How to run Cisco ASAv 9.x in GNS3

From Daco.tech Technical Documentation

Warning: temp notes - Work in progress

Cisco ASAv 9.x can run inside GNS3.

There's a problem however: Which version should we chose?

  • Older ASA versions: according to the GNS3 people, these older versions were hacked by third parties and were very unreliable.

GNS3 doesn't support these older versions. See here: https://gns3.com/discussions/about-asa-8-support-in-gns3

  • Newer ASAv versions (9.x), released by Cisco: Recommended by GNS3. These versions are much more reliable.

Beware, you need a valid contract from Cisco to be able to download these products, and you need a license if you want to run the unrestricted version.

Topology of my GNS3 lab

Topology.png

Installation

First of all, download an ASAv file. I chose the file asav952-204.qcow2, and copied it in my ~/GNS3/images/QEMU/ folder.

Then, I downloaded an ASAv/GNS3 template from here: https://gns3.com/marketplace/appliance/cisco-asav

In the GNS3 GUI, click on New appliance template, then on Import an appliance template file, like this:

Import appliance.png

Browse to the template file you downloaded earlier:

Open template.png

Click next and go through the settings, I chose to run the appliance on my local computer (It's a Xubuntu host, it makes life with GNS3 a lot easier):

Template settings.png


Here comes the annoying part: GNS3 is complaining that it's missing the ASAv files:

Template settings2.png


In order to use my ASAv image, I clicked on Create a new version. Give it whatever name you want and click Ok. Click on the newly created template, and click on Import. Browse to your ASAv image. End result should look like this:

Template settings3.png

Click Next and finish the installation.

Your ASAv is almost ready to use. There's a few things to modify, like removing the link clone, and switch to a VNC display. Read these instructions before proceeding:


http://blog.ialex.info/configuring-cisco-asav-9-x-on-gns3-1-4-x/

Go to your template settings, and switch from Telnet console type to VNC:

Switchtovnc.png

Then, go to Advanced settings and remove the linked based VM option like this:

Remove link.png

That's it, you can now drag and drop an instance of your template inside the GNS3 workspace.

Start the appliance.

If you have vncviewer installed, you can double click on the appliance to manage it.

N.B. In Xubuntu, I had to install vncviewer with the following package:

sudo apt install xtightvncviewer

Victory :)

Vnc console.png


Now let's add a serial connection to our template:

Again, read the instructions from this excellent tutorial: http://blog.ialex.info/configuring-cisco-asav-9-x-on-gns3-1-4-x/

Type the following commands in your ASAv, then reboot:

ciscoasa(config)# cd coredumpinfo

ciscoasa(config)# copy coredump.cfg disk0:/use_ttyS0

You will lose the VNC connection when the appliance reboots, but you can now connect through the GNS3 console.

ASDM

Next, we should download an ASDM file from our local TFTP server, to our ASAv.

I installed tftpd-hpa by doing:

sudo apt install tftpd-hpa

Check the settings for tftpd-hpa (Default directory is /var/lib/tftpboot):

sudo vim /etc/default/tftpd-hpa

Start it:

sudo systemctl start tftpd-hpa

Copy your ASDM to the tftp directory:

cp /path_to_your_file/asdm-762.bin /var/lib/tftpboot/

Next, go to your ASAv console, and type the following command:

copy tftp://192.168.2.100/asdm-762.bin flash:/asdm-762.bin

Tftp.png

Then, type in these commands: (Adapt the ip to your network of course)

ciscoasa(config)# aaa authentication http console LOCAL
ciscoasa(config)# username admin password cisco123
 
ciscoasa(config)# http server enable
ciscoasa(config)# http 192.168.1.0 255.255.255.0 inside
 
ciscoasa(config)# asdm image disk0:/asdm-762.bin

Next, you should be able to go to https://192.168.x.x/ from your browser :) (ASAv management ip)

If, like me, you've forgotten to install a Java plugin for your browser, the index page will look stupid, like this:

Asdm index.png

We're missing an option to run ASDM. Under Linux/Firefox, we need to install the icedtea plugin like this:

sudo apt install icedtea-plugin

Restart Firefox, and tadaa, we have more options now :)

Asdm index2.png

Click on Run ASDM, and after a few confirmations, you should see the ASDM GUI.

N.B. If you don't have a license, you will see a warning message like this:

Asav limited.png

Screenshot of the ASDM GUI:

Asdm gui.png