(6 votes, average: 4.00 out of 5)
Loading ...Tue 2 Mar 2010
GNS3 : How to emulate ASA in Windows 7
Posted by Tariq Ahmad under ASA , GNS3 , GNS3 video tutorials , PIX firewall[51] Comments
Email This Post
In a previous tutorial, i had shown ASA emulation in Ubuntu 9.10 (Linux) . Good news is you no longer need to compile and patch Qemu (its already done for you). You just need to build initrd and linux kernel from ASA binary, set path to them in GNS3 preferences and you are all set. If you are installing in Ubuntu, follow the previous tutorial (just skip the compilation and patching section).
If you are installing GNS3 in any of Windows flavour e.g Windows XP , Windows Vista or Windows 7 , its super super easy. So, i decided not to create any video tutorials and rather just show you the screenshots so that you can set it up in less than a minute provided you have already built necessary files (initrd and linux kernel ). If you haven’t built them yet, see previous tutorial.
Here are the quick Steps:- (Click on Screenshots to enlarge Image)
NOTE : Software Versions are :
- GNS3 v0.7
- Windows 7 (64-bit) Home Premium
- ASA 8.0(2) Binary
1. Download & Install GNS3 (next , next , finish stuff)
2. Navigate to GNS3 Preferences -> Qemu -> General Settings tab and Hit Test button to make sure paths to qemuwrapper, qemu and qemu-img are set properly( default setting should work just fine)
3. Navigate to GNS3 Preferences -> Qemu -> ASA tab and set initrd and kernel paths
4. Drag and Drop ASA into workspace.
5. Start ASA and console into it .
Thats all ! Enjoy !
If you liked this tutorial ,don't hesitate to buy me a Cup of Coffee today !
Loading ...
March 2nd, 2010 at 10:56 pm
Great Writeup ! You are awesome man.
March 3rd, 2010 at 9:40 am
I am also start the ASA in Windows but can’t enable the interface, such as (int e0/0 and then “no shutdown”). It showed that cannot get channel.
March 3rd, 2010 at 11:20 am
Hi Tariq,
Is ASDM working okay with your setup? I assume you’re using fiddler to access it.
I seem to be having a problem behind the scenes – I can load ASDM fine and all the options etc. However, if you go to Monitoring -> Logging -> Enable Logging and open the real time log monitor, it doesnt work correctly – you just get a “syslog connection lost” message in the log.
If you view the buffer log instead or have logging console notifications enabled you get a constant stream of the following message –
%ASA-5-402128: CRYPTO: An attempt to allocate a large memory block failed, size: 100, limit: 0.
“The ASA’s explanation to this error message is – An SSL connection is attempting to use more memory than allowed. The request has been denied.
• size—The size of the memory block being allocated
• limit—The maximum size of allocated memory permitted”
I’ve also noticed this message when I’ve attempted to enable the ssl scp server and make a connection using winscp. This makes me think that there is something broken in the emulation. It would be really good if you could confirm whether you have the same issue – if you haven’t then I guess it could be my setup that is flawed.
The only other explanation I can think of is that the real ASA hardware has a built in crypto acceleration module – which of course won’t be emulated by qemu.
March 4th, 2010 at 5:17 am
Hi All,
Can any one explian how to build initrd and linux kernel for WinXP before we start configuring Qemu. I am facing difficulties in doing this on WinXP.
I Would appreciate the help.
Shafat Bilal
March 5th, 2010 at 1:50 pm
Hi Paulc,
What does fiddler accomplish for you in accessing the asdm when emulated?
Thanks,
Seth
March 6th, 2010 at 5:23 am
Hi there,
I’m really struggling with connectivity with ASA and other devices/cloud.
I’ve tried Gns3 in Ubuntu and Windows but still can’t get further then ASA internal interfaces.
ARPA says “incomplete” all the time.
Some hints would be greatly appreciated.
Dario
March 7th, 2010 at 2:46 am
Hai Tariq,
Same problem as posted by Vanbrugh
Can neither enable interface nor nameif command.
Failed to change interface status: cannot get channel
March 7th, 2010 at 2:50 pm
Hi ALL,
plz any one explian how to build initrd and linux kernel for WinXP before we start configuring Qemu.
