«

»

Feb 21

Cisco ASA 8.4 on GNS3

I struggled quite a lot of get ASA 8.4 working on GNS3. I had 8.0(2) working and was helping to test the configurations and VPNs but now wanted to get 8.4 running such that I can prepare myself for new NAT statements and migration from 8.0(2) to 8.4(2).

Here are the steps to get it working. All links to any images or keys are removed for legal reasons. Once its gone its gone.

1. Download the ASA 8.4 files for GNS3 from the following address

I am afraid you will have to search google for reputable sources to get firewall ASA842 image. Please dont ask here for the image.

2. Configure GNS3 as following. ( I am using Ver 0.8.2 Beta 2, Also Tested 8.3 with Windows 7 64 bit which worked without any issues).  Type the code below into relevant fields

 

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
 
Configure the paths for Initrd and Kernel to where you have extracted the files.
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Once the firewall is up and running use following activation keys

Again the activation keys are in public domain so get it using your search capabilities.

 

It will take a while (10-15 min) to accept the second activation key and will take the same time at first reboot.

That's all done and we have a working firewall to play with.

 

 

Now if you want to run two ASAs, you will have to change the Qemu options on the second firewall as below

Qemu Options: -vnc :2 none -vga none -m 1024 -icount auto -hdachs 980,16,32

 

Troubleshooting:

Please check the comments at the end of post where you will find different ways to resolve issues if you face any. Specially very helpfull comments from GD and are detailed below

 

Download and install the latest version of GNS3 0.8.2 after that download the •Qemu 0.13.0 patched 32 bits binary for Windows from
 
 
Copy and replace all downloaded qemu files and folders with existing qemu files and folders under GNS3 folder.

 

After you have ASA running in GNS and want to play with ASDM, here is the guide to follow

http://www.xerunetworks.com/2012/03/asa-84-asdm-on-gns3-step-by-step-guide/

 

and if you want to connect two GNS3 networks running on two different PCs, use following

http://www.xerunetworks.com/2012/03/connect-gns3-network-to-real-networks-other-gns3-network/

I have posted a LAB Guide for migrating NAT from 8.2 to 8.3/8.4 Version, which is still work in progress but has a lot of stuff already added into it

http://www.xerunetworks.com/2012/03/asa-8384-nat-migration-lab-guide/

349 comments

13 pings

Skip to comment form

  1. kevin

    Hi, whenever I turn on 2nd ASA, the other one crashes. Any suggestions? thanks.

    1. xerunetworks

      if your machine has enough resources to handle two, it shouldn’t crash

      1. kevin

        thanks. so far both of them are working on a real machines instead of VM.

  2. ASO

    Do I need to use both activation keys?
    I was able to use first key. However, ASA hangs after using 2nd activation key.
    showing the following message and hanged:
    ciscoasa# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
    Validating activation key. This may take a few minutes…
     

    1. xerunetworks

      It doesnt hang, you just need to enter this key and go get a cup of cofee, the time you will be back (5-10 min), it should be done with a message you that key was successful and  to save the config.

  3. GNS 3 User

    Hi Malikyounas,
    Just tested using 0.82 beta2 with the original patched, the result is the same with no luck.  From the GNS3 forum, I saw some user facing the same problem. Grossmj and Brezular now studied the problem and seems the qemu is not patched to support UDP tunnel.
    Thanks & Regards,

    1. Gustavo

      GNS 3 user. I followed the steps and noticed that the console would hang. I use SecureCRT but decided to give Putty 32 bit a try. In Preferences > General > Terminal Settings I chose Putty (Windows 32-bit) and changed the Terminal command TO THE ACTUAL EXECUTABLE path. It worked then.

  4. gns3forever

    I'm useing windows 7 64 bit, I used GN3 0.82-standalone-64-bit. I followed the instructions step by step and it worked for me.   Note that Qemu options in the text file with asa files from Meidafire is not correct. it is missing vnc and vga options.  Use the Qeme option on this this post.
    thank you so much maalikyounis and all of you on this post.

