this is no secret, but it was a lot of hard work...
start at the beginning...
download 0.8.3 all in one, get it running... do not let it install into program files... make a different directory...
if you are just getting started with gns3, then you know where to go... this is gonna go fast...
the key here is qemu... but first, you need to separate the asa.bin from its parts... i did it using linux, then ported the files over to my windows box.. to extract the initrd.gz and the vmlinuz files in windows you can use a program called repack... i did it from the cli in nix... start with this link: http://forum.gns3.net/topic1379.html then dig some more... this part was not easy and took a lot of time... i believe i used gzip/gunzip in nix... you need to do the heavy lifting here... of course, getting the .bin's i'm not even touching on; you know the drill...
initrd stands for initial ram disk... if anybody remembers back in the old dos days there was a procedure called vdisk, or virtual disk; the early days of virtualization, whereby you'd run an os in a current os's ram, read vm... vmlinuz is the nix executable kernel... these will boot your asa in qemu...
so once you get through that nastiness, you get to do battle with qemu... it's hit or miss... the real trick is pathing out everything correctly, and discovering the settings that will work... once in qemu make sure it is pathing out correctly by running the test for qemuwrapper... as i said before, do not install anything in windows system directories and you can avoid some unpleasantness... and turn the friggin windows firewall off, duh...
these settings worked for me, you may have to try others...
the kernel cmd line:
console=ttyS0,9600n8 bigphysarea=16384 auto nousb ide1=noprobe hda=980,16,32
that and a couple of prayers will get you this:
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 8.4(2)
Device Manager Version 6.4(5)206
Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"
ciscoasa up 1 hour 5 mins
Hardware: ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB
0: Ext: GigabitEthernet0 : address is 00ab.cd92.5200, irq 0
1: Ext: GigabitEthernet1 : address is 0000.ab8f.c501, irq 0
2: Ext: GigabitEthernet2 : address is 0000.ab35.ea02, irq 0
3: Ext: GigabitEthernet3 : address is 0000.abcc.9c03, irq 0
4: Ext: GigabitEthernet4 : address is 0000.ab4f.f804, irq 0
5: Ext: GigabitEthernet5 : address is 0000.abf1.e905, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Disabled perpetual
VPN-3DES-AES : Disabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 5000 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 0 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5520 VPN Plus license.
Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration last modified by enable_15 at 13:18:13.929 UTC Sat Aug 4 2012
ciscoasa#
for more features you are going to have to search for activation keys... notice security contexts... this is another pain in the ass but cisco inferno has some good tips on that here... he is not kidding about the activation taking a long time... if you are not patient, you can simply start all over again... he mentions making a bridge in windows there; the hardware loopback in windows is better...
http://blog.ciscoinferno.net/?s=gns
look, if you really want this, you are going to suffer for it, so plan on it and don't be a big pussy...
if you survived all of that and you are a glutton for punishment, try plugging in asdm... that's another bitch...
i found that the fastest and easiest way to get your pc into the gns3 environment is through a windows hardware loopback... go to windows cmd and type hdwwiz and step through that... and make sure you reboot the pc after adding the loopback because... it's winblows... put the management interface in the same subnet, run tftp and copy tftp flash... i'm not stepping you through that...
don't forget the switch... be the cloud...
http server enable
http ipaddress/subnetmask management
make a username and password privilege 15
copy r s
open a browser, https://ipaddress
and the rest is on you... this is not for the weak of heart... it will kick your ass, but you'll be glad...
like i said it's not for the faint of heart... qemu.exe just crashed on me and wouldn't load the emulator... solution: downloaded the standalone windows version from gns3, plucked out the qemu.exe file, erased the current qemu.exe and rebooted first, then added the new qemu.exe in the proper directory, and it works... not sure if the reboot is necessary, just an old habit from back in the windows crusades... not only will this stuff make you delusional, it will also make you hysterically superstitious... yeah, and good luck...
use this link to verify the default operation of the device...
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/admin_trouble.html#wp1093069
No comments:
Post a Comment