Regard Tariq Mehmood
March 8th, 2010 at 2:18 am
Hi,
i have the same issue too
Failed to change interface status: cannot get channel
March 11th, 2010 at 7:08 am
Hi Tariq,
I use Cisco image unpacker 0.1 binary for Windows download from the GNS3 website in order to build initrd and kernel for Windows XP
Thanks !!!
March 13th, 2010 at 10:06 pm
After runninig the unpack.exe in winXp i am getting following error message:
C:\Unpack-0.1_win\Unpack>unpack.exe –format ASA8 asa802-k8.bin
‘gzip’ is not recognized as an internal or external command,
operable program or batch file.
The system cannot find the file specified.
Traceback (most recent call last):
File “unpack.py”, line 208, in
File “unpack.py”, line 146, in unpackASA8
File “shutil.pyo”, line 199, in move
File “shutil.pyo”, line 91, in copy2
File “shutil.pyo”, line 46, in copyfile
IOError: [Errno 2] No such file or directory: ‘c:\\docume~1\\ibm\\locals~1\\temp\\tmpty21zl\\vmlinuz’
Please can anybody help what is this error?
Appreciate your help.
March 14th, 2010 at 1:43 am
After runninig the unpack.exe in winXp i am getting following error message:
C:\Unpack-0.1_win\Unpack>unpack.exe –format ASA8 asa802-k8.bin
‘gzip’ is not recognized as an internal or external command,
operable program or batch file.
The system cannot find the file specified.
Traceback (most recent call last):
File “unpack.py”, line 208, in
File “unpack.py”, line 146, in unpackASA8
File “shutil.pyo”, line 199, in move
File “shutil.pyo”, line 91, in copy2
File “shutil.pyo”, line 46, in copyfile
IOError: [Errno 2] No such file or directory: ‘c:\\docume~1\\ibm\\locals~1\\temp\\tmpty21zl\\vmlinuz’
Please can anybody help what is this error?
Appreciate your help.
March 14th, 2010 at 3:22 am
[...] How to emulate ASA in Windows 7 [...]
March 14th, 2010 at 6:36 am
Hi Tariq,
My question is that when i click on the test button(GNS3 Preferences -> Qemu -> General Settings tab)default setting isnot working fine.. it is giving me fail to start qemu so tariq what should i do now?
March 14th, 2010 at 6:57 am
Iam also getting the same error.
C:\Unpack>unpack.exe –format ASA8 asa802-k8.bin
‘gzip’ is not recognized as an internal or external command,
operable program or batch file.
The system cannot find the file specified.
Traceback (most recent call last):
File “unpack.py”, line 208, in
File “unpack.py”, line 146, in unpackASA8
File “shutil.pyo”, line 199, in move
File “shutil.pyo”, line 91, in copy2
File “shutil.pyo”, line 46, in copyfile
IOError: [Errno 2] No such file or directory: ‘c:\\users\\shahul\\appdata\\local
\\temp\\tmpmcxgr5\\vmlinuz’
Kindly help me out
March 15th, 2010 at 1:09 am
put gzip.exe in system32 folder
then it will work
March 17th, 2010 at 7:55 am
@Shahul hameed, Shafat Bilal
or add the path for the location of the gzip executable and reboot windows box for the path to take effect.
March 19th, 2010 at 7:39 am
Hi Tariq,
I am having the same problem , when i am clicking the test button for Qemu, it is giving an error “Failed to start Qemu” even though the path for the Qemu wrapper, Qenu-img are fine.
Please help.
