Virtual ASA Guide, not sure if someone already has this out there.
PhildoBaggins
Member Posts: 276
I found this junk I had written for some ASA classes I hosted early this year or late last year. These maybe missing a few steps but it will get the job done. Its very handy and I constantly lab ASA items using this setup. I even firewall computers and vpn into myself to test client/ssl/anyconnect etc...
Phillip's ASA/ASDM Virtual GNS3 Setup Guide
Download these files, they will be required for the install. These two asa.zip files should contain different items so please rename one of them when you download.
asa.zip
http://www.gns3.net/download/
asa.zip
Step 1: Open device manager, select the network adapters category. Select action, then add legacy hardware. Choost microsoft, then MS Loopback Adapter.
Step 2: Reboot your pc if neccessary and set your loopback adapters IP address to 10.100.100.100 255.255.255.0
Step 3: Install TFTP Server
Step 4: Install GNS3 0.8.2-BETA2
Step 5: Create GNS folder for images and such
Step 6: Open GNS, go to Preferences and set your project directory and image directory
Step 7: Setup Qemu, Goto ASA
Identifier Name: ASA802
Initrd: asa802-k8.initrd.gz
Kernel: asa802-k8.kernel
Qemu Options: -hdachs 980,16,32 -vnc :1
Kernel Cmd Line: console=ttyS0,9600n8 bigphysarea=16384 auto nousb ide1=noprobe hda=980,16,32
Click Save, Apply, then OK
Identifier Name: ASA842
RAM: 1024 MB
Initrd: asa842-initrd.gz
Kernel: asa842-vmlinuz
Qemu Options: -m 1024 -icount auto -hdachs 980,16,32
Kernel Cmd Line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
Click Save, Apply, then OK
Step 8: Drag an ASA over, select ASA802. Right Click the ASA and click start.
Step 9: Double click the ASA to open the console, it will take a minute to load. Press enter and drop in the following config.
modprobe e1000
ifconfig eth0 hw ether 00:00:AB:CD:10:10
ifconfig eth1 hw ether 00:00:AB:CD:10:11
ifconfig eth2 hw ether 00:00:AB:CD:10:12
ifconfig eth3 hw ether 00:00:AB:CD:10:13
ifconfig eth4 hw ether 00:00:AB:CD:10:14
ifconfig eth5 hw ether 00:00:AB:CD:10:15
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth3 up
ifconfig eth4 up
ifconfig eth5 up
cp /asa/bin/lina /mnt/disk0/lina
cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor
cd /mnt/disk0
/mnt/disk0/lina_monitor
Step 10: The ASA will begin to boot. from here you can setup your configuration. To save the ASA config use the following command:
copy run disk0:/.private/startup-config
Step 11: Drag over another ASA, this time select ASA842
Step 12: Start the ASA842, then double click the ASA
Step 13: The ASA842 may take a few minutes to boot, once its loaded you can utilize the following command to save configuration
wr me
Step 14: Click the stop button on GNS3 to stop the ASAs
Step 15: Drag over a "Cloud"
Step 16: Drag over an "Ethernet Switch"
Step 17: Double click the cloud, select C1, and select the NIO ethernet tab. Choose the MS Loopback adapter, Click Add, Apply, Ok.
Step 18: Use the Middle finger connector tool to connect the cloud and ASAs to the ethernet switch.
Step 19: Click the Start button in GNS3
Step 20: Drop the following commands into the ASA802 (COPY THE EMPTY SPACES)
en
conf t
int e0/0
ip add 10.100.100.2 255.255.255.0
no shut
nameif LAN
sec 100
exit
icmp permit any LAN
ping 10.100.100.100
Step 21: If the pings are successful, then start your TFTP server
Step 22: Run the following command in the ASA802 (press enter through the prompts)
copy tftp://10.100.100.100/asdm-602.bin flash
Step 23: Enter the following commands once ASDM has been written to flash
conf t
enable pass tech@dp
passwd tech@dp
username admin pass tech@dp priv 15
http server enable
aaa authentication http console LOCAL
http 0.0.0.0 0.0.0.0 LAN
Step 24: You can now browse to https://10.100.100.2 to login to ASDM (REMEMBER TO USE THE CUSTOM WR ME FOR ASA802)
Step 25: Start ASA842
Step 26: Double click the ASA842 to open the console, drop in the following config including the empty spaces
en
conf t
int g0
ip add 10.100.100.1 255.255.255.0
no shut
nameif LAN
sec 100
exit
icmp permit any LAN
ping 10.100.100.100
copy tftp://10.100.100.100/asdm-641.bin flash
enable pass tech@dp
passwd tech@dp
username admin pass tech@dp priv 15
http server enable
aaa authentication http console LOCAL
http 0.0.0.0 0.0.0.0 LAN
Step 27: You can now browse to https://10.100.100.1 to login to ASDM (REMEMBER TO USE THE REGULAR WR ME FOR ASA842)
Phillip's ASA/ASDM Virtual GNS3 Setup Guide
Download these files, they will be required for the install. These two asa.zip files should contain different items so please rename one of them when you download.
asa.zip
http://www.gns3.net/download/
asa.zip
Step 1: Open device manager, select the network adapters category. Select action, then add legacy hardware. Choost microsoft, then MS Loopback Adapter.
