to Qemuwrapper (can be found in the GNS3 package)
Set the working directory (e.g. /tmp).
Set the path to your patched Qemu in “Path to Qemu”
In ASA section:
Set the paths to your initrd and kernel.
Drag and Drop an ASA symbol on the scene, start the firewall and telnet to it.
Joni:
What’s the result of the “test button” in the qemu general settings tab?? Was it successfull?
Try to use the absolute path for both the qemu and qemu-img, i.e. C:\GNS3\qemu (set it similar to your qemuwrapper).
Ok, for your convenience i’ll let you use my custom made kernel and initrd file, it can launch asdm without any proxy settings, basically plug n play.
hxxp://www.2shared.com/file/12302403/b852d081/asa802-k8.html
hxxp://www.2shared.com/file/12302429/6ab15b1d/asa802-k8initrd.html
And another thing, if you have a wireless adapter, try to disable it first because before i run some issues both in xp and ubuntu where i can not console in asa when my wireless adapter is enabled.
gudluck mate!
Innoe:
Try to use my custom mode kernel and initrd file.
thanks
Tobie,
Your files are working great. I just got one question… Is it possible to change Serial Number of ASA device or make it fully licensed for 3DES, AnyConect etc? Without those futures ASA is not much better than unrestricted PIX.
Thanks
Tomasz:
nope, with or without valid license, you can have any encryption you want and you can also do ssl/clientless vpn. check the contents of my flash file here:
ciscoasa#
ciscoasa# sho flash:
–#– –length– —–date/time—— path
5 4096 Feb 14 2010 06:18:12 .private
6 0 Mar 27 2010 10:09:55 .private/mode.dat
7 0 Feb 16 2010 05:11:40 .private/DATAFILE
13 2132 Mar 24 2010 13:16:04 .private/startup-config
59 6889764 Feb 14 2010 06:18:14 .private/asdm-602.bin
11 4096 Feb 18 2008 21:22:38 boot
12 0 Feb 16 2010 05:11:40 boot/grub.conf
8 4096 Feb 18 2008 20:57:10 csco_config
14 4096 Feb 13 2010 17:43:48 csco_config/97
19 4096 Feb 18 2008 21:06:16 csco_config/97/customization
21 23666 Mar 27 2010 10:10:01 csco_config/97/customization/Template
22 4096 Feb 18 2008 21:18:24 csco_config/97/bookmarks
24 848 Mar 27 2010 10:10:01 csco_config/97/bookmarks/Template
25 4096 Feb 13 2010 17:43:48 csco_config/97/webcontent
26 4096 Feb 18 2008 21:40:04 csco_config/locale
31 5 Feb 18 2008 21:06:16 csco_config/locale/clean.8.0.done
32 4096 Feb 18 2008 21:18:24 csco_config/locale/ja
34 4096 Feb 18 2008 21:40:38 csco_config/locale/ja/LC_MESSAGES
38 3224 Feb 18 2008 21:31:04 csco_config/locale/ja/LC_MESSAGES/customization.po
39 4481 Feb 18 2008 21:40:38 csco_config/locale/ja/LC_MESSAGES/PortForwarder.po
40 31925 Feb 18 2008 21:40:38 csco_config/locale/ja/LC_MESSAGES/webvpn.po
41 4096 Feb 18 2008 21:35:24 csco_config/locale/fr
43 4096 Feb 18 2008 21:40:38 csco_config/locale/fr/LC_MESSAGES
47 2430 Feb 18 2008 21:40:04 csco_config/locale/fr/LC_MESSAGES/customization.po
48 4149 Feb 18 2008 21:40:38 csco_config/locale/fr/LC_MESSAGES/PortForwarder.po
49 29961 Feb 18 2008 21:40:38 csco_config/locale/fr/LC_MESSAGES/webvpn.po
50 4096 Feb 18 2008 21:40:38 csco_config/locale/LC_MESSAGES
54 2864 Mar 27 2010 10:09:57 csco_config/locale/LC_MESSAGES/PortForwarder.po
55 18061 Mar 27 2010 10:09:57 csco_config/locale/LC_MESSAGES/webvpn.po
56 896 Mar 27 2010 10:09:57 csco_config/locale/LC_MESSAGES/banners.po