Thanks
Shafat Bilal
March 19th, 2010 at 7:56 am
ciscoasa# config t
ciscoasa(config)# int eth0/0
ciscoasa(config-if)# no shut
Failed to change interface status: cannot get channel
ciscoasa(config-if)#
I am getting this error once i enable the interface. Please help
Thanks
March 20th, 2010 at 6:57 am
Same error on my windows machine:
Failed to change interface status: cannot get channel
thanks
March 21st, 2010 at 8:54 am
Thanks jburgoyne,,
It is working now ,but i am getting this error now
ciscoasa# config t
ciscoasa(config)# int eth0/0
ciscoasa(config-if)# no shut
Failed to change interface status: cannot get channel
ciscoasa(config-if)#
I am getting this error once i enable the interface. Please help
Thanks
March 26th, 2010 at 1:10 am
I have managed to get the ASA running on Windows7. Problem is, I get the following error when I try to configure the interfaces:
ciscoasa# conf t
ciscoasa(config)# int
ciscoasa(config)# interface eth
ciscoasa(config)# interface ethernet 0/1
ciscoasa(config-if)# nam
ciscoasa(config-if)# namei
ciscoasa(config-if)# nameif inside
ERROR: open(np/port/id/1/-1) failed.
ERROR: open() failed.
ERROR: Failed to initialize interface inside
ERROR: Add interface failed.
March 26th, 2010 at 1:48 am
These are the start up errors related to the interface issues on ASA 8.0(2).
Does anyone have a solution to this?
###########################################
Cisco Adaptive Security Appliance Software Version 8.0(2)
Cannot open interface card (media_ethernet/port/id/0)
pix_idb_create: Unable to get link capabilities 0
pix_idb_create: Unable to get nic_stats for port 0
Cannot open interface card (media_ethernet/port/id/1)
pix_idb_create: Unable to get link capabilities 1
pix_idb_create: Unable to get nic_stats for port 1
Cannot open interface card (media_ethernet/port/id/2)
pix_idb_create: Unable to get link capabilities 2
pix_idb_create: Unable to get nic_stats for port 2
Cannot open interface card (media_ethernet/port/id/3)
pix_idb_create: Unable to get link capabilities 3
pix_idb_create: Unable to get nic_stats for port 3
Cannot open interface card (media_ethernet/port/id/4)
pix_idb_create: Unable to get link capabilities 4
pix_idb_create: Unable to get nic_stats for port 4
Cannot open interface card (media_ethernet/port/id/5)
pix_idb_create: Unable to get link capabilities 5
pix_idb_create: Unable to get nic_stats for port 5
March 26th, 2010 at 8:22 pm
How can i get copy of the initrd and linux kernel file so i can emulate ASA. Please can you post it or someone send it to me
cthompson1@gmx.com
March 30th, 2010 at 4:14 am
Hi Tariq,
Please help me in fixing this error for the ASA in GNS3.
I am getting this error:
ciscoasa# config t
ciscoasa(config)# int eth0/0
ciscoasa(config-if)# no shut
Failed to change interface status: cannot get channel
ciscoasa(config-if)#
I am getting this error once i enable the interface. Please help . I will be thankful to you.
Thanks
March 30th, 2010 at 5:01 am
Kman
Go to the GNS3 website (http://www.gns3.net/download) and download the following software (If you’re using Windows):
•Cisco image unpacker 0.1 binary for Windows
Follow the instructions on the readme file on how to unpack your .bin ASA image. This will generate theinitrd and the linux kernel for you
April 3rd, 2010 at 12:41 pm
I’m getting Failed to change interface status: cannot get channel.. when i try to bring a port up.
Please help….
April 4th, 2010 at 5:14 pm
@Tariq and shafqat,
Could you please inform , how did u solve
“qemu start issue”
I have unpacked asa image successfully, and followed all steps but still, I m facing this qemu start issue.
Thanks
April 6th, 2010 at 7:18 am
Hello Tariq,
Great post you’ve got there but you’ve got me hanging.
Your post states that one must have the necessary files initrd and linux kernel for the installation/configuration to be complete for linux does this apply to windows?
If so, why do we have different files associated with windows eg asa802-k.gz & vmlinuz
April 7th, 2010 at 10:42 am
@Khan
I was also getting the same error when i was pressing the start Qemu button in GNS3.But as soon as u add the Kernal and initrd file path to the ASA tab in GNS3 and start the ASA ,Qemu is automatically started. U can see the Qemu.exe started in the prcocesses tab in Task Manager.
But i am not able to enable the interface yet.
@tariq please help in this issue , I will be more than thankful.
Thanks
Shafat Bilal
April 8th, 2010 at 4:58 pm
Did any one resolve the failed channel problem?
“I’m getting Failed to change interface status: cannot get channel.. when i try to bring a port up.”
April 8th, 2010 at 5:10 pm
@Bilal & others , GNS3 has some issues with interface activation.It works flawlessly with Qemu so,try emulating using Qemu unless GNS3 has a fix.Also, post your bugs on GNS3 forum !
April 9th, 2010 at 4:19 am
@tariq
Thanks for the reply. I am using Qemu only with GNS3. But i am using Windows. U want me to use Qemu in Ubuntu 9.10 also?
Please explain this thing to me. Ur reply is very much needed.
Thanks
Bilal Shafat
April 9th, 2010 at 4:25 am
@Bilal,i have/had been able to emulate ASA using GNS3 & interfaces are up & running. You can communicate with network & pass traffic through as you would do normally. Watch for my new blog posts where i will explain steps in detail.
Cheerz
April 10th, 2010 at 9:55 am
All is working well ASA will load but problem is still there when asa load, if i try to configure interface name with (nameif)command or try to give an ip address is shows an error, secondly it shows error when you try to save config. WHAT TO DO ????? Any Solution …..
April 13th, 2010 at 10:20 am
@tariq
Thanks a lot man. I really appreciate ur reply and help. Does that mean i cannot run the ASA in GNS3?
The link u provided seems to be very hard prcedure and i am getting lots of difficulities in this method.Is there any vedio available?
Can u help me man.
Thanks
Bilal Shafat
April 14th, 2010 at 11:04 pm
Hi, where do you place the flash file in windows, I have created the file and placed it in the ASA folder to replace the 256K that gets created by default but the ASA can’t detect it. It shows 0bytes. Any ideas?
Thanks
April 17th, 2010 at 2:20 pm
To all,
Please follow the following explanation to run ASA in gns3. It works for me.
http://www.sadikhov.com/forum/index.php?showtopic=177924
May 1st, 2010 at 5:32 pm
i use vista x86 for gns3 on vista and configure ASA according to you instraction but i am sory this error i face can you help me. Mr Tariq
assetion “_vf_mode_init” file “vf_api.c”, line 99
and again and again reboot
May 4th, 2010 at 6:27 am
Extremely simple method to emulate ASA on “Windows XP” not “Windows 7″. On “Windows 7″ it does not work – using same initrd and kernel for both XP and “Win 7″ , only XP gives me the console. When I console on “Windows 7″, I only get a blank console – I am unable to get that to work no matter what I do. There problably is some bug in qemu for “Windows 7″ that hasn’t been worked out – running everything in compatibility mode for “Windows xp, service pack 3″ under “Windows 7, 64bit” – but console unresponsive. Has anyone gotten the console to work under “Windows 7 – either 32 or 64″?
May 23rd, 2010 at 1:00 pm
I dont have a vmlinuz image.
Where can I get it or how can I create it??
May 26th, 2010 at 1:22 pm
Hi!
Every things fine but when i clicked on console the putty window appears but i can’t see any command prompt i.e #
Its just the black screen with green cursor.
What should i do?
May 30th, 2010 at 4:13 am
Hi!
I am working on small topology with ASA but after assigning the IP to the interface when i run command no shutdown i got error:
Failed to change interface status: cannot get channel
if i try to give name to the same interface i got the following error.
ciscoasa(config-if)# nameif outside
ERROR: open(np/port/id/0/-1) failed.
ERROR: open() failed.
ERROR: Failed to initialize interface outside
ERROR: Add interface failed.
Any suggestion?
Regards,
May 31st, 2010 at 11:28 pm
For all with this issue:
C:\Unpack>unpack.exe –format ASA8 asa802-k8.bin
‘gzip’ is not recognized as an internal or external command,
operable program or batch file.
The system cannot find the file specified.
Traceback (most recent call last):
File “unpack.py”, line 208, in
File “unpack.py”, line 146, in unpackASA8
File “shutil.pyo”, line 199, in move
File “shutil.pyo”, line 91, in copy2
File “shutil.pyo”, line 46, in copyfile
IOError: [Errno 2] No such file or directory: ‘c:\\users\\shahul\\appdata\\local
\\temp\\tmpmcxgr5\\vmlinuz’
Enter this first:
C:\Unpack>PATH=%PATH%;c:\Unpack
Your system needs to know the path to gzip first.
