Comments on: How to emulate Cisco ASA http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/ Technical Blog Thu, 27 Oct 2011 17:49:25 +0000 hourly 1 http://wordpress.org/?v= By: Jon http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-4157 Jon Thu, 27 Oct 2011 17:49:25 +0000 http://blog.gns3.net/?p=141#comment-4157 To get the ASA to run in transparent mode within my GNS3 instance, I added to the asa/scripts/first_start.sh script provided above: After: ifconfig eth0 up ifconfig eth1 up Add: ifconfig eth0 promisc ifconfig eth1 promisc Without this, packets weren't making it up to the ASA process, and were discarded at the nic when running in transparent mode. That might be obvious to others, but wanted to mention it since I had to search a while for it. To get the ASA to run in transparent mode within my GNS3 instance, I added to the asa/scripts/first_start.sh script provided above:
After:
ifconfig eth0 up
ifconfig eth1 up
Add:
ifconfig eth0 promisc
ifconfig eth1 promisc

Without this, packets weren’t making it up to the ASA process, and were discarded at the nic when running in transparent mode.

That might be obvious to others, but wanted to mention it since I had to search a while for it.

]]> By: Jorge Avelar http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-4145 Jorge Avelar Mon, 19 Sep 2011 22:49:32 +0000 http://blog.gns3.net/?p=141#comment-4145 this step below does not work for me. echo "25159680 ; ibase=16 ; last - 1228b0" | bc | tail -n l tail: illegal offset -- l (standard_in) 1: parse error this step below does not work for me.

echo “25159680 ; ibase=16 ; last – 1228b0″ | bc | tail -n l
tail: illegal offset — l
(standard_in) 1: parse error

]]> By: Greg http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-4081 Greg Mon, 28 Feb 2011 17:03:41 +0000 http://blog.gns3.net/?p=141#comment-4081 I am trying the procedure with ASA binary: asa804-k8.bin converted into hex, but when I grep for "1f 8b 08 00 1d" nothing comes up. Any ideas? Thanks I am trying the procedure with ASA binary: asa804-k8.bin converted into hex, but when I grep for “1f 8b 08 00 1d” nothing comes up. Any ideas?

Thanks

]]> By: Learning Cisco ASA - TechExams.net IT Certification Forums http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-966 Learning Cisco ASA - TechExams.net IT Certification Forums Sun, 24 Oct 2010 19:39:51 +0000 http://blog.gns3.net/?p=141#comment-966 [...] can use a full ASA image, (GNS3 0.7.2), the previous versions of GNS3 only ran PIX. Here is the link on the GNS 3 site to get it up and running.. I found version 7 of the ASA image works fine, and [...] [...] can use a full ASA image, (GNS3 0.7.2), the previous versions of GNS3 only ran PIX. Here is the link on the GNS 3 site to get it up and running.. I found version 7 of the ASA image works fine, and [...]

]]> By: Van http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-965 Van Sun, 17 Oct 2010 06:14:25 +0000 http://blog.gns3.net/?p=141#comment-965 I am so close the getting the asa832-k8 emulate and the asa823-k8, but I need to know were the kernel starts and ends in the asa823-k8.bin so I can yank the kernel from the kernel by determining the skip and count values. Otherwise the I have successfully extracted the initrd and the kernel from the asa832-k8.bin, but keep getting the following error: done Freeing initrd memory: 14077k freed platform rtc_cmos: registered platform RTC device (no PNP device found) highmem bounce pool size: 64 pages HugeTLB registered 4 MB page size, pre-allocated 0 pages bigphysarea: Allocated 16384 pages at 0xdf800000. msgmni has been set to 673 io scheduler noop registered io scheduler anticipatory registered (default) io scheduler deadline registered io scheduler cfq registered pci 0000:00:00.0: Limiting direct PCI/PCI transfers pci 0000:00:01.0: PIIX3: Enabling Passive Release pci 0000:00:01.0: Activating ISA DMA hang workarounds Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A loop: module loaded pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de tun: Universal TUN/TAP device driver, 1.6 tun: (C) 1999-2004 Max Krasnyansky Uniform Multi-Platform E-IDE driver ide_generic: please use "probe_mask=0x3f" module parameter for probing all legacy ISA IDE ports ide-gd driver 1.18 TCP cubic registered NET: Registered protocol family 17 RPC: Registered udp transport module. RPC: Registered tcp transport module. 802.1Q VLAN Support v1.8 Ben Greear All bugs added by David S. Miller TIPC: Activated (version 1.6.4 compiled Jul 30 2010 16:45:45) NET: Registered protocol family 30 TIPC: Started in single node mode Using IPI Shortcut mode VFS: Cannot open root device "hda1" or unknown-block(0,0) Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0) Does anyone know what I need to configure in GNS3 or change in the first_start.sh or rcS scripts if necessary to make the run completely and load to command line? I am so close the getting the asa832-k8 emulate and the asa823-k8, but I need to know were the kernel starts and ends in the asa823-k8.bin so I can yank the kernel from the kernel by determining the skip and count values. Otherwise the I have successfully extracted the initrd and the kernel from the asa832-k8.bin, but keep getting the following error:

