You are on page 1of 22

topic is updated completely on SEPT/06/2010.

links are released again on


SEPT/22/2010~OCT/01/2010 good luck
if links are expired, ask the members replyed
on SEPT/06/2010 or later
they may have the downloaded files
it is recommanded to read the whole thing
files are new and we need to redownload in step 1, 6, and 7.
it is no need to extract any files to use after the files are
downloaded.
added file asa802-k8-muti.gz vmlinuz asdm-602.bin asdm-
625.bin fiddler2-rule asa802-k8-sing.gz
WARNING: THE USE OF ALL FILES PROVIDED IN THIS
TOPIC ARE ONLY FOR STUDYING

really finally asa with qemu in gns3 goes exactly successfully


in single and multiple mode on windows operation (xp, vista,
7) based on the files provided here, even asdm goes. the asdm
is drama. it can only support a single mode and the admin-
context in mutiple mode, not the non-admin context. however
there is a method you can configure all context in asdm step 6.
in the previous writting, some features of asa cannot
performance. the major reason is of the initrd.gz and kernel
files are different from internet resources. it is not our wrong
configuration. a good news is that i found a good initrd.gz file
on internet a month ago when i started to learn security. this
initrd.gz file has been fixed by a pro linux guy. i guess! it is no
worry, i will provide link to download. this is my own original
writing, hopefully don't copy this writting, but you can tell the
links

all problems to emulate asa with qemu in gns3 on windows


operation (xp, vista, 7) are solved if the initrd.gz and kernel file
from the link on step 1 and 6 are used and follow the steps
here. i tested in vista but i am sure it goes on all windows
operation.
asa can connect any interface of the Ethernet switch and
directly conntect to router;
asa can start;
asa can automatic format flash itself;
asa can ping loopback address,inside, DMZ, and outside
network;
asa can load system startup-config and context startup-config in
multiple mode;
asa can use asdm (supported in any mode and any context)
asa can use ssm (hopefully in a day in the future)
^.^
ready?
step 1-5 is for asa multiple mode (completely tested)
step 6 is for asdm (completely tested)
step 7 is for asa single mode (completely tested)
step 8 is optional adding loopback address for your computer

Last edited by inoagkcu on Fri Oct 01, 2010 3:46 pm, edited 32 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:14 am
step 1 things to get, be caution, and config
Joined: Sun Jul 25,
2010 9:54 pm things we should have:
Posts: 29
gns3 0.7.2 all in one (include dynamips, qemu, putty,
wincap)
the last version download at gns3.net
asa802-k8-muti.gz
http://www.4shared.com/file/IY_RxGta/as ... -muti.html

vmlinuz
http://www.4shared.com/file/n_w3awMA/vmlinuz.html

don't change the name after download

things we pay attention:


run as administrator
turn off window firewall for loopback local area
connection
no vpcs nio udp use

things we setup
my gns3 installed path is C:\Program Files\GNS3
all relative things are C:\Program Files\GNS3
now click into the folder C:\Program Files\GNS3
make two new folders and named the folders as ios and
mywork
copy the downloaded files asa802-k8-muti.gz and
vmlinuz into the folder ios.
turn on gns3
edit->preference
the gernel setting is like the picture gns3-general
now click the QEMU tab on the left pannel
QEMU-General setting is like the picture gns3-qemu-
general
now click the asa tab
QEMU-ASA setting is like the picture gns3-qemu-asa

be sure to click apply button after setting changes


close all relative gns3 process
go step 2

Attachments:
File comment: gns3-general

gns3-general.jpg [ 98.58 KiB | Viewed 2617 times ]


File comment: gns3-qemu-general

gns3-qemu-general.jpg [ 109.63 KiB | Viewed 2366 times ]


File comment: gns3-qemu-asa

gns3-qemu-asa.jpg [ 100.47 KiB | Viewed 2881 times ]

Last edited by inoagkcu on Wed Sep 22, 2010 3:00 pm, edited 6 times in total.

Top
Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:18 am
step 2 drag the topology, initial asa and flash
Joined: Sun Jul 25,
2010 9:54 pm drag the topology:
Posts: 29
turn on the gns3
at the start of gns3
type a project named test and the path automatic shows
check the box "save nvrams and other disk files
(recommended)
check the box "export router configuration files"
click ok
drag the device without comment as the picture
topology-initial

initial asa and flash:


right click on asa1 and choose start
wait for 5 seconds
right click on asa1 again and choose console
now the console will show the below content at the end
line

Please press Enter to activate this console.

press enter button and console show a # sign on the head


we type the command exactly like the below line
and don't press enter button yet
wait for 30 ~ 50 seconds for flash

# /mnt/disk0/lina -m

ok after 30 ~ 50 seconds, press enter button

now the console will go to


ciscoasa>

don't do anything now


go back gns3
right click on asa1 and choose stop
wait for 5 seconds
right click on asa1 and choose start
wait for 5 seconds
right click on asa1 and choose console
the console will go to the asa console directly
and the flash is non-0 size now

ciscoasa>

go step 3

Attachments:
File comment: topology-initial

topology-initial.jpg [ 83.16 KiB | Viewed 1236 times ]

Last edited by inoagkcu on Tue Sep 07, 2010 2:56 pm, edited 5 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:21 am

step 3 save the multiple context


Joined: Sun Jul 25,
2010 9:54 pm configuration
Posts: 29
the saving method or path in gns3 is different from the
one in real world asa.
you should know the saved method in real world
so that you can understand the thing in this step 3
now you can copy the following command to test

ciscoasa> enable
password: (no password initial)
ciscoasa# show flash
ciscoasa# show mode

flash is ready and the mode is multiple now

!!!!!!! create, set, and save context start !!!!!!

ciscoasa# configure terminal


ciscoasa(config)# admin-context owow
Creating context 'owow'... Done. (1)
ciscoasa(config)# context owow
ciscoasa(config-ctx)# config-url
disk0:/.private/owow.cfg

WARNING: Could not fetch the URL


disk0:/.private/owow.cfg
INFO: Creating context with default config
INFO: Admin context will take some time to come
up .... please wait.
ciscoasa(config-ctx)# allocate-interface ethernet0/1
nickname1
ciscoasa(config-ctx)# exit
ciscoasa(config)# changeto context owow

ciscoasa/owow(config)# interface nickname1


ciscoasa/owow(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa/owow(config-if)# ip address 192.168.11.2
255.255.255.0
ciscoasa/owow(config-if)# no shutdown
ciscoasa/owow(config-if)# exit
ciscoasa/owow(config)# copy running-config startup-
config

Source filename [running-config]?


Cryptochecksum: d4c55207 a5df6c15 a0662729
ecd5c70b

1648 bytes copied in 2.300 secs (824 bytes/sec)

here the context startup-config is equal


disk0:/.private/owow.cfg

!!!!!!! create, set, and save context end !!!!!

))) save system startup-config and set the boot path start
(((

ciscoasa/owow(config)# changeto system


ciscoasa(config)# interface ethernet0/1
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# boot config disk0:/.private/startup-
config
WARNING: BOOT variable added, but unable to find
disk0:/.private/startup-config
ciscoasa(config)# copy running-config
disk0:/.private/startup-config

Source filename [running-config]?

Destination filename [/.private/startup-config]?


Cryptochecksum: bb5f2481 3679cef5 df381f51
d9d9bad0

920 bytes copied in 2.340 secs (460 bytes/sec)

))) save system startup-config and set the boot path end
(((

}}}}}} check flash and startup-config start {{{{{

ciscoasa(config)# show flash


--#-- --length-- -----date/time------ path
6 4096 Sep 04 2010 05:41:50 .private
7 0 Sep 04 2010 05:22:51 .private/mode.dat
8 0 Sep 04 2010 05:22:52 .private/DATAFILE
11 1648 Sep 04 2010 05:34:09 .private/owow.cfg
12 4096 Sep 04 2010 05:34:09 .private/owow
13 0 Sep 04 2010 05:34:09 .private/owow/owow.000
14 920 Sep 04 2010 05:41:50 .private/startup-config
9 4096 Sep 04 2010 05:27:21 csco_config
15 4096 Sep 04 2010 05:41:50 boot

262901760 bytes total (237387776 bytes free)

ciscoasa(config)# show startup-config


: Saved
: Written by enable_15 at 00:11:04.550 UTC Tue Nov
30 1999
!
ASA Version 8.0(2) <system>
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface Ethernet0/1
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!

boot config disk0:/.private/startup-config


ftp mode passive
pager lines 24
no failover
no asdm history enable
arp timeout 14400
console timeout 0

admin-context owow
context owow
allocate-interface Ethernet0/1 nickname1
config-url disk0:/.private/owow.cfg
!

prompt hostname context


Cryptochecksum:bb5f24813679cef5df381f51d9d9bad0

here in your system startup-config should have


system boot config path and context config-url

}}}}}} check flash and boot path end {{{{{

be sure to click file-->save in gns3 after the all above


steps
go step 4
Last edited by inoagkcu on Sat Sep 04, 2010 6:14 pm, edited 8 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:23 am

step 4 important return work after save


Joined: Sun Jul 25,
2010 9:54 pm now we have clicked file->save in gns3
Posts: 29
close all gns3 relative process
wait for some seconds
open gns3 again
at the start box
click open a project button
choose and open the test.net
now right click on asa1 and choose start
wait for 5 seconds
right click on asa1 again and choose console
and console goes to

ciscoasa>

i am sure all system and context startup-config load

go step 5

Last edited by inoagkcu on Sat Sep 04, 2010 6:15 pm, edited 4 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:25 am

step 5 problem may comes and optional


Joined: Sun Jul 25,
2010 9:54 pm initial setup
Posts: 29
if asa cannot start or asa flash is 0
three reasons
files may be lock after downloaded, click unlock button
in file property if file is locked
you extract the downloaded files, it is no need to extract
any files to use
you don't follow exactly or read carefully from floor 1~3
topics

if asa cannot ping


seven reasons
be sure to read the things to pay attention on step 1
network interface card in gns3 qemu asa setting is e1000
ip address or netmusk mismatched
no shutdown command apply in both system mode and
context mode.
use the command no nat-control in config mode of each
multiple mode
icmp echo-request, echo-reply, time-exceeded
the loopback ip address was changed after asa start,
connected and save
(you cannot changed the loopback address back after all
started, seems like permanent)

if asa lose the system startup-config at boot


five reasons,
you forget to do in system mode
boot config disk0:/.private/startup-config
copy running-config disk0:/.private/startup-config
click file --> save in gns3
you type the wrong letter
you don't follow the save order (think in logical)

if asa lose the multiple context startup-config at boot


five reasons
you forget to set context initial path in the system mode
config-url disk0:/.private/context.cfg
you forget to save context startup-config in each context
mode
copy running-config startup-config
you forget to click file --> save in gns3
you type the wrong letter
you don't follow the save order (think in logical)

if asa crash after save and reopen


one reason
you may delelte links to asa in gns3 then stop
but it cannot stop
happen in file-->save in gns3
then you continute works
you should restart all realtive with gns3 after the file--
>save

optional initial setup


this setup may reduce error in qemu boot asa
when you click asa console
the console will show some error before the ciscoasa>
show

this step is recommanded add after the end of step 2

ciscoasa> enable
Password: (no password)
ciscoasa# configure terminal
ciscoasa(config)# mkdir disk0:/csco_config

Create directory filename [csco_config]?

Created dir disk0:/csco_config


ciscoasa(config)#
copy the following command to make path,
the first path has been made as the example above.

mkdir disk0:/csco_config
mkdir disk0:/csco_config/97
mkdir disk0:/csco_config/97/customization
mkdir disk0:/csco_config/97/customization/Template
mkdir disk0:/csco_config/97/bookmarks
mkdir disk0:/csco_config/97/bookmarks/Template
mkdir disk0:/csco_config/97/webcontent
mkdir disk0:/csco_config/locale
mkdir disk0:/csco_config/locale/LC_MESSAGES
mkdir disk0:/var
mkdir disk0:/var/log
mkdir disk0:/csco_config/locale/ja
mkdir disk0:/csco_config/locale/ja/LC_MESSAGES
mkdir disk0:/csco_config/locale/fr
mkdir disk0:/csco_config/locale/fr/LC_MESSAGES

after make all path


the flash is like below and i have just add two paths for
example

ciscoasa# show flash


--#-- --length-- -----date/time------ path
6 4096 Sep 04 2010 05:22:52 .private
7 0 Sep 04 2010 05:22:51 .private/mode.dat
8 0 Sep 04 2010 05:22:52 .private/DATAFILE
9 4096 Sep 04 2010 05:23:40 csco_config
10 4096 Sep 04 2010 05:23:40 csco_config/97

262901760 bytes total (237400064 bytes free)


ciscoasa#
all right
multiple context mode completely ends i guess
if you have any problem
of course
reply here
it is time to play asdm

go step 6

Last edited by inoagkcu on Tue Sep 07, 2010 3:04 pm, edited 9 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:28 am

step 6 asdm
Joined: Sun Jul 25,
2010 9:54 pm download these files first
Posts: 29

asdm-625.bin (link is available before SEPT/15/2010)


http://www.4shared.com/file/cBoLC6GH/asdm-
625.html
asdm-602.bin (link is available before SEPT/15/2010)
http://www.4shared.com/file/PZC4uqM_/asdm-
602.html
fiddler2-rule (link is available before SEPT/15/2010)
http://www.4shared.com/document/SdQAkro ...
-rule.html
fiddler2
http://www.fiddler2.com

ok ready
if your computer have only 512 mb memory ram
don't try to do anything in these topics even use gns3
if your computer have 1024 mb memory ram
it is ok, but sometimes not feel good
if your computer have 1024+ one we go.

things we should know:


the asdm embed in asa in gns3 is only supported single
mode
and the admin-context in multiple mode. the method to
support
a non-admin-context in multiple mode is that change the
non-

admin-context to admin-context, after you have


configure that

context with asdm, change it back to a non-admin-


context,
then all contexts can go with asdm.

things we prepare:
of course, the asa must run as well as the steps 1~5 goes.
use the command below in gns3 asa console to
configure asa first

#copy url disk0:/asdm-602.bin


#copy url disk0:/asdm-625.bin

don't question the method to download the asdm bin in


asa flash
asa flash at lease is like
ciscoasa# show flash
--#-- --length-- -----date/time------ path
108 11348300 Sep 05 2010 21:15:42 asdm-621.bin
66 11862220 Sep 05 2010 21:18:04 asdm-625.bin

262901760 bytes total (185982976 bytes free)


the line should be presented in the configuration,

asdm image disk0:/asdm-602.bin (if version asdm-602)


asdm image disk0:/asdm-625.bin (if version asdm-625)

two lines should be presented in each contexts


configuration

http server enable


http allow-ip-address allow-ip-netmusk if-name

things we setup:
---------fiddler setup started--------
download and install fiddler
run fiddler as administrator
all things are now default setting
click Tools and selete Fiddler Options...
click HTTPS tab
check box Capture HTTPS CONNECs
check box Decrypt HTTPS traffic
click ok button
see picture named fiddler-setup
click Rules and selete Customize Rules...
a named CustomRules.js file popup
open the downloaded file fiddler2-rule.txt file
copy all the contents of fiddler2-rule.txt file to all the

contents of popup CustomRules.js file.


here i mean the content of popup file should be the same
as the

one of downloaded file.


close the fiddler2-rule.txt file
close the CustomRules.js file
fiddler give a sound after you close the CustomRules.js
file as

its content changes and the format of the change is


correct, or

else fiddler remind you about wrong grammer format.