June 5th, 2010 at 10:41 pm
For all of you who are having some troubles emulating ASA on Windows 7 for the console issue, here I’m to give you light.
The problem is that in the general settings in the qemu, in all the references to the host in which the qemu is running it says “localhost” and windows 7 always makes reference to localhost to the ipv6 address.
To solve the issue change the word localhost for 127.0.0.1 that is the ipv4 address of localhost.
With that problem solved!!!!!!!!!!!!
June 7th, 2010 at 2:04 am
Hi,
I’m having the exact same problem as Eme and capricorn.
Does anyone have a solution for this.
Regards,
Luke
June 7th, 2010 at 2:18 am
If you open putty and use telnet protocol, connect to localhost on port 10525, you will get this:
200-At least a module and a command must be specified
Any ideas?
Regards,
Luke
June 16th, 2010 at 8:57 pm
i get uncompressing linux…ok,…booting kernel. and then nothin happens again. can anyone pls help me..thanks
July 2nd, 2010 at 12:33 am
All guys trying ASA.
1)Download gns3 ver 7.2
2)Download Tobie’s custom initrd and kernel file from this blog.http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-2/#comment-878
3)Install gns3
4)Dont change any path in gns3
5)Test qemu and dynamics, This test button works fine.
6)In gns3 Edit,preferences, qemu,asa select path for initrd and kernel which you downloaded already dnt change other settings.
7)Drag your ASA into gns3 and click start.
8)qemu will open dnt close it just minize it
9)Open console ASA will open in putty.
10) Follow this steps.
Cisco ASA with Multiple Security Contexts
==============================================
This is your first boot, please wait about 2 minutes for ‘disk0′ creation
and then execute the following commands inside the Linux prompt:
# cd /mnt/disk0
# /mnt/disk0/lina_monitor
Please note to use the following command under ASA to save your configs:
ciscoasa(config)# boot config disk0:/.private/startup-config
ciscoasa(config)# copy running-config disk0:/.private/startup-config
To get webvpn working, execute the following commands:
ciscoasa# mkdir disk0:/var
ciscoasa# mkdir disk0:/var/log
ciscoasa# mkdir disk0:/csco_config
ciscoasa# mkdir disk0:/csco_config/97
ciscoasa# mkdir disk0:/csco_config/97/webcontent
( Powered by Pedro Flor )
( pedro.flor@gmail.com )
Please press Enter to activate this console.
#
Thats all, Everything works fine ,even SSL vpn. Still ASDM not working without fiddler i am waiting for tobie’s from http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/comment-page-2/#comment-878 reply cos only from him i heard without fiddler i can work with ASDM
July 3rd, 2010 at 1:28 am
Hey I got some problems unpacking the asa802-k8.bin.
############################################
c:\Unpack>unpack.exe –format ASA8 asa802-k8.bin
Der Befehl “gzip” ist entweder falsch geschrieben oder
konnte nicht gefunden werden.
Das System kann die angegebene Datei nicht finden.
Traceback (most recent call last):
File “unpack.py”, line 208, in
File “unpack.py”, line 146, in unpackASA8
File “shutil.pyo”, line 199, in move
File “shutil.pyo”, line 91, in copy2
File “shutil.pyo”, line 46, in copyfile
IOError: [Errno 2] No such file or directory: ‘c:\\users\\thomas\\appdata\\local
\\temp\\tmpcsbbov\\vmlinuz’
############################################
I tried all the mentioned solutions, from putting the gzip.exe in the system32 folder, adding c:\Unpack\gzip.exe to the environmental viariables or running this command in cmd “C:\Unpack>PATH=%PATH%;c:\Unpack”, but still get the same massage.
any thing i can do now ?
July 3rd, 2010 at 8:17 am
I’m getting the same.
Uncompressing Linux… Ok, booting the kernel.
I’ve left it and left it but it’s not budging from there. Tried uninstalling and reinstalling GNS3 but no luck?