64 4096 Feb 13 2010 17:43:32 var
66 4096 Feb 13 2010 17:43:32 var/log
255320064 bytes total (248152064 bytes free)
ciscoasa#
ciscoasa#
ciscoasa#
you should add first all the required directories in your flash before you can do webvpn i.e var, var/log, csco_config, csco_config/97
Tobie
Here is what I’ve got in flash:
ASA1# sh flash:
–#– –length– —–date/time—— path
5 4096 Mar 27 2010 02:26:28 .private
6 0 Mar 27 2010 13:04:46 .private/mode.dat
7 0 Mar 27 2010 02:55:40 .private/DATAFILE
13 1693 Mar 27 2010 02:55:40 .private/startup-config
11 4096 Mar 27 2010 02:30:20 boot
12 0 Mar 27 2010 02:55:40 boot/grub.conf
8 4096 Mar 27 2010 02:33:18 csco_config
14 4096 Mar 27 2010 02:49:26 csco_config/97
18 4096 Mar 27 2010 02:49:26 csco_config/97/customization
20 23666 Mar 27 2010 13:04:59 csco_config/97/customization/Template
21 4096 Mar 27 2010 03:03:42 csco_config/97/bookmarks
23 848 Mar 27 2010 13:04:59 csco_config/97/bookmarks/Template
24 4096 Mar 27 2010 12:38:20 csco_config/locale
29 5 Mar 27 2010 02:49:26 csco_config/locale/clean.8.0.done
30 4096 Mar 27 2010 03:03:16 csco_config/locale/ja
32 4096 Mar 27 2010 12:45:58 csco_config/locale/ja/LC_MESSAGES
36 3224 Mar 27 2010 05:15:20 csco_config/locale/ja/LC_MESSAGES/customization.po
37 4481 Mar 27 2010 12:45:58 csco_config/locale/ja/LC_MESSAGES/PortForwarder.po
38 31925 Mar 27 2010 12:45:58 csco_config/locale/ja/LC_MESSAGES/webvpn.po
39 4096 Mar 27 2010 05:19:14 csco_config/locale/fr
41 4096 Mar 27 2010 12:45:58 csco_config/locale/fr/LC_MESSAGES
45 2430 Mar 27 2010 12:38:20 csco_config/locale/fr/LC_MESSAGES/customization.po
46 4149 Mar 27 2010 12:45:58 csco_config/locale/fr/LC_MESSAGES/PortForwarder.po
47 29961 Mar 27 2010 12:45:58 csco_config/locale/fr/LC_MESSAGES/webvpn.po
48 4096 Mar 27 2010 12:45:58 csco_config/locale/LC_MESSAGES
52 2864 Mar 27 2010 13:04:48 csco_config/locale/LC_MESSAGES/PortForwarder.po
53 18061 Mar 27 2010 13:04:48 csco_config/locale/LC_MESSAGES/webvpn.po
54 896 Mar 27 2010 13:04:48 csco_config/locale/LC_MESSAGES/banners.po
57 7598456 Mar 27 2010 02:51:42 asdm-615.bin
61 2097152 Mar 27 2010 12:43:52 anyconnect-win-2.3.0254-k9.pkg
262901760 bytes total (227508224 bytes free)
This is what I’m trying to do over ASDM:
webvpn
enable Management
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol svc L2TP-IPSec IPSec webvpn
webvpn
svc enable
configure terminal
tunnel-group sslvpn type remote-access
tunnel-group sslvpn general-attributes
address-pool EasyVPN
and here is what I get after sending above commands:
ASA1# ERROR: log directory non-existent: No such file or directory
ERROR: creating minidump file/var/log//recovery-event.205.20100327.130257. No such file or directory
ERROR: log directory non-existent: No such file or directory
ERROR: creating minidump file/var/log//recovery-event.205.20100327.130322. No such file or directory
ERROR: log directory non-existent: No such file or directory
ERROR: creating minidump file/var/log//recovery-event.205.20100327.130322. No such file or directory
e1000: eth5: e1000_suspend: Error enabling D3 wake
e1000: eth5: e1000_suspend: Error enabling D3 cold wake
e1000: eth5: e1000_suspend: Error in setting power state
e1000: eth4: e1000_suspend: Error enabling D3 wake
