- Download the ASA 8.42 files (asa842-initrd.gz and asa842-vmlinuz) for GNS3 from a reputable source (I got mine from http://www.mediafire.com/download.php?l010dd0c1nayf0d)
- Open Edit -> Preferences -> Qemu and click the ASA tab
- Enter an Identifier name – I used “asa842”
- Enter 1024 in RAM
- Enter the following for Qemu Options:
-vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32 - Enter the paths where you placed the files from step 1 into the designated boxes for Initrd and Kernel
- Enter the following for Kernel cmd line:
-append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 - Leave all other options at defaults
- Click the Save button then click OK
- Add an ASA to a new project/topology and start it (a terminal window should appear – if you used the defaults for the GNS3 install on Windows 7, then the terminal emulator will be putty)
- Once the ASA is up, enter enable and then enter the following to activate features (these activation keys might take a long time to apply – meaning ~5-15 minutes, so be patient):
activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6 - Add a loopback adapter to Windows:
Open a command prompt as Administrator
Enter hdwwiz.exe to open the Add Hardware Wizard
Once the Add Hardware Wizard is open, click Next
Choose “Install the hardware that I manually select from a list (Advanced)” and click Next
Select “Network adapters” and click Next
Select “Microsoft” and “Microsoft Loopback Adapter” under Manufacturer and Network Adapter respectively, then click Next
Reboot - After reboot, add an ASA to a topology and start it
- Add a Cloud Object to the topology and right-click to Configure, selecting the name you used for the Cloud Object – probably C1 if it’s the first Cloud Object and you didn’t rename it
- Select the loopback adapter that you created in Step 12 and click the Add button
- Add an Ethernet switch to the topology and draw a direct connection from the switch to the ASA and switch to the Cloud Object
- In the ASA console:
config t
int gi 0
ip address 10.10.10.1 255.255.255.0
nameif management
no shut - Open Network and Sharing Center in Windows and change the IP of the loopback adapter to 10.10.10.2/24.
- Ping the Windows loopback adapter from the ASA firewall to test connectivity.
- If you don’t already have a tftp server installed, then install one. I use the free one from Solarwinds, but there are a few other good options.
- If you don’t already have the ASDM, then download it from Cisco or another reputable source.
- In the ASA console, copy the ASDM bin file to flash on the ASA:
copy tftp://10.10.10.2/asdm-711.bin flash - Set the ASA to load the ASDM during the next boot
config t (if you’re not already in config mode)
asdm image flash:asdm-711.bin
http server enable
http 10.10.10.2 255.255.255.255 management
username <user of your choice> password <password of your choice> privilege 15 - Reboot the ASA to ensure the ASDM image is loaded during boot.
- Browse to https://10.10.10.1 using the browser of your choice and click the Install ASDM Launcher button to download and install the ASDM app from the ASA.
- Enjoy!
Note: Just for giggles, I ran through these exact instructions on my now Windows 8.1 laptop running GNS3 0.8.6 all-in-one and it worked without a hitch! For those running into networking problems – probably can’t ping the loopback from the ASA or vice versa – check Windows Firewall and make sure the IP addresses you use are not in use on other segments in your own routed network…
This is an awesome guide to setup ASA in gns3. But I have one problem. When I tried to load asdm through solarwinds tftp server i get:
Accessing tftp://10.10.10.2/asdm-645.bin…
WARNING: TFTP download incomplete!
%Error reading tftp://10.10.10.2/asdm-645.bin (Unspecified Error)
any clue what I can do to get to asdm. I have turned off the firewall, tried a different tftp server, but it still doesn’t work.
Can you ping 10.10.10.2 from within GNS3? If not, you need to work your way to that point before TFTP (or any comms) will work between the host and the GNS3 environment. I just repeated my instructions (following each step) and it worked like a charm, so you might want to go back and make sure you perform each and every step fully.
You have to turn the firewall off. I had the same problem.
Make sure that you have opened tftp software in your system and current directory should be where the asdm has located and server interface should be loopback adapter where you have configured 10.10.10.2.
HTH!!!
Hello,
i followed above the steps, when i am start the ASA i am getting below error. Kindly help me for resolve the below error.
I am using window 7 ultimate operation system.
lina_bigphysarea_size: open /proc/bigphysarea failed. error2
Regards,
Manas Ranjan
Are you sure you followed each and every step of the instructions? I just tried the instructions again and ended up with a fully functional ASA in GNS3 again…
I got the same error
See Gino’s comment…
Hi,
I tried the file and even the files I had previously got from a different source but unfortunately the ASA is not working on my Windows 8 with GNS3 0.7.4. I am able to run PIX 724 but not ASA.
Is this anything to do with the Windows 8? Please help!!
Thanks,
Sunil
No idea. I haven’t tried on Windows 8 – in fact, I only have Windows 8 running in a VM to do basic testing of old software/scripts/etc. I’m not even close to adopting Windows 8 for regular use and won’t be until I find some compelling reason (beyond Microsoft’s EOL/EOS announcement).
Are you using Windows 7? I tried to have it running on windows 7 and always got the same error ” lina_bigphysarea_size: open /proc/bigphysarea failed, error 2: ” when console or loading the ASA.
But the same setting in windows XP work perfect.
Please list the step to have it work in windows 7.
Did you follow each and every step?
Thanks for your hard work!!!!!!!!!
Can you please show us how to save the configuration .
I am getting following message to save the config
%Error copying system:
If you’re talking about saving the config of the ASA, I just use the SolarWinds TFTP server (free) to keep the configs for all the devices in GNS3 – that way, I don’t have to worry about saving the configs within GNS3 and I can make modifications outside of GNS3.
Hello,
The solution for “lina_bigphysarea_size: open /proc/bigphysarea failed. error2” is to type manually all options in Preferences->QUEMU->ASA. Don’t copy and paste directly from websites.
Thanks for the comment! I would always recommend typing, instead of copying and pasting from any website – or at least copy/paste from the web to a text editor to verify there are no anomalies included on the clipboard…
This is the correct answer. Thank you, Gino!
Thank you, jrehmert, for this excellent write-up!
I noticed that you didn’t unpack the two ASA files. Were these two files already unpacked on mediafire.com?
If you did unpack them and just didn’t put that step in the instructions, where did you get unpack.py that works with this version 8.4(2)?
You have to unzip the ZIP file that you download from mediafire.com (if you get it from there)… Then you’ll have both files that are necessary to support the rest of the instructions – sorry I didn’t include that level of detail.
Hi There, i have the same issue as the user above with the following error “Accessing tftp://10.10.10.2/asdm-645.bin…
WARNING: TFTP download incomplete!
%Error reading tftp://10.10.10.2/asdm-645.bin (Unspecified Error)”
i have a windows 7 system. I am using the tftpd32 software. I can ping the cloud as well as the asa from the cloud, but for some reason cannot get asdm to load into flash. Any ideas as to what might cause this issue please? please feel free to send me an e-mail directly.
Thanks,
Try using a TFTP client on the Windows computer itself – until you can connect and download that file on that Windows computer itself, then look into getting the TFTP server to function correctly – for that you’ll need to read the docs for the TFTP server. Once you get the TFTP server working locally, then try from the ASA – if you run into problems there, then you need to troubleshoot the network connectivity, including the Windows firewall.
Thank you very much. Really great tutorial to practice. Thumbs up…
doesn’t work, followed 5 times step by step, GNS3 is woking otherwise, works with routers, when trying to add ASA i get error:Dynamips error: connection lost.
thanks
What happens when you click the “Test Settings” button on the Dynamips page of General Preferences… If you get an error, then you have to resolve that error and any other errors that occur after that one is fixed. I never ran into Dynamips errors, but I’ve not tried this in every permutation of OS, virtualization and hardware, so your mileage will vary.
Hi! Great post. It works like magic. Just one question, do you know how to make it work with 2 ASA simultaneously?
Hold shift to pull multiple objects onto the topology – then just configure them correctly (different IPs, etc.) and you should be good to go…
Hi Guys,
I’m able to configure the ASA. Ping successful, tftp and syslog passed. i can copy the ASDM file to the flash of the ASA. But i’m not able to https to the ASA. all configurations has been made as per instructions. i got SYN Timeout and as i further dig in to the issue, i found out that TCP fails the 3 way handshake.
%ASA-6-302014: Teardown TCP connection 8 for management:10.10.10.2/56344 to identity:10.10.10.1/443 duration 0:00:30 bytes 0 SYN Timeout
10.10.10.1 02/01 10:15:06.606
%ASA-6-302014: Teardown TCP connection 9 for management:10.10.10.2/56345 to identity:10.10.10.1/443 duration 0:00:30 bytes 0 SYN Timeout
10.10.10.1 02/01 10:15:06.870
%ASA-6-302014: Teardown TCP connection 10 for management:10.10.10.2/56346 to identity:10.10.10.1/443 duration 0:00:30 bytes 0 SYN Timeout
10.10.10.1 02/01 10:15:06.889
%ASA-6-302014: Teardown TCP connection 11 for management:10.10.10.2/56349 to identity:10.10.10.1/443 duration 0:00:30 bytes 0 SYN Timeout
10.10.10.1 02/01 10:15:27.919
ciscoasa# sh asp drop
Frame drop:
TCP failed 3 way handshake (tcp-3whs-failed) 12
Interface is down (interface-down) 1
Please help.
Thanks.
Did you bounce the ASA after configuring it to start the ASDM image on next boot?
Excellent thank you very much , one question what is the priviledge account password
There isn’t one until you create one…
I followed the steps as published and get the same error as the other people posted here, namely the error ” lina_bigphysarea_size: open /proc/bigphysarea failed, error 2:” on booting.
I am using Windows 7 Pro SP1 and the all-in-one GNS 0.8.6.
I did manage to get it to boot by modifying the qemu options from what is posted in the article to this “-icount auto” and using the kernel cmd line “ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 console=ttyS0,9600n8 bigphysarea=65536 auto nousb ide1=noprobe hda=980,16,32 root_dev=0x6802”. This was obtained from a posting at this URL: https://learningnetwork.cisco.com/thread/49297.
Having said that, I am still seeing random hangs.
See Gino’s comment…
I am getting a black screen when I launch the console then
lina_bigphysarea_size: open /proc/bigphysarea failed, error 2
See Gino’s comment…
I have done all these process successfully. But when I am trying connect ASA via ASDM it’s showing connecting the device. Please wait…
even after 15 mins past.
Please help. 🙁
Did you reboot your ASA after adding the ASDM image to boot?
Regardless how many times I do it and check all of it, I cannot ping the loopback from ASA.
Windows 7 64
Can you please help me?
Thanks,
ch
Are you sure your Windows firewall is correctly configured or completely disabled?
hi thanks for your hard work
its working perfectly but when i tried to install sdm on browser all of sudden qemu stopped working
That’s strange – maybe a resource contention problem (RAM/CPU)?
I get the same error like everybody , even I used different GNS3 (0.7.3 , also 0.7.4 , also 0.8.6 ) in differents WINDOWS 7 laptop and I have the microsoft loopback done and it is show me the same , in another BLOGS they do not make reference to those 2 phrases that you have to type in QEMU options and KERNEL LINE , just leave by default and will go through
Interesting – my setup still works just fine for me on my Windows 7 virtual machine with those options configured… if it works w/o them for you, then – by all means – leave it default!
THIS IS THE ERROR AM GETTING:
ciscoasa(config-if)# copy tftp://10.10.10.2/asdm-647.bin flash
Address or name of remote host [10.10.10.2]?
Source filename [asdm-647.bin]?
Destination filename [asdm-647.bin]?
Accessing tftp://10.10.10.2/asdm-647.bin…
%Error reading tftp://10.10.10.2/asdm-647.bin (File not found)
I have tried different TFTP Server Apps to no avail. I can ping my loopback interface from ASA and vice-versa but I just cant overcome the above error.
ciscoasa(config-if)# ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
C:\Users\Wang’ombe>ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Ping statistics for 10.10.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Are you sure the tftp server/service is running and that the asdm-647.bin file is in the root directory configured in the server/service configuration?
Yes Jrehmert,
I have the tftp server running. Have it pointing to the correct directory. I even see the necessary bin image within the folder pointed to by my TFTP server app. Am using tftpd32 by journin as my tftp application.
Have taken down my firewall completely. Tried a different image to no avail.
Have you tried to connect to the TFTP server using a TFTP client on the same Windows computer?
admin gud job. thanks. facind issue when i m putting switch (no managble or 3600 .3700)between cloud and asa im unable to ping. directly clould to asa no allowed as u know. but if i putting a router between cloud and ASA it works fine every setup on virtual box.still not able to ping loopback. could u tell me how to resolve switch isseue. i want to use my real machine for tha. thanks
That’s strange… The only thing I could think of is that you’re trying to use IPs for the loopback and ASA that already exist on your routable network – so your attempts to use the loopback to try to get to 10.0.0.1 might be using one of your other physical/virtual interfaces with connectivity to a 10.0.0.0 network? Maybe one of your internal networks in VirtualBox?
Hello – I have followed your instructions to the letter, but when I try to connect console to ASA 842, my console gets “the remote system refused the connection”
I have tried Putty and SecureCRT… neither works. ANY SUGGESTIONS ?
thanks for your awesome work !
Sounds like a problem with the config of GNS3, likely with the QEMU settings for the ASA or in the General -> Terminal settings, because opening the console in GNS3 should start the terminal emulator of your choice and connect directly to the virtual serial port on the virtual device – hence the “console=ttyS0,9600n8” section of the kernel cmd line.
Dear Sir
I am not able to ping from ASA 8.4 to Loopback adapter. I get MAC entry of Loopback adapter in ASA when I issue # sh arp command. But still not able to ping it. What may be the reason sir? Please guide.
ciscoasa# sh arp
inside 192.168.1.3 0200.4c4f.4f50 524
Thanks
Mahesh
You’re almost there… Maybe check/disable the firewall?
You sir, are amazing.
The only problem I have is when I go to enter the second activation key (activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6), it stays on validating activation key forever.
Any thoughts?
This process does take a looooong time… It will eventually finish…
yes, it finished right after I submitted.
Thanks again, this was very helpful!
It perfectly works for me. Thanks so much.
When i load this image i found 0 NIC card
Not sure how/why that happened. I just ran trough this again on my Win10 box and it was perfectly functional, as with previous 7 and 8.1 deployments. Make sure you’re following each step and that your ASA device has interfaces assigned in GNS3, of course.
guys plz help, is there anything more need to b done to ping loopback adapter….
coz i cant ping other than its own interface also arp in not shown up
Did you read my note at the bottom re fw and ip assignment conflicts?