Sunday, 23 August 2015

Cisco ASA 8.4 on GNS3 - Step By Step Guide

on   in ,      38 comments

Cisco ASA stands for Adaptive Security Appliance.In brief, It is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It can be used as a security solution for both small and large networks. This post is applicable for adding any versions of Cisco ASA 8.2,8.3,8.4 on GNS3.

Before we begin.,Please make sure that you have below items in your machine.

1.Download & Install GNS3
http://www.gns3.net/download

2.Cisco ASA 8.4 ISO image(valid)
http://www.mediafire.com/download.php?ssadit26tl3llms
or
https://rapidshare.com/files/2538881267/asa.zip

Now Let's assume that, you have installed GNS3 on your machine.

Steps to be Followed,
Step 1:- Download the ASA image & Extract them. Copy the extracted image & Paste them to GNS3 Images Directory.

Ex: C:\Users\<user name>\GNS3\images\

Step 2:-  Open GNS3 --> go to edit---> Preferrence ----> QEMU---> QEMU VMs

Step 3:- Click New ---->Select QEMU VM type ---> ASA 8.4(2) ----> Next Button.




                                              
Step 4:-  Give whatever name you want to assign to ASA.




Step 5:- Assign RAM size for the ASA. (>=1024MB)



Step 6:- Browse the Boot ISO files, which we have pasted in GNS3 images Directory.



Step 7 :-  Press Ok, Then Drag Cisco ASA Image to Workspace.

Step 8 :- Right Click ASA image ----> Press Start button.



Step 9:- Go to Console view-->  If everything is perfect, It will start booting. In case any issues, add your comments.  After booting process, it will go to enable prompt of ASA.

Step 10:- Type enable ---> and press enter, in the password prompt. To check the Cisco ASA version & License Information. Type " Show Version" Command.

 

Step 11:- Now ASA is loaded with Default License Key, which has limited features. Issue the following commands, to install the New License Key.

Step 12:- Go to Configure Terminal ---> type "activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6" ---------> Write -----> Reload.



Step 13:- Wait for 15-20 mins roughly, it could take more time. During the reboot, it will take some more time for Key Validation Phase. Wait for some time.

Step 14:- Now Your ASA is ready with the New License Installed.



That's All Guys..!! If you face any issues in the process, do let me know..!!

Share:

38 comments:

  1. Unknown30 August 2015 at 23:14

    good mad

    ReplyDelete
  2. carlos28 November 2015 at 21:00

    plis, you can upload the asa ios.

    ReplyDelete
    Replies
    1. Unknown10 December 2015 at 09:21

      Sorry for the late response, Still the below link is valid mate,

      http://www.mediafire.com/download.php?ssadit26tl3llms

      Delete
  3. Unknown6 December 2015 at 15:55

    it shows: failed to retrieve permanent activation key

    ReplyDelete
    Replies
    1. Unknown10 December 2015 at 09:16

      after that output:failed to retrieve permanent activation key, Wait for 10-15 mins, @Salim, After that it itself will get activated. Let me know if any issues occurs.

      Delete
  4. Anonymous20 January 2016 at 09:37

    But after closing it and opening it again, the key is gone even after saving the config using write command.

    ReplyDelete
  5. Unknown25 February 2016 at 22:28

    Hello every one, where can i get the new dumps for ccnp security free download

    thank

    ReplyDelete
  6. Unknown5 April 2016 at 20:04

    Hi man
    thks for this tuto
    i have a problem here.
    this is what i saw on the first show version

    Licensed features for this platform:
    Maximum Physical Interfaces : Unlimited perpetual
    Maximum VLANs : 100 perpetual
    Inside Hosts : Unlimited perpetual
    Failover : Disabled perpetual
    VPN-DES : Disabled perpetual
    VPN-3DES-AES : Disabled perpetual
    Security Contexts : 0 perpetual
    GTP/GPRS : Disabled perpetual
    AnyConnect Premium Peers : 5000 perpetual
    AnyConnect Essentials : Disabled perpetual
    Other VPN Peers : 5000 perpetual
    Total VPN Peers : 0 perpetual
    Shared License : Disabled perpetual
    AnyConnect for Mobile : Disabled perpetual
    AnyConnect for Cisco VPN Phone : Disabled perpetual
    Advanced Endpoint Assessment : Disabled perpetual
    UC Phone Proxy Sessions : 2 perpetual
    Total UC Proxy Sessions : 2 perpetual
    Botnet Traffic Filter : Disabled perpetual
    Intercompany Media Engine : Disabled perpetual