e1000: eth4: e1000_suspend: Error enabling D3 cold wake
e1000: eth4: e1000_suspend: Error in setting power state
e1000: eth3: e1000_suspend: Error enabling D3 wake
e1000: eth3: e1000_suspend: Error enabling D3 cold wake
e1000: eth3: e1000_suspend: Error in setting power state
e1000: eth2: e1000_suspend: Error enabling D3 wake
e1000: eth2: e1000_suspend: Error enabling D3 cold wake
e1000: eth2: e1000_suspend: Error in setting power state
e1000: eth1: e1000_suspend: Error enabling D3 wake
e1000: eth1: e1000_suspend: Error enabling D3 cold wake
e1000: eth1: e1000_suspend: Error in setting power state
e1000: eth0: e1000_suspend: Error enabling D3 wake
e1000: eth0: e1000_suspend: Error enabling D3 cold wake
e1000: eth0: e1000_suspend: Error in setting power state
Restarting system.
.
any ideas what is going on here?
Thanks
Hi Tobie,
i dont know how to thank you, you are awesome, it’s work!!!!
but i have e new problem i can not ping from asa to asa and to loopback, what is there the reason.
in link’s down i have post
the settings from qemu and qemu host, must i sett something to qemu host or are enough the default settings
http://www.pic-upload.de/view-5092429/Generals-setting.png.html
http://www.pic-upload.de/view-5092436/QemuHost.png.html
thnx you are great.
Hi Tobie,
i forgot to tell you about the qemu start, qemu it’s not starting form the start button, i got the message qemu not started, but if i start the asa i get the message qemu started and from firewall i get the message to allow e qemu to connect.
thnx
Tomasz:
create first all the required dir (var, var/log)
and use asdm-602.bin as your asdm image.
gudluck
Hello, I get the following message after creating the flash and then try copying and pasting the command to start qemu: qemu: invalid option — ‘-no-kqemu’
any ideas?
Hi Tobie,
Your mentioned files of initrd and kernal for asa 8.02 image is worked for me at Windows XP OS.
Thanks a Lots !!!
I am gettinf following error when i am enabling interface in ASA.Please help me in this regard. I will be highly Thankful
ciscoasa(config)# int eth0/0
ciscoasa(config-if)# no shut
Failed to change interface status: cannot get channel
ciscoasa(config-if)#
Bilal Shafat
Joni:
If your asa is working now, thats it. All the problems might be on your topology, or your own configuration. If you can assign an ip address, enable the interface, assign names and security levels, then your asa is working correctly. Any other problem will now be depends on your own topology and configurations
thanks
hi tobie,
first big thanx to you for your help.
asa is working, when i save configuration i get the message the config is failed but when i startin asa again the config is saving.
about ping it is a llitel bit strange thing becouse before it’s has working and now don’t,
I have no topology created only asa too loopback, than i did try once simple to ping from asa direktly to asa and does not work, but is ok, i say thnx and have a naice day.
I’m using GNS3 0.7 with Windows 7 x64
@anyone
Why don’t the “Using ASA with GNS3″ instructions work as is? Am I doing something wrong? I followed the simple instructions of unpacking Initrd and Kernel and adding them to the GNS3 Qemu ASA preferences but I get tons of errors and 100% CPU usage when I start my ASA in GNS3.