---------fiddler setup end--------

------------java setup start---------


click control pannel and find the java icon
double click it
java control pannel comes out
click Network Settings button in the General tab
now a networking proxy setting popup comes
check circle box Use Proxy server
address: localhost port:8888
click advanced button
check the box Use same proxy server for all protocols
click ok button
click ok button
click apply button
click ok button
------------java setup end-----------

^^
all things setup
asa should be start and the qemu boot the asa kernel to
asa

console in gns3 first, then means click asa start and the

ciscoasa> presented in console first


don't close the fiddler
the order is gns3 asa first
then run fiddler after asa start and asa console

now run your web browser


type the following address
https://allocated-ip-address
the allocated-ip-address is the configured one in asa
and the procotol is https, not http
again here should be the admin-context ip address
enter button or go button to go to that address
your web browser must allow popup
your web browser must allow the exception and confirm
the risk

and certificate
after that the asdm web page comes
click Run ASDM button
as each fiddler popup window, click yes button, click ok
button
as java popup window click run
now the asdm launch comes and provide username and
pasword
no initial username or password if you don't configure
click ok button
now it updated software and we are happy
be sure to configure java proxy back to the original after
gns3

work is done

if you are upset and the error comes out


that means you do somethings wrong in steps 1~6
maybe type the wrong letter

i have restarted a new project in gns3


and following the steps
and go nothing wrong
so i promised everthing goes
again change the java proxy back after your gns3 work
is done

Attachments:
File comment: fiddler-setup

fiddler-setup.jpg [ 135.79 KiB | Viewed 728 times ]


File comment: java-setup

java-setup.jpg [ 133.39 KiB | Viewed 544 times ]


File comment: asdm

asdm.jpg [ 123.67 KiB | Viewed 490 times ]


Last edited by inoagkcu on Sun Sep 12, 2010 10:33 pm, edited 10 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:29 am

step 7 it is for single mode only


Joined: Sun Jul 25,
2010 9:54 pm things we need:
Posts: 29
asa802-k8-sing.gz (link is available before
SEPT/15/2010)
http://www.4shared.com/file/wX_TxIsG/as ... -sing.html

in the single mode is similar with multiple mode in step


1-6
however only the initrd.gz is the different one and as the
qemu boot the kernel
use the single command
# /mnt/disk0/lina_monitor
instead the one
# /mnt/disk0/lina -m

the file provide in the step1 are only for mutiple mode
only
don't try to use it as a single mode

Last edited by inoagkcu on Sun Sep 12, 2010 10:33 pm, edited 12 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
inoagkcu
Posted: Sat Jul 31, 2010 12:48 am

step 8 add loopback address in your


Joined: Sun Jul 25,
2010 9:54 pm comptuer
Posts: 29
go to control pannel
double click add hardware icon
(i am not sure if there is a welcome statement comes)
choose install the hardware that i manually select from a
list (Advanced)
click next
select netwrok adapters in common hardware types
click next
click Microsoft in Manufacturer
click Microsoft Loopback Adapter in Network Adapter
click next
click next
click finish
now you can repeate this step to create more loopback
interface
configure ip address for that loopback
for gns3 works
some times it need to restart window

done!

Last edited by inoagkcu on Mon Sep 06, 2010 7:14 pm, edited 6 times in total.

Top

Post subject: Re: super solution asa with qemu in gns3 on windows
jsk0703
Posted: Sat Jul 31, 2010 5:52 pm
Thank you! This has put an end to my frustration. Previously, I had been able to get
ASA to boot however I could not save my configuration nor could I ping a
Joined: Sun Apr 25, neighboring device. I followed your steps below and now everything works well.
2010 2:32 am
Posts: 1