Sunday, 16 February 2014

Emulating Cisco ASA 8.4.2 on GNS3 [ Included GNS3 1.3 - Updated on 07/04/2015]

This post will take you through a step-by-step guide to emulate Cisco ASA 8.4.2 on GNS3. In GNS3 QEMU is an emulator which emulates the hardware environment for a Cisco ASA device. Please make sure that your computer have got at least 4GB of RAM before you begin.

The below steps are pretty simple and straight forward. So let's begin.

Edit on 28/10/2014: On the latest version of GNS3 i.e   GNS3 1.0, adding ASA from Qemu is a little different. Just follow the steps mentioned under the topic 'In GNS3 1.0' below.

1.) Download and install GNS3. You can get the software from . You may need to register/login to get the software.

2.) Get a copy of ASA 8.4.2 code. You can get it from your live ASA device by copying the image to a TFTP server. [ or download from ]

3.) Unpack the image and you will get two files, asa842-initrd.gz and asa842-vmlinuz.

[For GNS3 1.0 (latest) follow the steps under the topic 'In GNS3 1.0']

4.) Now Open GNS3 and go to Edit -> Preferences -> Qemu -> ASA.

5.) Configure the 'ASA Settings' and 'ASA Specific Settings' like below:

Identifier name: Cisco-ASA

RAM : 1024 MiB

Number of NICs : 6

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Initrd: Browse and select the 'asa842-initrd.gz' file from the unpack process

Kernel: Browse and select the 'asa842-vmlinuz' file from the unpack process

Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

Finally click Save and click OK. Also refer the below screenshot for more info regarding the above configuration.

Now drag and drop ASA Firewall to the project area and start configuring your ASA device!

In GNS3 1.0 [Edit on 28/10/2014]

Follow up to step 4 above.

1.) Expand QEMU  > QEMU VMs

2.) Click New and type a name of your ASA device

3.) Select the type as ASA 8.4(2) and click Next

4.) Leave the Qemu binary and RAM as it is and click Next

5.) Now browse the initrd and Kernal image which you have extracted before and click Finish

That's it! You are done with ASA configuration in GNS3. No need to give Qemu Options or Kernel cmd line, everything is already set in GNS3. Below you can find a screenshot of the configuration.

Now go to your GNS3  > Security devices and drag your ASA to work-space, enjoy!

Add ASDM and connect your ASA

You can connect ASA from the computer from which you are running GNS3. Follow the steps below to do this:

1.) Add a Microsoft Loop-back to your computer (refer and provide an IP address as below (use any IP) :

2.) Drag and drop 'Cloud' to the GNS3 work-space and connect it with an Ethernet Switch. Refer below screenshot :

3.) Configure 'Cloud' and add the Loop-back adapter which you have added instep 1 as mentioned in below figure:

4.) Take a console session to your ASA from GNS3 and configure one of its interface like below:

interface GigabitEthernet1
 nameif inside
 security-level 100
 ip address

5.) Now try to ping your computer's Loopback IP from ASA and vice-verse (Make sure that you disable firewall/antivirus etc on your local PC which is installed with GNS3.)

6.) Download ASDM ( asdm-649.bin) from

7.) Install a TFTP server in your local PC and keep the above file in its root directory.

8.) Now upload the asdm-649.bin to the ASAs' flash using the below commands: (If the upload fails , then try disabling any other network adapter other than the Loop-back adapter temporarily and try)

ciscoasa# copy tftp: flash:
Address or name of remote host?
Source filename? asdm-649.bin
Destination filename [asdm-649.bin]?

Accessing tftp://!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
18927088 bytes copied in 143.10 secs (132357 bytes/sec)

9.) Initiate the below commands to load ASDM on the ASA and enable http server:

ciscoasa(config)# asdm image flash:asdm-649.bin
ciscoasa(config)# http server enable
ciscoasa(config)# http inside
ciscoasa(config)# username admin password 1234 privilege 15

ciscoasa(config)# write memory

10.) Now get to your local PC, open a browser and type and you will get a page open like below:

11.) Click on 'Run ASDM' and enter with the username and password which you have created on step 9. You will be presented with the ASA dashboard.

I hope this helps. You can expect ASA configuration examples and tech notes soon in my blog.