@tobie
hxxp://www.2shared.com/file/12302403/b852d081/asa802-k8.html
Downloaded fine
hxxp://www.2shared.com/file/12302429/6ab15b1d/asa802-k8initrd.html
“The file link that you requested is not valid. Please contact link publisher or try to make a search.”
hxxp://www.4shared.com/file/42737514/9de0d8c4/asa.html
Downloaded fine
If I use your Initrd and Kernel and FLASH1 file then GNS3 just creates a new 256KB flash file with the name FLASH. Then I get errors such as these:
mount: Mounting /dev/hda1 on /mnt/disk0 failed: No such device or address
mount: Mounting /dev/hda1 on /mnt/disk0 failed: No such device or address
TIPC: Activated (compiled May 2 2007 15:38:08)
NET: Registered protocol family 30
TIPC: Started in single node mode
TIPC: Started in network mode
TIPC: Own node address , network identity 1234
TIPC: Enabled bearer , discovery domain , priority 10
e100: Intel(R) PRO/100 Network Driver, 3.5.10-k2-NAPI
e100: Copyright(c) 1999-2005 Intel Corporation
SIOCGIFFLAGS: No such device
SIOCGIFFLAGS: No such device
SIOCGIFFLAGS: No such device
SIOCGIFFLAGS: No such device
SIOCGIFFLAGS: No such device
SIOCGIFFLAGS: No such device
/etc/init.d/rcS: /etc/init.d/rcS: 22: ./lina_monitor: not found
Please press Enter to activate this console.
#
If I rename your FLASH1 file to FLASH then I can’t open a telnet session to the ASA.
I’m using the patched qemu which comes with GNS3 0.7
I’m running Windows 7 x64
qemu-img create FLASH 256M
Then you can start Qemu.
qemu -hda FLASH -kernel asa802-k8.kernel -hdachs 980,16,32 \
-initrd asa802-k8.initrd.gz -m 512 -no-kqemu -nographic -append \
“console=ttyS0,9600n8 hda=980,16,32 bigphysarea=16384 auto nousb ide1=noprobe”
If I do the above I find I get this error in a file named stderr:
qemu: invalid physical CHS format
My files are named identical to those above and I’m using the identical commands except I removed the line breaks and entered the command as a single string.
tobie,
Thanks!
I can only download the kernel filr from your custom files.
The second file is not availlable error below:
” The file link that you requested is not valid. Please contact link publisher or try to make a search”
I see others are already working well with your file..Please add another link.
ok, ill upload it later on.
or maybe someone that have a copy can upload it again
thanks
Here’s the extracted initrd and kernel for asa802-k8: http://www.mediafire.com/?4wkhynnhkh2
Please disregard the mediafire link above. A script was named incorrectly.
Here’s the tested and confirmed initrd and kernel for asa802-k8:
http://www.mediafire.com/?4yj4mddmqey
When I transfered the ASDM image to Disk0:/ via FTP and then tried to load the ASDM when I got the error message that
“Your ASA image has a version number 8.0(2) which is not supported by ASDM 6.0(2)”
Someone,
Many thanks , I have downloaded your kernel and intrd files-they work like a charm!
I am getting this error when trying to save the configs:
“ciscoasa# wr
Building configuration…
Cryptochecksum: 76f48104 849f698c e45baa18 7ba1e604
%Error opening disk0:/.private/startup-config (No such file or directory)
Error executing command
[FAILED]”
What could be the problem?
Sometimes the ASA does not go to the normal prompt but to this:
Starting Cisco ASA with Multiple Security Contexts…
Please press Enter to activate this console.
#
#
It takes no commands when this happens..Any suggestions why this is?
Everything is working …thanks a lot…
but when I want to save the configuration, throwing the following error….
Building configuration…
Cryptochecksum: 6e33e06b 255d8b92 90c27d70 9f5b4de4
%Error opening disk0:/.private/startup-config ()
Error executing command
[FAILED]
ciscoasa#
what could be the problem…
Thanks and regards
R.Krishnan
Hi Innoe
Even I had the same issue. To resolve it, go to asa, scripts and do ./first_……sh to get the prompt. From there everything will work fine.
but it throwing error while saving the running configuration ….
