I recently needed to emulate a Cisco ASA 5520 device, however I noted this could not be achieved through Cisco Packet Tracer. After some research I stumbled upon an excellent network simulator named GNS3. Although, some further reading revealed emulating an ASA device was slightly more tricky to setup than a standard Cisco switch or router. Below is the process I performed to successfully emulate an ASA 5520 in GNS3. The following prerequisites are required before performing the below steps:
- An installation of Oracle Virtualbox.
- A virtual machine created in Virtualbox running a 32-bit (x86) operating system.
- The virtual machine must be on the same network address range as your workstation and it’s virtual NIC must be set to host only.
- An installtion of GNS3.
- You have a basic knowledge of GNS3 and Cisco IOS.
2. Open the GNS application and select edit from the menu bar and then select preferences. In the preferences window select “Qemu” from the side bar and then select the ASA configuration tab. Under the “ASA Specific Settings” section click to browse for a file next to “Initrd” field and select the asa802-K9.initrd.gz file you downloaded. Proceed and browse for a file next to the “Kernal” field and select the vmlinuz file you downloaded and click OK, as shown in the below screenshot.
3. In the main GNS3 window drag the ASA Firewall object from the left hand side bar into the center workspace. Once the ASA icon displays in the workspace, click the green play icon located at the top of the GNS3 window.
4. Proceed and open the ASA console window, this can be performed by clicking the small command prompt looking icon located at the top of the GNS3 application, this will inturn launch and instance of Putty. Download the initial ASA setup from here, and paste the set of commands the file contains into the console window and press return on your keyboard.
5. Once this is complete your ASA should now be running and you will now have access to the enable mode. Enter into enable mode, and then enter into configuration terminal mode and download the starter configuration from here. Once the file has downloaded, paste the set of commands it contains into the console and press return on your keyboard.
6. In the main GNS3 application window drag the cloud object from the left hand side bar into the center workspace, and then double click the object. In the cloud properites window, select your virtual box host only adapter and click OK. In the main GNS window drag a switch into the center workspace and then proceed to link the cloud, switch and ASA devices together. Your topology should look similar to the below:
7. Open your created virtual machine and then download and install a copy of tftpd32 from here. Following the installation of the tftp application download the asdm-621 installation file from here. Proceed and configure tftpd32 to point to the in which you have stored asdm-621 file in.
8. From within GNS3, open the console for the ASA device again and type the following commands to upload the asdm installation to your ASA device. Each line should be proceeded by pressing return on your keyboard.
copy tftp flash
[Enter your virtual machines IP address, where TFTPd32 is running]
Press enter to accept the default destination
[Image copy starts & finishes]
asdm image flash:/asdm-621.bin
9. In your virtual machine download and install Fiddler and the ASDM Launcher which are available from here and here. When the installation is complete set Fiddler to decode HTTPS by selecting the following:
Fiddler –> Tools –> Fiddler Options –> HTTPS –> Check ‘Decrypt HTTPS Traffic’.
In the Fiddler menu bar, click Rules –> Customize Rules. Proceed and download the customised rules file from here, and then and paste these new rules, erasing any existing information, into the customize rules dialog box.
10. Configure Java to proxy the ASDM launcer information to Fiddler. To perform this go to the virutal machines control panel and perform the following:
Java –> Network Settings –> Use Proxy Server –> “localhost:8888” –> Advanced –> Use Same Proxy For All Protocols.
11. With Fiddler running, load the ADSM Launcher and enter the username of “ciscoasa” with the password of “cisco” and set the connection IP address to 192.168.0.100 and click OK. Press “Yes” when alerted by Fiddler and ASDM should now load correctly.
I hope this helps getting your ASA 5520 emulated in GNS3.