Tuesday, 8 October 2013

Run Cisco ASA on GNS3

Everyone wants a toy ASA to practice on, right? Well you can with GNS3. This took me about 4 hours to get right.  Previously I had this working on a Windows box, however transferring the settings was far from pleasant.  In fact they just didn't work.

First, for some reason I am using Ubuntu 10.10.  I just like it, it is out of date, but still it works for me.  In order however to get GNS3 running on it I needed to install the new package from source.  Well I didn't need to, I wanted to.  So this meant removing the working GNS3 installed by the package manager and running the new GNS3 from source.

Once it was all unpacked and worked out how to run it, the first major problem is Qemu was an out of date unpatched version.  I would highly recommend working from step 8 of this post if you are reading this looking to solve Qemu patching problems:

You may also have to install Zliblg-dev package during the make process.  Anyhow, blah blah.  There are quite a few guides to installing ASA on GNS3, this post is more to put my spin on actually starting a firewall.  So lets cut to the configs, assuming you can test correctly Qemu and Dynamips connections, then here we go...

The most important bit of code:

kernel cmd line: ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 console=ttyS0,9600n8 bigphysarea=65536 auto nousb ide1=noprobe hda=980,16,32 root_dev=0x6802

Qemu options: -icount auto 

Anything but the above was causing it to fail.

Next give the ASA an interface an address and finally give it a name to correctly install it:

ciscoasa(config)# interface gigabitEthernet 0

ciscoasa(config-if)# ip address

ciscoasa(config-if)# nameif management0

Ok so.  You have a working ASA, but you want to use the ASDM, right?  Basically then you are going to have to tftp the ASDM software to the virtual device, so next we have to create a loopback node, have the ASA connect to that network and then do the needful.

And now to tftp the ADSM binary. Startup your preferred TFTP software, I like Pumpkin:

ciscoasa# copy tftp flash

Address or name of remote host []?

Source filename []? asdm-647.bin

Destination filename [asdm-647.bin]?

Accessing tftp://!!!!...

Writing current ASDM file disk0:/asdm-647.bin !!!!...

17902288 bytes copied in 96.340 secs (186482 bytes/sec)

Now a few things to make it all work, enable the http server, allow http and create user credentials:

ciscoasa(config)# asdm image flash:asdm-647.bin

ciscoasa(config)# http server enable

ciscoasa(config)# http management0

ciscoasa(config)# username nicholas password cisco priv 15

Now browse to or whatever you have and you should be able to install the
ASDM software, you will need the username/password above.

No comments:

Post a comment

Found this pointless and feel you must comment? Really, there is no need, we are fully aware of the pointlessness of this article. But if you must...