    1. xerunetworks

      Thanks for the update, I have removed text file from zip to avoid any confusion

  5. GNS 3 User

    Hi All,
    Does anyone tried running GNS3 0.82 and ASA 8.42 on windows XP 64 bits platform ??? I already followed the above instruction, download the latest version of GNS 3 and Qemu 0.13.0 patched 32 bits binary for Windows (replacing all download files with existing), The ASA FW is up and running but can't console in, the putty windows is inactive and then disappeared.
    Hoped anyone  can help !!!
    Thanks & Regards,

    1. xerunetworks

      The Qemu 0.13.0 patched 32 bit bainay is for 32 bit windows installation. I would suggest, uninstall current gns3, installating the beta version http://sourceforge.net/projects/gns-3/files/GNS3/0.8.2-BETA2/ without any patches etc and try that following the post, let us know how it goes

    2. GD

      Hello if you are using windows xp 64bit you don't need to replace existing files and folders with Qemu 0.13.0 patched 32 bits binary for Windows. uninstall existing gns3 and reinstall latest gns3 0.8.2 (setup: windows xp 64 bit,  asa842-initrd, asa842-vmlinuz) add  Qemu Options & Kernel cmd line (Note : do not cut and paste below lines just type manually) Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32 Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536   and do few settings in gns3 according to attached screen shots
      http://dl.dropbox.com/u/48626267/PIC1.png
      http://dl.dropbox.com/u/48626267/PIC2.png
      http://dl.dropbox.com/u/48626267/PIC3.png
      http://dl.dropbox.com/u/48626267/PIC4.png
      hope this will work if you still facing  any issue do let me know

      1. GNS 3 User

        Hi GD,
        Followed your instructions and setting according to your screenshots, still the same result as Malikyounas suggested using 0.82 beta2 version, ASA FW is started and up but can't console in.
        Anyways, thanks for your information first.

        1. acer787

          I have the same problem. Win xp 64. ASA start but can't console

          1. steven

            same here, but on ubuntu

  6. Jacob

    Hi,
    I have a questions;
    Why do we need the activation keys listed above. Would the default of no activation key work just fine? or we need for some VPN stuff etc…?
    thanks
     

    1. xerunetworks

      By default without activation keys the license is restricted which doesnt give you VPN options, no failover etc

      1. jacobb

        Malikyounas, thank you so much for responding so quickly.

  7. ipsniffer

    BRILLIANT!!! Thank you very much for sharing, really appreciate it!!!
    Working 100% as described.

  8. GD

    please download and install the latest version of GNS3 0.8.2 after that download the •Qemu 0.13.0 patched 32 bits binary for Windows from http://www.gns3.net/download/ http://sourceforge.net/projects/gns-3/files/Qemu/qemu-0.13.0.patched.win32.zip/download copy and replace all downloaded qemu files and folders with existing qemu files and folders under GNS3 folder. its solved my problem Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32 Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 i'm running asa842-k8 asdm-647 Windows 7 64bit everythings is working fine. hope this will help

  9. Leo

    Got an error:

    UnicodeEncodeError:’ascii’ codec can’t encode character u’\xd7′ in position 346: ordinal not in range9128), any idea?

    1. xerunetworks

      Similar issue to what other peole have, either try a different windows installation or try GNS3 on Ubuntu Running on VM Ware.

    2. Roguepacket

      After scratching my head for an hour, I solved this error on both my Mac OS and Windows 7 x64 installation. Check your ASA Kernel Cmd Line closely – if you copy and paste from the article, you will see “mask=0x01” does not actually contain an “x” – it is a unicode character that merely looks like one. Even if you copy/paste into notepad, the unicode doppelganger will remain. Simply replace it with a real “x” from your keyboard, and you’re good to go!

      1. xerunetworks

        Fixed: Now it should be 'x' rather than unicode in the option for Kernel

  10. iman

    Hi
    thanks for your tutorial but could you provide me which version of GNS3 and Qemu do you used?
    i can’t used this because i get ‘connection lost’ error each time try to start ASA.
    please inform me as soon as you can
    thanks in advance

    1. xerunetworks

      I used Ver 0.8.2 Beta 2, there in new version available on GNS3 download page. To try exactly the same what I had, try following download to get Beta2

      http://sourceforge.net/projects/gns-3/files/GNS3/

      1. iman

        thanks

Leave a Reply to Ali Cancel reply

%d bloggers like this: