GNS3 : How to emulate ASA in Ubuntu 9.10 Linux
In this article, i will show you how you can emulate Adaptive Security Appliance (ASA) in Ubuntu Linux 9.10 ( Karmic Koala ).Also be aware that ASA does not 100% work in Qemu (enabling interfaces / communicating with real networks) but that’s enough to play with it.I used “asa802-k8.bin” for this tutorial.You can create Shell Script (first_start.sh) yourself or scroll through the tutorial to see download link provided at the end of this tutorial.Refer to GNS3 site for updated version of Shell Script
Cisco Secure ACS 5.X Deployment Guide E-Book
I have divided this video tutorial into 3 parts for easy understanding of many blog readers. Most people have already installed GNS3 so they can skip Video Tutorial 1. For others, all three parts are relevant[Qemu Patching is no longer required with latest version of GNS3 i.e GNS3 v0.7.3]. Here is the detail:
Video 1: How to Install GNS3v0.7 RC1 in Ubuntu 9.10 Linux
Click here to Play Video Tutorial 1
Video 2: How to Compile & Patch Qemu , Extract initrd and Linux Kernel from your ASA binary
Click here to Play Video Tutorial 2:
Video 3: How to configure GNS3 Preferences for Qemu & ASA
Click here to play Video Tutorial 3:
Download All 3 Video Tutorial including Script ,Gns3 – ASA steps etc:
Click here to download ALL parts
Softwares & Versions Used in this tutorial :
- Ubuntu 9.10 – 32 bit Edition
- GNS3 v0.7 RC1 tgz (Download it here)
- Dynamips 0.2.8-RC2 binary for Linux x86 platforms (Download it here)
- Qemu-0.11.0 tar.gz (Download Link)
Qemu-0.11.0 Patch(Download Link)- ASA Binary Version 8.0(2) - (asa802-k8.bin)
- For detailed explanation about emulating ASA tutorial , check this link.
- Download Shell Script (first_start.sh) – Right Click to Save !
Note : This is for educational purposes only.Please note that ASA binary is not provided and will not be , so please don’t ask.
Also note that this is a Release Candidate (RC1) version of GNS3.If you run into a bug, you can post bugs report at GNS3 forum( under Development -> Bug reports). During my testing, i have not been able to communicate b/w two ASA’s or ASA and a router (in GNS3). Probably,as this release matures, this gotcha will be fixed.If you have been able to fix this, let me know and i will include it in next tutorial.
Enjoy !!!
If you find this tutorial useful,please don’t hesitate to say Thanks.
Related Posts
Tags: 9.10, ASA, asa802-k8.bin, ccie, Cisco, dynamips, GNS3, karmic koala, linux, Qemu, shell script, ubuntu, ubuntu 9.10
Great Tutorial Sir ! Please post more tutorials on JunOS as well.
Hello Tariq Ahmad,
The tutorial is a very good one. Can u please post the Shell Script (first_start.sh). The link which u have given is not working
Thanks in Advance
Kishore
nice work… plz also make a OLIVE Connectivity with GNS3 tutorial..
@Kishore , you should be able to download Shell script now . Thanks !
Is something changed in the final release 0.7? Do we have to make again all these steps?
Hello,
Are they any configuration changes in the gns3 0.7 final release?
thank you
Just curious, will you be making similar videos for windows, preferably windows 7?
With new release, you don’t need to compile and patch Qemu. All other steps are same !
Cheerz
I will post a tutorial on Windows Version setup too though its extremely easy to set this up. All you really need to set is initrd and kernel paths and it should work !
[...] a previous tutorial, i had shown ASA emulation in Ubuntu 9.10 (Linux) . Good news is you no longer need to compile and patch Qemu (its already done for you). You just [...]
Thanks
Hi Tariq,
Is ASDM working okay with your setup? I assume you’re using fiddler to access it.
I seem to be having a problem behind the scenes – I can load ASDM fine and all the options etc. However, if you go to Monitoring -> Logging -> Enable Logging and open the real time log monitor, it doesnt work correctly – you just get a “syslog connection lost” message in the log.
If you view the buffer log instead or have logging console notifications enabled you get a constant stream of the following message –
%ASA-5-402128: CRYPTO: An attempt to allocate a large memory block failed, size: 100, limit: 0.
“The ASA’s explanation to this error message is – An SSL connection is attempting to use more memory than allowed. The request has been denied.
• size—The size of the memory block being allocated
• limit—The maximum size of allocated memory permitted”
I’ve also noticed this message when I’ve attempted to enable the ssl scp server and make a connection using winscp. This makes me think that there is something broken in the emulation. It would be really good if you could confirm whether you have the same issue – if you haven’t then I guess it could be my setup that is flawed.
The only other explanation I can think of is that the real ASA hardware has a built in crypto acceleration module – which of course won’t be emulated by qemu.