    And the new show version


    Licensed features for this platform:
    Maximum Physical Interfaces : Unlimited perpetual
    Maximum VLANs : 100 perpetual
    Inside Hosts : Unlimited perpetual
    Failover : Disabled perpetual
    VPN-DES : Disabled perpetual
    VPN-3DES-AES : Disabled perpetual
    Security Contexts : 0 perpetual
    GTP/GPRS : Disabled perpetual
    AnyConnect Premium Peers : 5000 perpetual
    AnyConnect Essentials : Disabled perpetual
    Other VPN Peers : 5000 perpetual
    Total VPN Peers : 0 perpetual
    Shared License : Disabled perpetual
    AnyConnect for Mobile : Disabled perpetual
    AnyConnect for Cisco VPN Phone : Disabled perpetual
    Advanced Endpoint Assessment : Disabled perpetual
    UC Phone Proxy Sessions : 2 perpetual
    Total UC Proxy Sessions : 2 perpetual
    Botnet Traffic Filter : Disabled perpetual
    Intercompany Media Engine : Disabled perpetual

    This platform has an ASA 5520 VPN Plus license.

    I can see that the VPN FAILOVER or context are same
    can i have your help for this issue.

    ReplyDelete
  7. Unknown7 April 2016 at 14:24

    activation key is not working....................

    ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
    Validating activation key. This may take a few minutes...
    Failed to retrieve permanent activation key.

    massage display.....................help me

    ReplyDelete
  8. Unknown19 April 2016 at 12:31

    ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
    Validating activation key. This may take a few minutes...
    Failed to retrieve permanent activation key.



    i am also getting this, please help

    ReplyDelete
  9. SUDEB DAS24 April 2016 at 01:20

    https://gns3.com/qa/how-to-run-asa-on-gns3-running-a

    ReplyDelete
  10. Unknown13 May 2016 at 09:58

    Thanks for the post. Very helpful sir

    ReplyDelete
  11. Unknown20 May 2016 at 14:24

    Is it possible to make this activation permanent ? means to when we started GNS3 ASA it will be activated...

    Please reply.

    ReplyDelete
  12. Richard26 May 2016 at 11:10

    Hi guys,

    I need some help. After a press the Start/Play button, I am getting the following error message in the console:

    => Server error [-3200] from 127.0.0.1:8000: ASA1: Could not create disk image [Errno 2] No such file or directory: '/usr/local/bin/qemu-img'

    Not sure what this means. I'm on a Macbook with OSX 10.9.5.

    Thanks for the help in advance!!

    ReplyDelete
  13. amin9 June 2016 at 01:58

    Activation key working fine. But has to do same every time whenever using ASA

    ReplyDelete
  14. Unknown14 June 2016 at 16:26

    GNS3 management console.
    Running GNS3 version 1.4.6 on Windows (64-bit) with Python 3.4.3 Qt 5.5.1.
    Copyright (c) 2006-2016 GNS3 Technologies.
    Use Help -> GNS3 Doctor to detect common issues.

    => Warning: Warning ASA 8 is not officialy supported by GNS3 and Cisco, we recommend to use ASAv. Depending of your hardware this could not work or you could be limited to one instance.
    Error: QEMU process has stopped, return code: 1
    Start QEMU with 'C:\Program Files\GNS3\qemu-0.11.0\qemu.exe' -name ASA-1 -m 1024M -smp cpus=1 -boot order=c -drive 'file=C:\Users\AZEEZ_PC\GNS3\projects\c63ad4c4-2f83-47a9-a66f-3337c724c129\project-files\qemu\d633cd7c-8343-4072-9fda-65c1e0032e6d\hda_disk.qcow2,if=ide,index=0,media=disk' -initrd 'C:\Users\AZEEZ_PC\GNS3\images\QEMU\asa842-initrd' -kernel 'C:\Users\PAUL\GNS3\images\QEMU\asa842-initrd' -append 'ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 ide1=noprobe no-hlt -net nic' -serial telnet:127.0.0.1:2000,server,nowait -monitor tcp:127.0.0.1:54252,server,nowait -net none -net nic,vlan=0,macaddr=00:00:ab:2e:6d:00,model=e1000 -net nic,vlan=1,macaddr=00:00:ab:2e:6d:01,model=e1000 -net nic,vlan=2,macaddr=00:00:ab:2e:6d:02,model=e1000 -net nic,vlan=3,macaddr=00:00:ab:2e:6d:03,model=e1000 -icount auto -hdachs 980,16,32 -vga none -vnc none

