Vous êtes sur la page 1sur 3

Actually when i was hear first time about ASA , I tried to install and configure ASA into GNS3

0.8x , after that I tried the


same into GNS3 1.x and above , both of them was successful . I had so many problems :
1 - I got an error about qemu couldn't connect on superputty .then everything was good but it couldn't ssh into asa by
superputty . after a huge searching I understand this problem will solve by :
a - ensure about connectivity on step 20 ,
b - delete and recopy the ios files of asa ( asa842-initrd.gz and asa842-vmlinuz )
c - Reinstall GNS3 . specially recopy the ios files was very helpful .

2 - In step 20 , it mentioned the connectivity . I understood the connectivity is directly related to firewall which used on
windows . so you have to make trust the network of loopback .e.g : 10.10.10.0 . I explained it at the end of text about
norton security . you have to do it on your windows firewall .
3 - Two things are very critical : "Kernel cmd line" and "Qemu Option":
I explained them in steps 7,8 in the text about last and prev. GNS3 versions . be carefull .

The main text helped me :


http://www.rehmert.com/2012/12/add-asa-8-42-to-gns3/
Edited by }{4/\/\11)

Add ASA 8.4(2) with ASDM to GNS3 on Windows 7


Dec 9th, 2012 by jrehmert
1. Add a loopback adapter to Windows:
Open a command prompt as Administrator
Enter hdwwiz.exe to open the Add Hardware Wizard
Once the Add Hardware Wizard is open, click Next
Choose Install the hardware that I manually select from a list (Advanced) and click Next
Select Network adapters and click Next
Select Microsoft and Microsoft Loopback Adapter under Manufacturer and Network Adapter respectively,
then click Next
Reboot
2. Download the ASA 8.42 files (asa842-initrd.gz and asa842-vmlinuz) for GNS3 from a reputable source (I got
mine from http://www.mediafire.com/download.php?l010dd0c1nayf0d)
3. Open Edit -> Preferences -> Qemu and click the ASA tab
4. Enter an Identifier name I used asa842
5. Enter 1024 in RAM
6. Enter the paths where you placed the files from step 2 into the designated boxes for Initrd asa842-initrd.gz
and Kernel asa842-vmlinuz
7. Enter the following for Qemu Options for earlier of GNS3 v1.0 :
-vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32
Enter the following for Qemu Options for GNS3 v1.0 and above :
-nographic -cpu coreduo -icount auto -hdachs 980,16,32
8. Enter the following for Kernel cmd line for earlier of GNS3 v1.0 :
-append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600
bigphysarea=65536
If the above kernel command doesnt work try this one :
-append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600
bigphysarea=65536 ide1=noprobe no-hlt -net nic
Enter the following for Kernel cmd line for GNS3 v1.0 and above :
ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600
bigphysarea=65536 ide1=noprobe no-hlt
9. Leave all other options at defaults

10. Click the Save button then click OK


11. Add an ASA to a new project/topology and start it (a terminal window should appear if you used the
defaults for the GNS3 install on Windows 7, then the terminal emulator will be putty)
12. Once the ASA is up, enter enable mode (asked for password , just push enter key) and then enter the
following to activate features:
activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
13. After activation (regardless succeed or not) ,Close the terminal window then Stop the ASA device
14. Add a Cloud Object or Host to the topology and right-click to Configure, selecting the name you used for it
probably C1 if you its the first Cloud Object and you didnt rename it
15. Select the loopback adapter that you created in Step 1 and click the Add button
16. Add an Ethernet switch to the topology and draw a direct connection from the switch to the ASA (ASA must
be stopped) and switch to the Cloud Object . If ASA be started when connecting it to switch, you will
encounter following error: Qemuwrapper doesn't support hot link add
17. Start ( Reload ) the ASA device
18. In the ASA console:
config t
int gi 0
ip address 10.10.10.1 255.255.255.0
nameif management
no shut
19. Open Network and Sharing Center in Windows and change the IP of the loopback adapter to 10.10.10.2/24.
20. Ping the Windows loopback adapter from the ASA firewall to test connectivity. If you cant, see the BLUE
notes below
21. If you dont already have a tftp server installed, then install one. I use the free one from Solarwinds, but
there are a few other good options.
22. If you dont already have the ASDM, then download it from Cisco or another reputable source.
23. Run the tftp server and configure it to define storage (TFTP Server Root Directory) , for example c:\TFTPRoot folder . Then copy/paste the ASDM bin file into that folder .
24. In the ASA console, copy the ASDM bin file to flash on the ASA:
copy tftp://10.10.10.2/asdm-715-100.bin flash
25. Set the ASA to load the ASDM during the next boot
config t (if youre not already in config mode)
asdm image flash:asdm-715-100.bin
http server enable
http 10.10.10.2 255.255.255.255 management
username <user of your choice> password <password of your choice> privilege 15
26. Reboot the ASA to ensure the ASDM image is loaded during boot.
27. Browse to https://10.10.10.1 using the browser of your choice and click the Install ASDM Launcher button to
download and install the ASDM app from the ASA.
28. Enjoy!
Note: Just for giggles, I ran through these exact instructions on my now Windows 8.1 laptop running GNS3 0.8.6
all-in-one and it worked without a hitch!
-Notes for STEP 7, 8 :

Kernel command line


ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
ide1=noprobe no-hlt
Aditional setting Options
-nographic -cpu coreduo -icount auto -hdachs 980,16,32
-Notes for STEP 20 :
For those running into networking problems probably cant ping the loopback from the ASA or vice versa check
Windows Firewall and make sure the IP addresses you use are not in use on other segments in your own routed
network
For Norton Internet Security : Settings>Network Tab>Small Firewall>Configure Advanced Settings>Configure
Traffic Rules>ADD>Allow, to and from, Only the computers and sites listed below, Add, Using a network address,
10.10.10.0, 255.255.255.0, OK, All protocols, Check the Create a Security History log entry, Name it
Loopback:in/out, Finish > then Move Up this rule to above other rules in first of list .