I can’t save even i tried the follwing commands
boot config disk0:/.private/startup-config
copy running-config disk0:/.private/startup-config
write
Hi everybody, i have a problem when i try to download qemu-0.11.0-olive.patch from www2.gns3.net/files
someone can post this file please
thank
Is there any alternative to http://www2.gns3.net/files/qemu-0.11.0-olive.patch ?
It does not seem to be working at the moment…
Never mind…saw post on not needing this further up..
Hi Tariq,
Thanks for posting the video. It worked first time on Fedora.
However, I noticed that when I started the ASA on gns3 console, the notice on your guide below did not show and only got the # prompt:
—————-
“This is your first boot, please wait about 1 min and then type the following commands:”
cd /mnt/disk0
/mnt/disk0/lina_monitor
Please note to use the following command under ASA to save your configs:
copy run disk0:/.private/startup-config
——————————————-
The rest worked
Hi Tariq,
Great tutorial. It worked using Fedora.
The only difference was the initial message at the console for the ASA.
Thanks a lot
With all due respect, it is a very nice tutorial and fairly straightforward to follow.
However, it does not work..!!
All I get is the same as Allan, a console connection with a hash prompt. If you try and run the commands:
cd /mnt/disk0
/mnt/disk0/lina_monitor
the response is that there is a memory error.
Is there anyone out there that has actually managed to get this to work..??
I have been on several forums and they are all full of advice and instructions and I have asked this question over and over for multiple platforms.
No one has responded in the positive..!!!
Hi Dave,
Just figured out what the error was. It is to do with creating the FLASH memory.
You’ll need to run the following command:
qemu-img create FLASH 256M
Formatting ‘FLASH’, fmt=raw size=268435456
Once the FLASH is created move it into the asa802 folder.
This is based on henrydu.com website:
http://henrydu.com/blog/how-to/linux/asa-simulation-on-ubunut-qemu-321.html
Hope this helps.
Allan
Trying the Ubuntu option for running an asa..know NOTHING about Linux… Got stuck at sudo apt-get install libncurses5-dev zliblg-dev libpcap-dev
returned error
E: Couldn’t find package zliblg-dev.
I located zlib on the net but dont know how to install or use it…. any help would be appreciated.
Hummm… just found the answer to my problem…
Hello!
I tried to run the cisco asa! Following he video totorial = ( but I have this problems in last lines.. When a run the cisco asa!
Thanks a lot for support!
TIPC: Failed to enable bearer
unable to enable bearer
/etc/init.d/rcS: /etc/init.d/rcS: 13: /asa/scripts/first_star.sh: not found
Please press Enter to activate this console.
#
Man, You could not imagine what you did. You helped me a lot in my studies. I really recommend this tutorial for all whose want an simple and functional help.
Thanks a lot again!!! I’ll spread this article
Best regards.
Thanks a lot for such video.
pls i will like to get a step by step instruction on how to go about extracting the intrd and kernel file, becos i try to guess some commamnd. please i will need a softcopy, send it to my mail if u have.. Nice work u r doing here.. take care
does these steps fit for mac os?
Hello Tariq,
could you please suggest how to simulate ASA on GNS if its installed on Vista
I am facing this problem plz help
asa(config)# interface ethernet 0/0
asa(config-if)# namei
asa(config-if)# nameif inside
ERROR: open(np/port/id/0/-1) failed.
ERROR: open() failed.
ERROR: Failed to initialize interface inside
ERROR: Add interface failed.
asa(config-if)# no shut
asa(config-if)# no shutdown
Failed to change interface status: cannot get channel
asa(config-if)#
ASAP
Very helpful. Used it over and over again.
Many thanks!
Dears,
Most of the software packages are not available in the mentioned sites. May be those are removed. Please update if there is any new sites for
* Qemu-0.11.0 tar.gz (Download Link)
* Qemu-0.11.0 Patch (Download Link)
Regards,
Samad
NS3 : How to emulate ASA in Windows 7? I mean how to get the initrd and kernel files in Windows 7?
thanks
Hi Tariq,
Thank you very much, its same as you save my life man.
Once again thanks a lot.
Hello all,
Can someone please help me get ASA/qemu to work? Originally, I was having issues compiling qemu, but then I updated the zlib files and it compiled successfully. Now, when I run ASA in GNS3 after following all instructions carefully, believe me I’ve spent over 10 hours on this already.. I’m seeing a black window pop-up which appears to be a shell for qemu, and when I try to get into console of the ASA, I’m not seeing the ASA come up.. I’m guessing there is an issue with my image? Someone please help..
Hi All,
So has no-one ever figured out how to make traffic actually go out an ASA interface? Because thats kinda important, kinda pointkless excersise if you can’t make traffic go anywhere. Please help, been struggling and struggling for over a year to make this work.
Hi All,
Managed to get the ASA to start but can’t open console. PIX needs serial and activation code. how about ASA?
Thanks & Regards,
Osama
How to get the initrd and kernel files in Windows 7?
thanks