    Execution log:

    ReplyDelete
  15. Unknown19 June 2016 at 03:27

    Unknown you need to use qemu-system-i386 as the emulator. You need to edit the configutation of your ASA device to do it.

    ReplyDelete
  16. Unknown19 July 2016 at 23:50

    Thanks, It works fine but after the reload ti asks for Enable password

    ReplyDelete
  17. Unknown5 August 2016 at 09:11

    I am getting Qemu.exe error closed!! .Kindly help me to resolve it.

    ReplyDelete
  18. Unknown26 August 2016 at 03:04

    I am getting error as restarting ASA within 4sec..like this repeating process..

    Please help me to resolve this

    ReplyDelete
  19. Unknown17 September 2016 at 15:01

    Hi got the below message
    ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
    Validating activation key. This may take a few minutes...
    Failed to retrieve permanent activation key.

    ReplyDelete
  20. Unknown25 September 2016 at 19:16

    Hi Looks like the ASA image locations are no longer in use, i see it blocked. Can you please share the location where i can get that ?

    ReplyDelete
  21. Unknown25 September 2016 at 19:25

    It's working after FW reboot, thanks a lot

    ReplyDelete
  22. Unknown6 December 2016 at 17:47

    Dear Team,

    I want to download image ASA for my GNS3 lab. So, please kindly help to share me :)

    ReplyDelete
  23. Unknown22 December 2016 at 17:14

    Server error from http://127.0.0.1:3080: asa-1: hda disk image 'C:/Users/Conventus-PC4/GNS3/images/QEMU/asa-hda.qcow2' is not accessible
    Warning: "asa-1" requires 1024MB of RAM to run but there is only 958MB

    ReplyDelete
  24. Unknown22 December 2016 at 17:20

    showing this error

    ReplyDelete
  25. Manish Papnai12 January 2017 at 10:14

    Show switch vlan command is not showing any output

    ReplyDelete
  26. Unknown13 January 2017 at 19:53

    my Asa keep on rebooting itself..
    can anyone Helps please ?

    ReplyDelete
  27. akhil26 January 2017 at 10:05

    grep: /mnt/disk0/.private/startup-config: No such file or directory
    Starting Likewise Service Manager
    Processor memory 851443712, Reserved memory: 62914560




    then my ios gets restart again and shows following message


    REBOOT: open message queue fail: No such file or directory/2
    REBOOT: enforce reboot...
    Restarting system.
    machine restart

    ReplyDelete
  28. Anonymous26 January 2017 at 20:34

    Hi Team,

    I want to install Asdm image for ASA 8.4 my GNS3 lab. So,I installed ASA 8.4.its working fine.

    please kindly help to share me :)

    ReplyDelete
  29. Unknown6 March 2017 at 06:04

    stuck on "Unpacking initramfs..."

    ReplyDelete
  30. Unknown6 March 2017 at 06:04

    on first boot, any ideas?

    ReplyDelete
  31. Unknown6 March 2017 at 06:16

    NVM its running now but key did not activate

    ReplyDelete
  32. Anonymous8 March 2017 at 23:03

    when i try to write command after typing activation key it showing me not enough space