done
Freeing initrd memory: 14077k freed
platform rtc_cmos: registered platform RTC device (no PNP device found)
highmem bounce pool size: 64 pages
HugeTLB registered 4 MB page size, pre-allocated 0 pages
bigphysarea: Allocated 16384 pages at 0xdf800000.
msgmni has been set to 673
io scheduler noop registered
io scheduler anticipatory registered (default)
io scheduler deadline registered
io scheduler cfq registered
pci 0000:00:00.0: Limiting direct PCI/PCI transfers
pci 0000:00:01.0: PIIX3: Enabling Passive Release
pci 0000:00:01.0: Activating ISA DMA hang workarounds
Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
loop: module loaded
pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky
Uniform Multi-Platform E-IDE driver
ide_generic: please use “probe_mask=0x3f” module parameter for probing all legacy ISA IDE ports
ide-gd driver 1.18
TCP cubic registered
NET: Registered protocol family 17
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
802.1Q VLAN Support v1.8 Ben Greear
All bugs added by David S. Miller
TIPC: Activated (version 1.6.4 compiled Jul 30 2010 16:45:45)
NET: Registered protocol family 30
TIPC: Started in single node mode
Using IPI Shortcut mode
VFS: Cannot open root device “hda1″ or unknown-block(0,0)
Please append a correct “root=” boot option; here are the available partitions:
Kernel panic – not syncing: VFS: Unable to mount root fs on unknown-block(0,0)

Does anyone know what I need to configure in GNS3 or change in the first_start.sh or rcS scripts if necessary to make the run completely and load to command line?

]]> By: Van http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-925 Van Fri, 01 Oct 2010 01:06:54 +0000 http://blog.gns3.net/?p=141#comment-925 I compressed back the initrd, but the asa802 won't load to command prompt. The asa823 gave me the error missing /dev/tty50 and the asa832 kept restarting, but I need to check if the script was in the asa/scripts/ and that the line in the rcS was changed from /asa/bin/lina_monitor to /asa/scripts/first_start.sh. I may have to find the correct kernel for the asa823 and the asa832. Otherwise the asa802 works with the initrd and vmlinuz obtain when using the unpack.exe from unpack-0.1_win tools I downloaded from the gns3 website. I compressed back the initrd, but the asa802 won’t load to command prompt. The asa823 gave me the error missing /dev/tty50 and the asa832 kept restarting, but I need to check if the script was in the asa/scripts/ and that the line in the rcS was changed from /asa/bin/lina_monitor to /asa/scripts/first_start.sh. I may have to find the correct kernel for the asa823 and the asa832. Otherwise the asa802 works with the initrd and vmlinuz obtain when using the unpack.exe from unpack-0.1_win tools I downloaded from the gns3 website.

]]> By: Van http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-924 Van Thu, 30 Sep 2010 05:31:40 +0000 http://blog.gns3.net/?p=141#comment-924 I did this for the asa805-k8.bin, asa823-k8.bin, and the asa832-k8.bin, but the grep could not find the 1f 8b 08 at the beginning of the files for the asa805-k8.bin, so when I got to the gzip -d I got an error not in gzip format. after getting the asa823-k8.bin and the asa832-k8.bin unzipped I could not find the initrd or the vmlinuz. I also made your script, but I don't know what to edit in the etc/int.d/rcS and the /asa/bin/lina_monitor. I did this for the asa805-k8.bin, asa823-k8.bin, and the asa832-k8.bin, but the grep could not find the 1f 8b 08 at the beginning of the files for the asa805-k8.bin, so when I got to the gzip -d I got an error not in gzip format. after getting the asa823-k8.bin and the asa832-k8.bin unzipped I could not find the initrd or the vmlinuz. I also made your script, but I don’t know what to edit in the etc/int.d/rcS and the /asa/bin/lina_monitor.

]]> By: tobie http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-915 tobie Tue, 31 Aug 2010 11:40:53 +0000 http://blog.gns3.net/?p=141#comment-915 guys!!! i got my 2nd ccie number! R&S and Security!! thanks to gns3 team! guys!!!

i got my 2nd ccie number!

R&S and Security!!

thanks to gns3 team!

]]> By: tobie http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-914 tobie Tue, 31 Aug 2010 11:37:55 +0000 http://blog.gns3.net/?p=141#comment-914 innoe, i made a simple "hack" on my initrd file. I actually made "two initrd file", one for the single-mode and the other for multi-mode. When im studying and doing some testing on multi-mode asa, i will load the multi-mode initrd and start my labs. all well and its great! the flash file will automatically updates that corresponds to your initrd modes. innoe,

i made a simple “hack” on my initrd file.
I actually made “two initrd file”, one for the single-mode and the other for multi-mode.

When im studying and doing some testing on multi-mode asa, i will load the multi-mode initrd and start my labs. all well and its great!

the flash file will automatically updates that corresponds to your initrd modes.

]]> By: Sushant http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-3/#comment-910 Sushant Sun, 15 Aug 2010 14:46:48 +0000 http://blog.gns3.net/?p=141#comment-910 Hi i am facing this problem plz help asa(config)# interface ethernet 0/0 asa(config-if)# namei asa(config-if)# nameif inside ERROR: open(np/port/id/0/-1) failed. ERROR: open() failed. ERROR: Failed to initialize interface inside ERROR: Add interface failed. asa(config-if)# no shut asa(config-if)# no shutdown Failed to change interface status: cannot get channel asa(config-if)# ASAP Hi i am facing this problem plz help

asa(config)# interface ethernet 0/0
asa(config-if)# namei
asa(config-if)# nameif inside
ERROR: open(np/port/id/0/-1) failed.
ERROR: open() failed.
ERROR: Failed to initialize interface inside
ERROR: Add interface failed.
asa(config-if)# no shut
asa(config-if)# no shutdown
Failed to change interface status: cannot get channel
asa(config-if)#

ASAP

]]>