Step 2: Reboot your pc if neccessary and set your loopback adapters IP address to 10.100.100.100 255.255.255.0
Step 3: Install TFTP Server
Step 4: Install GNS3 0.8.2-BETA2
Step 5: Create GNS folder for images and such
Step 6: Open GNS, go to Preferences and set your project directory and image directory
Step 7: Setup Qemu, Goto ASA
Identifier Name: ASA802
Initrd: asa802-k8.initrd.gz
Kernel: asa802-k8.kernel
Qemu Options: -hdachs 980,16,32 -vnc :1
Kernel Cmd Line: console=ttyS0,9600n8 bigphysarea=16384 auto nousb ide1=noprobe hda=980,16,32
Click Save, Apply, then OK
Identifier Name: ASA842
RAM: 1024 MB
Initrd: asa842-initrd.gz
Kernel: asa842-vmlinuz
Qemu Options: -m 1024 -icount auto -hdachs 980,16,32
Kernel Cmd Line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
Click Save, Apply, then OK
Step 8: Drag an ASA over, select ASA802. Right Click the ASA and click start.
Step 9: Double click the ASA to open the console, it will take a minute to load. Press enter and drop in the following config.
modprobe e1000
ifconfig eth0 hw ether 00:00:AB:CD:10:10
ifconfig eth1 hw ether 00:00:AB:CD:10:11
ifconfig eth2 hw ether 00:00:AB:CD:10:12
ifconfig eth3 hw ether 00:00:AB:CD:10:13
ifconfig eth4 hw ether 00:00:AB:CD:10:14
ifconfig eth5 hw ether 00:00:AB:CD:10:15
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth3 up
ifconfig eth4 up
ifconfig eth5 up
cp /asa/bin/lina /mnt/disk0/lina
cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor
cd /mnt/disk0
/mnt/disk0/lina_monitor
Step 10: The ASA will begin to boot. from here you can setup your configuration. To save the ASA config use the following command:
copy run disk0:/.private/startup-config
Step 11: Drag over another ASA, this time select ASA842
Step 12: Start the ASA842, then double click the ASA
Step 13: The ASA842 may take a few minutes to boot, once its loaded you can utilize the following command to save configuration
wr me
Step 14: Click the stop button on GNS3 to stop the ASAs
Step 15: Drag over a "Cloud"
Step 16: Drag over an "Ethernet Switch"
Step 17: Double click the cloud, select C1, and select the NIO ethernet tab. Choose the MS Loopback adapter, Click Add, Apply, Ok.
Step 18: Use the Middle finger connector tool to connect the cloud and ASAs to the ethernet switch.
Step 19: Click the Start button in GNS3
Step 20: Drop the following commands into the ASA802 (COPY THE EMPTY SPACES)
en
conf t
int e0/0
ip add 10.100.100.2 255.255.255.0
no shut
nameif LAN
sec 100
exit
icmp permit any LAN
ping 10.100.100.100
Step 21: If the pings are successful, then start your TFTP server
Step 22: Run the following command in the ASA802 (press enter through the prompts)
copy tftp://10.100.100.100/asdm-602.bin flash
Step 23: Enter the following commands once ASDM has been written to flash
conf t
enable pass tech@dp
passwd tech@dp
username admin pass tech@dp priv 15
http server enable
aaa authentication http console LOCAL
http 0.0.0.0 0.0.0.0 LAN
Step 24: You can now browse to https://10.100.100.2 to login to ASDM (REMEMBER TO USE THE CUSTOM WR ME FOR ASA802)
Step 25: Start ASA842
Step 26: Double click the ASA842 to open the console, drop in the following config including the empty spaces
en
conf t
int g0
ip add 10.100.100.1 255.255.255.0
no shut
nameif LAN
sec 100
exit
icmp permit any LAN
ping 10.100.100.100
copy tftp://10.100.100.100/asdm-641.bin flash
enable pass tech@dp
passwd tech@dp
username admin pass tech@dp priv 15
http server enable
aaa authentication http console LOCAL
http 0.0.0.0 0.0.0.0 LAN
Step 27: You can now browse to https://10.100.100.1 to login to ASDM (REMEMBER TO USE THE REGULAR WR ME FOR ASA842)
Comments
-
Kreken
Member Posts: 284
Thank you. This is a great post. I just have a couple of questions.
1. It looks like you cannot run 8.2 and 8.4 at the same time. Is there a way around it? I get IRQ conflicts.
2. I didn't look at 8.2 version yet but looking at 8.4 "sh ver" output license information leads me to believe this is 5510 without Security Plus license rather than 5520. Even though it says it is ASA 5520.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Disabled perpetual
VPN-3DES-AES : Disabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 5000 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 0 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5520 VPN Plus license.
Maximum VLANs : 100 perpetual
5520 should have 150 max vlans.
VPN-DES : Disabled perpetual
VPN-3DES-AES : Disabled perpetual
Only 5505 and 5510 require licenses to enable 3DES.
Failover : Disabled perpetual
Again, this is only for 5505 and 5510 disabled without a license.
Edit: Found the solution to #2. You need to apply the following two activation codes to enable the features.
activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