Hi Innoe
forget to mention some thing, if you are not a linux expert…
try this
from the “#”
type ls
it will show the list of directory
there you can see a directory called asa
Go to asa and do “ls” again.
you can see a directory called script
go to the directory and “ls”
you will see a file with first_…..sh
execute it using ./first_….sh
Thanks Krishnan. The prompt issue is resolved.
As for saving the running config, I have been able to do it the following:
ASA1# copy running-config flash:.private/startup-config
Source filename [running-config]?
Destination filename [.private/startup-config]?
%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Cryptochecksum: 2c3864c6 ef9f5f0b 85f6789d f9075ed5
5995 bytes copied in 4.200 secs (1498 bytes/sec)open(ffsdev/2/write/41) failed
open(ffsdev/2/write/40) failed.”
It will complain about that file already in flash but I see it serves the config anyway. I have started GNS3 several times and the config is not lost on the ASA.
Hi Innoe,
Thanks a lot for the response
Have you tried pinging the ASA inside interface by connecting to router (for testing purpose). it is not working for me.
Regards
R.Krishnan.
haha
it is working for me……
tobie,
Have you worked with the IDS is the new GNS3 version? Is there where I can get the setup steps for this: How you generate the binary image1 and 2? and get the thing to boot properly. I have this ISO image file (IPS-K9-cd-1.1-a-6.0-6-E3).
Innoe:
check this link:
http://inetpro.org/wiki/Using_qemu_to_run_Cisco_IPS
I can confirm that IDS is working on gns3.7.
I can pass traffic but its a bit sluggish, you really had to have a huge ram on your desktop/laptop to have a stable traffic inspection. But of course, its gns3 is all about emulation so don’t expect for it to work 100% like the real hardware.
use a patched qemu/qemu-img and run this command to make binary images:
qemu-img create ips-disk1.img 512M
qemu-img create ips-disk2.img 4000M
**i think the 4gb binary image2 is a must, i’m not really sure, but i can not get the IDS to work if i create a small binary image (1 or 2 gb size).
You don’t need to have a thorough knowledge of linux to follow the tutorial link above, its a step by step guide that anyone can follow just read it carefully and you can get it to work in no time. I advise you to use ubuntu or linux mint for i think that is the most user-friendly linux distros.
After your finish configuring the binary images on qemu, you can then import it to gns3 and your done!
gudluck
Thanks tobie,
Will install ubuntu and try it out. I was trying it on Windows 7 and it kept failing to find boot device.
Hi Tobie and other,
Thanks for your above post.
I am trying to work with ASA since long. I have downloaded initrd and Kernel file. WHen I start ASA and try to take console, console session opens as blank.
When I use my old initrd and kernel, I am able to take console. But interfaces are not getting up.
Please advise.
Regards,
YOgi
Is there any success running ASA 8.0.5 with qemu either on windows or Linux or is there any pointer unpack / rebuild method someone could provide.
Thanks
tobie,
I get an error when running ASDM-602. It tells me it’s not compatible with IOS verion 8.0(2). I noticed on one of your posts you had this version of ASDM in your flash. Did thi ever work with you? Thanx in advance
asdm 621 works for me with 8.0.2
@ yogi:
what OS are you using?
here are some troubleshooting tips:
1. confirm that you successfully followed jeremy’s guide on extracting the kernel and initrd of the asa. Use version 8.02. This is the only version that works on gns3.
2. check the console port on the asa.
3. check if qemuwrapper is running. You can verity this by opening task manager and check the services tab. Check if you have other service that runs on port 10525. qemu uses port 10525 to run asa
4. manually create the FLASH file, use the command “qemu-img create FLASH 256M” and then create a folder “ASA1″ on the working directory and then put the FLASH file inside.
5. try to use the included FLASH file on here hxxp://www.4shared.com/file/42737514/9de0d8c4/asa.html
if you encounter this error:
ciscoasa(config)# int eth0/0
ciscoasa(config-if)# no shut
Failed to change interface status: cannot get channel
ciscoasa(config-if)#
it is due to a misconfigured FLASH file. changed it before you go berserk.
6. try to disable your wireless nic (i experienced this before using vista and ubuntu)
7. Use the “Test” button on the Qemu configuration menu and see if it is successfull. If not, try to uninstall/install gns3.7 again. Try to use an absolute path on the qemu and qemu-img file.
thats it for now,
gudluck
@ innoe:
you need to setup a proxy. Check 7200.hacki forum. They use the program called “fiddler” which basically act as a proxy to change the hardware name and model of the asa to fool the ASDM so it will recognize and accept its connection.
Did you get my custom inintrd? it can run ASDM without any proxy setup, basically plug n play
tobie,
which initrd works with asdm, the asa-nolina.gz or asa.gz?
Thx
is there anyone try SSL VPN feature on emulated ASA ?
SSL VPN works for me.
SSL VPN works for me as well, including OSPF and VPN loadbalancing !
The only problem I have is to retain SSL rsa keypair on reboot. Have anyone found out how to do that ?
Dear tobi,
As many i am also havin asdm problem. ASA works fine but i tried different asdm version. when i try with 621 it says it does not support 802. When i try with 602 it says unable to launch application. I tried java version also. I add 6.13 i downgraded it to 6.7 no success. Asdm was working fine with pix.
Hi,
I am working on windows xp with gns3 ver 7.2. I did noting just got intird and kernel file from this blog and started asa it works fine. But still iam strugling with ASDM . In post i see many are using linux i am not good in linux please some one help me.
Regards,
Praveen
Here i see many mentioning about flash file. But in ASA i dont find that option at all.
Hi Tobie,
Does i have to create all these directories for webvpn.
19 4096 Feb 18 2008 21:06:16 csco_config/97/customization
21 23666 Mar 27 2010 10:10:01 csco_config/97/customization/Template
22 4096 Feb 18 2008 21:18:24 csco_config/97/bookmarks
24 848 Mar 27 2010 10:10:01 csco_config/97/bookmarks/Template
25 4096 Feb 13 2010 17:43:48 csco_config/97/webcontent
26 4096 Feb 18 2008 21:40:04 csco_config/locale
31 5 Feb 18 2008 21:06:16 csco_config/locale/clean.8.0.done
32 4096 Feb 18 2008 21:18:24 csco_config/locale/ja
34 4096 Feb 18 2008 21:40:38 csco_config/locale/ja/LC_MESSAGES
38 3224 Feb 18 2008 21:31:04 csco_config/locale/ja/LC_MESSAGES/customization.po
39 4481 Feb 18 2008 21:40:38 csco_config/locale/ja/LC_MESSAGES/PortForwarder.po
40 31925 Feb 18 2008 21:40:38 csco_config/locale/ja/LC_MESSAGES/webvpn.po
41 4096 Feb 18 2008 21:35:24 csco_config/locale/fr
43 4096 Feb 18 2008 21:40:38 csco_config/locale/fr/LC_MESSAGES
47 2430 Feb 18 2008 21:40:04 csco_config/locale/fr/LC_MESSAGES/customization.po
48 4149 Feb 18 2008 21:40:38 csco_config/locale/fr/LC_MESSAGES/PortForwarder.po
49 29961 Feb 18 2008 21:40:38 csco_config/locale/fr/LC_MESSAGES/webvpn.po
50 4096 Feb 18 2008 21:40:38 csco_config/locale/LC_MESSAGES
54 2864 Mar 27 2010 10:09:57 csco_config/locale/LC_MESSAGES/PortForwarder.po
55 18061 Mar 27 2010 10:09:57 csco_config/locale/LC_MESSAGES/webvpn.po
56 896 Mar 27 2010 10:09:57 csco_config/locale/LC_MESSAGES/banners.po
64 4096 Feb 13 2010 17:43:32 var
which you have posted.
I have created these in my asa.ciscoasa# sh flash:
–#– –length– —–date/time—— path
5 4096 Jun 29 2010 04:55:36 .private
6 0 Jun 29 2010 07:29:10 .private/mode.dat
7 0 Jun 29 2010 05:31:38 .private/DATAFILE
10 1698 Jun 29 2010 05:31:38 .private/startup-config
13 11348300 Jun 29 2010 05:19:30 asdm-621.bin
8 4096 Jun 29 2010 05:31:38 boot
9 0 Jun 29 2010 05:31:38 boot/grub.conf
11 4096 Jun 29 2010 07:29:15 csco_config
14 4096 Jun 29 2010 07:36:04 csco_config/97
16 4096 Jun 29 2010 07:36:04 csco_config/97/bookmarks
17 4096 Jun 29 2010 07:50:28 var
18 4096 Jun 29 2010 07:50:28 var/log
And i am working ASDM with fiddler, you have mentioned with ur custom i can work without fiddler can you please help me on that.
Regards,
Praveen
Hi guys,
For fiddeler configuration please follow this link i hope this will be helpful..
http://www.petenetlive.com/KB/Article/0000052.htm
Regards,
Praveen
hi,
i have my asa working, thanks a lot for this procedure.
however i have an issue when i use the asa in a topology, i have tried to link the ASA interfaces to a router however im unable to ping from one interface to another, i think some other ppl have had the same problem. I’m working on linux ubuntu and i have tried several gns3 versions including 0.7, 0.7.1 and 0.7.2. When i link the 2 interfaces i cant start the ASA, i need to start the ASA first and then and the link between interfaces.
Does anyone have any idea how to fix this?
thanks a lot for your comments.
Tobie where ru gone. Can you please upload your initrd and kernel files. I have downloaded from http://www.mediafire.com/?4yj4mddmqey as uploaded by someone., But asdm not working in that withoud fiddler.
Regards,
Praveen
dear Jermy,
Why my posts are removed from here. I dont understand. Is there any problem in website.
All guys trying ASA.
1)Download gns3 ver 7.2
2)Download Tobie’s custom initrd and kernel file from this blog.
3)Install gns3
4)Dont change any path in gns3
5)Test qemu and dynamics, This test button works fine.
6)In gns3 Edit,preferences, qemu,asa select path for initrd and kernel which you downloaded already dnt change other settings.
7)Drag your ASA into gns3 and click start.
8)qemu will open dnt close it just minize it
9)Open console ASA will open in putty.
10) Follow this steps.
Cisco ASA with Multiple Security Contexts
==============================================
This is your first boot, please wait about 2 minutes for ‘disk0′ creation
and then execute the following commands inside the Linux prompt:
# cd /mnt/disk0
# /mnt/disk0/lina_monitor
Please note to use the following command under ASA to save your configs:
ciscoasa(config)# boot config disk0:/.private/startup-config
ciscoasa(config)# copy running-config disk0:/.private/startup-config
To get webvpn working, execute the following commands:
ciscoasa# mkdir disk0:/var
ciscoasa# mkdir disk0:/var/log
ciscoasa# mkdir disk0:/csco_config
ciscoasa# mkdir disk0:/csco_config/97
ciscoasa# mkdir disk0:/csco_config/97/webcontent
( Powered by Pedro Flor )
( [email protected] )
Please press Enter to activate this console.
#
Thats all, Everything works fine ,even SSL vpn. Still ASDM not working without fiddler i am waiting for tobie’s reply cos only from him i heard without fiddler i can work with ASDM
Again thank you Jermy and others who contributing so much.
Regards,
Praveen
For ASDM TO WORK WITH FIDDLER USE THIS INITRD IMAGE.:hxxp://www.4shared.com/file/cm7sFS6d/asa802-k8initrd.html
CREDIT GOES TO SAKET FROM THIS FORUM http://www.sadikhov.com/forum/index.php?showtopic=177924
Regards,
Praveen