    ReplyDelete
  33. Anonymous30 March 2017 at 16:36

    it is not loaded , please help me anyone

    ReplyDelete
  34. Anonymous30 March 2017 at 16:46

    Allocating PCI resources starting at 50000000 (gap: 40000000:bffc0000)
    Built 1 zonelists in Zone order, mobility grouping on. Total pages: 259996
    Kernel command line: ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 ide1=noprobe no-hlt
    Enabling fast FPU save and restore... done.
    Enabling unmasked SIMD FPU exception support... done.
    Initializing CPU#0
    PID hash table entries: 2048 (order: 11, 8192 bytes)
    Fast TSC calibration using PIT
    Detected 999.976 MHz processor.
    Console: colour dummy device 80x25
    console [ttyS0] enabled
    Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
    Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
    allocated 5242820 bytes of page_cgroup
    please try cgroup_disable=memory option if you don't want
    Memory: 767192k/1048564k available (1715k kernel code, 279900k reserved, 623k data, 156k init, 630780k highmem)
    virtual kernel memory layout:
    fixmap : 0xfffed000 - 0xfffff000 ( 72 kB)
    pkmap : 0xff800000 - 0xffc00000 (4096 kB)
    vmalloc : 0xf7ffe000 - 0xff7fe000 ( 120 MB)
    lowmem : 0xde000000 - 0xf77fe000 ( 407 MB)
    .init : 0xde34c000 - 0xde373000 ( 156 kB)
    .data : 0xde2acca6 - 0xde348938 ( 623 kB)
    .text : 0xde100000 - 0xde2acca6 (1715 kB)
    Checking if this processor honours the WP bit even in supervisor mode...Ok.
    Calibrating delay loop (skipped), value calculated using timer frequency.. 1999.95 BogoMIPS (lpj=999976)
    Security Framework initialized
    Mount-cache hash table entries: 512
    Initializing cgroup subsys cpuacct
    Initializing cgroup subsys memory
    CPU: L1 I cache: 32K, L1 D cache: 32K
    CPU: L2 cache: 4096K
    CPU: Intel QEMU Virtual CPU version 0.13.0 stepping 03
    Checking 'hlt' instruction... disabled
    Freeing SMP alternatives: 0k freed
    net_namespace: 668 bytes
    NET: Registered protocol family 16
    PCI: PCI BIOS revision 2.10 entry at 0xffe77, last bus=0
    PCI: Using configuration type 1 for base access
    bio: create slab at 0
    PCI: Probing PCI hardware
    pci 0000:00:01.3: quirk: region b000-b03f claimed by PIIX4 ACPI
    pci 0000:00:01.3: quirk: region b100-b10f claimed by PIIX4 SMB
    pci 0000:00:01.0: PIIX/ICH IRQ router [8086:7000]
    NET: Registered protocol family 2
    IP route cache hash table entries: 16384 (order: 4, 65536 bytes)
    TCP established hash table entries: 65536 (order: 7, 524288 bytes)
    TCP bind hash table entries: 65536 (order: 6, 262144 bytes)
    TCP: Hash tables configured (established 65536 bind 65536)
    TCP reno registered
    NET: Registered protocol family 1
    Unpacking initramfs...<0>Kernel panic - not syncing: bad gzip magic numbers

    iam struck here plese help

    ReplyDelete
  35. Anonymous8 May 2017 at 19:50

    BELOW DETAILS I CAN SEE AFTER THAT I ASA FIREWALL IS NOT SHOWING WHEN I POWER ON FIREWALL


    Message #177 : Restricted Rights Legend

    Message #178 : Use, duplication, or disclosure by the Government is
    Message #179 : subject to restrictions as set forth in subparagraph
    Message #180 : (c) of the Commercial Computer Software - Restricted
    Message #181 : Rights clause at FAR sec. 52.227-19 and subparagraph
    Message #182 : (c) (1) (ii) of the Rights in Technical Data and Computer
    Message #183 : Software clause at DFARS sec. 252.227-7013.

    Message #184 : Cisco Systems, Inc.
    Message #185 : 170 West Tasman Drive
    Message #186 : San Jose, California 95134-1706

    Message #187 :
    INFO: Power-On Self-Test in process.
    Message #188 : .Message #189 : .Message #190 : .Message #191 : .Message #192 : .Message #193 : .Message #194 : .Message #195 : .Message #196 : .Message #197 : .Message #198 : .Message #199 : .Message #200 : .Message #201 : .Message #202 : .Message #203 : .Message #204 : .Message #205 : .Message #206 : .Message #207 : .Message #208 : .Message #209 : .Message #210 : .Message #211 : .Message #212 : .Message #213 : .Message #214 : .Message #215 : .REBOOT: open message queue fail: No such file or directory/2
    REBOOT: enforce reboot...
    REBOOT: sending notification fail: Invalid argument/22

    ReplyDelete