Thursday , July 29 2021

How to emulate CISCO ASA 8.4 firewall with GNS3 1.x

Muhammad Attique February 14, 2015 Information Security, Network Admin Leave a comment 4,131 Views

In this blog post, I will demonstrate how to emulate CISCO ASA 8.4 firewall with GNS3 1.x and QEMU Emulator.
In this procedure, I’ll be using following Binary IOS images:

->    asa842-k8.bin
->    asdm-645-206.bin

Get the required IOS Binary Images:

You may copy these from CISCO hardware ASA device using following commands:

# enable
# copy flash: tftp:
> provide file to send to TFTP Server
> provide tftp server’s ip here
> just press enter to copy with same name.

– Use same procedure for both Binary images.
Else, you may download from CISCO website using registered authorized account.

Unpack the IOS Images:

To use these Binary images with GNS3, we need to Unpack ASA IOS binary image “asa842-k8.bin”, I’ll use a script developed by a user “dmz” from 7200emu.hacki forum. You can download script from link given below:
Download repack.v4.sh

– Copy downloaded Script “repack.v4.sh.gz” and “asa842-k8.bin”  binary IOS image to linux instance. I’ll be using CentOS 7.

– I have placed both files in /usr/local/src directory.

# cd /usr/local/src
# gunzip repack.v4.sh.gz
# chmod +x repack.v4.sh

asa-1 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 1

Keep in mind, the script as well as IOS binary image must be in SAME DIRECTORY…!
# ./repack.v4.sh asa842-k8.bin
– Now let it finish. It will generate following shown files:
asa842-vmlinuz – extracted kernel
asa842-initrd-original.gz – original extracted initrd
asa842-initrd.gz – patched initrd

– Among these, we need

asa842-vmlinuz – extracted kernel
asa842-initrd.gz – patched initrd

asa-2 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 2

– copy these two files to GNS3 Images Directory.

NOTE:  If facing Error:

# ./repack.v4.sh asa842-k8.bin
Repack script version: 4
which: no xxd in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
which: no mkisofs in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
ERROR: xxd command not found

Solution:      Install ‘vim’ or ‘vim-enhanced’ package to get it
     # yum install vim -y

Configure GNS3 to use ASA Firewall in topologies:

– Goto:

Edit   >   Preferences

asa-3 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 3

– On Preferences window, click:
“QEMU VMs”   >   “New”
Add:
– Name:     Any Name for ASA device, I’ll give “ASA1”
– Select “ASA 8.4(2)” from Drop Down Menu.

asa-4 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 4

Next:
– Assign RAM for ASA Device.

asa-5 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 5

Next:
– Browse “asa842-initrd.gz” file for “Initial RAM disk” option.
– Browse “asa842-vmlinuz” file for “Kernel Image” option.

asa-7 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 7

Finish.

– Create new topology, Drag ASA1 Icon to work space and make some topology, I’ll create topology for two ASA firewalls with on VirtualBox XP VM connected via Ethernet switch as shown below:

asa-8 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 8

Add ASDM image to ASAs in topology:

– Start first ASA device.
– console it
– Assign IP to ASA interface of same network as of XP VMBox Instance, in my scenario, it is 10.0.0.0/24 network.

> enable
– just press enter when asked for “Password”, as there’s not set any.
# configure terminal
# show int ip brief                //show present interfaces.
# interface g0                    //I’ve connect g0 interface with switch.
# no shutdown
# ip address 10.0.0.1 255.255.255.0            //assign IP to g0 interface
# nameif inside                                //Assign this interface to “Inside” network of firewall.
– Start TFTP Server on XP VMBox instance. I’m using TFTP64.exe file, it is free and awesome. Start it, copy “asdm-645-206.bin” file to Root of TFTP Server, path must be shown on its screen.
– Copy ASDM into ASA firewall in GNS3:
# ping 10.0.0.5                        //ping and confirm access to TFTP Server XP instance from ASA firewall.
# copy tftp: flash:
> provide tftp server ip, 10.0.0.5
> give file name to copy, asdm-645-206.bin
> just press enter to save with same filename.
– it will start copy.
– Enable HTTPS server on ASA firewall to be accessed from Inside Network:
# configure terminal
# http server enable                //Enable HTTP/S server.
# http 0 0 inside                    //Allow HTTP/S access from any host from Inside network interface.
– Access ASDM from XP VMBox instance.
https://10.0.0.1
– Just select “OK” when asked for user credentials, as we’ve not configured any user on ASA yet.

asa-6 How to emulate CISCO ASA 8.4 firewall with GNS3 1.x asa 6 1024x473

– Done,

Tags

About Muhammad Attique

Check these out :)

Installing & Configuring OpenVPN Client on Kali Linux

In this blog post, I am going to install and configure OpenVPN client on Kali …

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.

It's My Bee-Log :)
© Copyright 2021, All Rights Reserved