In this blog post, I will demonstrate how to emulate CISCO ASA 8.4 firewall with GNS3 1.x and QEMU Emulator.
In this procedure, I’ll be using following Binary IOS images:
-> asdm-645-206.bin
Get the required IOS Binary Images:
You may copy these from CISCO hardware ASA device using following commands:
# copy flash: tftp:
> provide file to send to TFTP Server
> provide tftp server’s ip here
> just press enter to copy with same name.
– Use same procedure for both Binary images.
Else, you may download from CISCO website using registered authorized account.
Unpack the IOS Images:
To use these Binary images with GNS3, we need to Unpack ASA IOS binary image “asa842-k8.bin”, I’ll use a script developed by a user “dmz” from 7200emu.hacki forum. You can download script from link given below:
Download repack.v4.sh
– Copy downloaded Script “repack.v4.sh.gz” and “asa842-k8.bin” binary IOS image to linux instance. I’ll be using CentOS 7.
# cd /usr/local/src
# gunzip repack.v4.sh.gz
# chmod +x repack.v4.sh
asa842-initrd-original.gz – original extracted initrd
asa842-initrd.gz – patched initrd
– Among these, we need
asa842-initrd.gz – patched initrd
– copy these two files to GNS3 Images Directory.
NOTE: If facing Error:
# ./repack.v4.sh asa842-k8.bin
Repack script version: 4
which: no xxd in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
which: no mkisofs in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
ERROR: xxd command not found
Solution: Install ‘vim’ or ‘vim-enhanced’ package to get it
# yum install vim -y
Configure GNS3 to use ASA Firewall in topologies:
Edit > Preferences
“QEMU VMs” > “New”
Add:
– Name: Any Name for ASA device, I’ll give “ASA1”
– Select “ASA 8.4(2)” from Drop Down Menu.
– Assign RAM for ASA Device.
– Browse “asa842-initrd.gz” file for “Initial RAM disk” option.
– Browse “asa842-vmlinuz” file for “Kernel Image” option.
– Create new topology, Drag ASA1 Icon to work space and make some topology, I’ll create topology for two ASA firewalls with on VirtualBox XP VM connected via Ethernet switch as shown below:
Add ASDM image to ASAs in topology:
– Start first ASA device.
– console it
– Assign IP to ASA interface of same network as of XP VMBox Instance, in my scenario, it is 10.0.0.0/24 network.
– just press enter when asked for “Password”, as there’s not set any.
# configure terminal
# show int ip brief //show present interfaces.
# interface g0 //I’ve connect g0 interface with switch.
# no shutdown
# ip address 10.0.0.1 255.255.255.0 //assign IP to g0 interface
# nameif inside //Assign this interface to “Inside” network of firewall.
– Copy ASDM into ASA firewall in GNS3:
# copy tftp: flash:
> provide tftp server ip, 10.0.0.5
> give file name to copy, asdm-645-206.bin
> just press enter to save with same filename.
– it will start copy.
# http server enable //Enable HTTP/S server.
# http 0 0 inside //Allow HTTP/S access from any host from Inside network interface.
– Done,
