«

»

Feb 21

Cisco ASA 8.4 on GNS3

I struggled quite a lot of get ASA 8.4 working on GNS3. I had 8.0(2) working and was helping to test the configurations and VPNs but now wanted to get 8.4 running such that I can prepare myself for new NAT statements and migration from 8.0(2) to 8.4(2).

Here are the steps to get it working. All links to any images or keys are removed for legal reasons. Once its gone its gone.

1. Download the ASA 8.4 files for GNS3 from the following address

I am afraid you will have to search google for reputable sources to get firewall ASA842 image. Please dont ask here for the image.

2. Configure GNS3 as following. ( I am using Ver 0.8.2 Beta 2, Also Tested 8.3 with Windows 7 64 bit which worked without any issues).  Type the code below into relevant fields

 

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
 
Configure the paths for Initrd and Kernel to where you have extracted the files.
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Once the firewall is up and running use following activation keys

Again the activation keys are in public domain so get it using your search capabilities.

 

It will take a while (10-15 min) to accept the second activation key and will take the same time at first reboot.

That's all done and we have a working firewall to play with.

 

 

Now if you want to run two ASAs, you will have to change the Qemu options on the second firewall as below

Qemu Options: -vnc :2 none -vga none -m 1024 -icount auto -hdachs 980,16,32

 

Troubleshooting:

Please check the comments at the end of post where you will find different ways to resolve issues if you face any. Specially very helpfull comments from GD and are detailed below

 

Download and install the latest version of GNS3 0.8.2 after that download the •Qemu 0.13.0 patched 32 bits binary for Windows from
 
 
Copy and replace all downloaded qemu files and folders with existing qemu files and folders under GNS3 folder.

 

After you have ASA running in GNS and want to play with ASDM, here is the guide to follow

http://www.xerunetworks.com/2012/03/asa-84-asdm-on-gns3-step-by-step-guide/

 

and if you want to connect two GNS3 networks running on two different PCs, use following

http://www.xerunetworks.com/2012/03/connect-gns3-network-to-real-networks-other-gns3-network/

I have posted a LAB Guide for migrating NAT from 8.2 to 8.3/8.4 Version, which is still work in progress but has a lot of stuff already added into it

http://www.xerunetworks.com/2012/03/asa-8384-nat-migration-lab-guide/

349 comments

13 pings

Skip to comment form

  1. Andy C

    Brill, got it working on Windows 7 laptop.

    For some reason it wont run on my XP desktop, and when i try to install on my Ubuntu machine the vmlinuz file cannot be seen, even if I show hidden files, any ideas?

    Anyway the fact it runs on machine is excellent, thanks for making this fly!

  2. sandeep

    Hi Bro,

    I grabbed a copy of asa from a post ‘fine tuned asa’ from gns3 forum…i got asa working fine …..both single and multicontext are working….i tried creating vlans and i was unable to do that…..please help me

    1. xerunetworks

      can you please explain a bit, how did you try to create VLANs? Can you please paste the config that you are trying to use and also what exactly you are after.

  3. xerunetworks

    @Faisal: Once you have completed the ASA setup, all you need to do is to start the device then open the console window and go to enable mode. Once you are in enable mode enter these keys there by just entering the full commands which are in the post.

  4. Faisal

    chief, where shall I put lisence keys in? cant see any box under asa tab. please advise
    Faisal

  5. VSpider0

    Odd enough that different HW made it to work. One would think it would be software issue but anyway a new lesson learned.

  6. Anonymous

    Thank you for your prompt answer. I followed your suggestions, but no luck :(. I tried then then same configuration on different laptop and it worked. The difference between the laptops was the HW and it worked on the older. Looks like HW issue or maybe some SW setting that I am not aware of. Both laptops use WinXP SP3. The old has Intel Core Duo CPU T7300, the newer uses Intel Core i5 CPU M520.

  7. VSpider0

    It happened to me quite a lot of times as you start all devices in the LAB, the ASA either doesnt start up or doesnt pass traffic when it loads. Now, I resolved by following these steps

    1. Start GNS, Load your project/topology. Don't start all devices at once. Say for example you have three routers connected to ASA. Start one router wait for a minute for it to loadbup then load the second one and after 1 min wait load the third one. Now wait for all these routers to fully load (3-4 Min) and then start the ASA at the last.
    2. If ASA still doesnt load, stop the ASA and start it again. I hope at least for the second time, it should load up OK.
    3. Make sure you have right Qemu options and kernel cmd line options.

    1. Peter

      Very intertesting comment, i have been loading my ASA first and then my routers. I will try this approach. have had the issue where whenyou have 2 ASA’s connected between two routers and once you have them up and running try and configure the outside interface on the second ASA but yet you cannot ping the routers interface ? the first ASA works fine and exactly the same config. I had them both working once, then i added a second DMZ on the second ASA and then i couldn’t ping my router anymore. All interfaces are in the up up state but i get ??????? from the ASA when i ping.

      1. xerunetworks

        To run the second firewall, you will have to change the Qemu options on the second firewall as below

        Qemu Options: -vnc :2 none -vga none -m 1024 -icount auto -hdachs 980,16,32

        Here is another topology that I was working on where I added second firewall and both were able to ping each other 

        http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/two-asa-in-gns3/

         

  8. Anonymous

    Hello and thank you very much for your post. I tried to setup a small lab following your instructions, but ASA fails to start when I connect to it any device. If I don't connect anything to it, it boots normally. Do you have any clue?

1 2 3 21

  1. ASA 8.3/8.4 NAT Migration Lab Guide - My Tech World » My Tech World

    […] « Cisco ASA 8.4 on GNS3 […]

Leave a Reply to wasif Cancel reply

%d bloggers like this: