How to run Cisco ASAv 9.x in GNS3
Warning: temp notes - Work in progress
Cisco ASAv 9.x can run inside GNS3.
There's a problem however: Which version should we chose?
- Older ASA versions: according to the GNS3 people, these older versions were hacked by third parties and were very unreliable.
GNS3 doesn't support these older versions. See here: https://gns3.com/discussions/about-asa-8-support-in-gns3
- Newer ASAv versions (9.x), released by Cisco: Recommended by GNS3. These versions are much more reliable.
Beware, you need a valid contract from Cisco to be able to download these products, and you need a license if you want to run the unrestricted version.
Topology of my GNS3 lab
First of all, download an ASAv file. I chose the file asav952-204.qcow2, and copied it in my ~/GNS3/images/QEMU/ folder.
Then, I downloaded an ASAv/GNS3 template from here: https://gns3.com/marketplace/appliance/cisco-asav
In the GNS3 GUI, click on New appliance template, then on Import an appliance template file, like this:
Browse to the template file you downloaded earlier:
Click next and go through the settings, I chose to run the appliance on my local computer (It's a Xubuntu host, it makes life with GNS3 a lot easier):
Here comes the annoying part: GNS3 is complaining that it's missing the ASAv files:
In order to use my ASAv image, I clicked on Create a new version. Give it whatever name you want and click Ok. Click on the newly created template, and click on Import. Browse to your ASAv image. End result should look like this:
Click Next and finish the installation.
Your ASAv is almost ready to use. There's a few things to modify, like removing the link clone, and switch to a VNC display. Read these instructions before proceeding:
Go to your template settings, and switch from Telnet console type to VNC:
Then, go to Advanced settings and remove the linked based VM option like this:
That's it, you can now drag and drop an instance of your template inside the GNS3 workspace.
Start the appliance.
If you have vncviewer installed, you can double click on the appliance to manage it.
N.B. In Xubuntu, I had to install vncviewer with the following package:
sudo apt install xtightvncviewer
Now let's add a serial connection to our template:
Again, read the instructions from this excellent tutorial: http://blog.ialex.info/configuring-cisco-asav-9-x-on-gns3-1-4-x/
Type the following commands in your ASAv, then reboot:
ciscoasa(config)# cd coredumpinfo ciscoasa(config)# copy coredump.cfg disk0:/use_ttyS0
You will lose the VNC connection when the appliance reboots, but you can now connect through the GNS3 console.
Next, we should download an ASDM file from our local TFTP server, to our ASAv.
I installed tftpd-hpa by doing:
sudo apt install tftpd-hpa
Check the settings for tftpd-hpa (Default directory is /var/lib/tftpboot):
sudo vim /etc/default/tftpd-hpa
sudo systemctl start tftpd-hpa
Copy your ASDM to the tftp directory:
cp /path_to_your_file/asdm-762.bin /var/lib/tftpboot/
Next, go to your ASAv console, and type the following command:
copy tftp://192.168.2.100/asdm-762.bin flash:/asdm-762.bin
Then, type in these commands: (Adapt the ip to your network of course)
ciscoasa(config)# aaa authentication http console LOCAL ciscoasa(config)# username admin password cisco123 ciscoasa(config)# http server enable ciscoasa(config)# http 192.168.1.0 255.255.255.0 inside ciscoasa(config)# asdm image disk0:/asdm-762.bin
Next, you should be able to go to https://192.168.x.x/ from your browser :) (ASAv management ip)
If, like me, you've forgotten to install a Java plugin for your browser, the index page will look stupid, like this:
We're missing an option to run ASDM. Under Linux/Firefox, we need to install the icedtea plugin like this:
sudo apt install icedtea-plugin
Restart Firefox, and tadaa, we have more options now :)
Click on Run ASDM, and after a few confirmations, you should see the ASDM GUI.
N.B. If you don't have a license, you will see a warning message like this:
Screenshot of the ASDM GUI: