Emulating A Cisco ASA 5520 In GNS3

I recently needed to emulate a Cisco ASA 5520 device, however I noted this could not be achieved through Cisco Packet Tracer. After some research I stumbled upon an excellent network simulator named GNS3. Although, some further reading revealed emulating an ASA device was slightly more tricky to setup than a standard Cisco switch or router. Below is the process I performed to successfully emulate an ASA 5520 in GNS3. The following prerequisites are required before performing the below steps:

  • An installation of Oracle Virtualbox.
  • A virtual machine created in Virtualbox running a 32-bit (x86) operating system.
  • The virtual machine must be on the same network address range as your workstation and it’s virtual NIC must be set to host only.
  • An installtion of GNS3.
  • You have a basic knowledge of GNS3 and Cisco IOS.

1. Download the “vmlinuz” emulation file from here and download a copy of the file “asa802-K9.initrd.gz”, which you can locate externally from here.

2. Open the GNS application and select edit from the menu bar and then select preferences. In the preferences window select “Qemu” from the side bar and then select the ASA  configuration tab. Under the “ASA Specific Settings” section click to browse for a file next to “Initrd” field and select the asa802-K9.initrd.gz file you downloaded. Proceed and browse for a file next to the “Kernal” field and select the vmlinuz file you downloaded and click OK, as shown in the below screenshot.

GNS QEMU Preferences

3. In the main GNS3 window drag the ASA Firewall object from the left hand side bar into the center workspace. Once the ASA icon displays in the workspace, click the green play icon located at the top of the GNS3 window.

4. Proceed and open the ASA console window, this can be performed by clicking the small command prompt looking icon located at the top of the GNS3 application, this will inturn launch and instance of Putty. Download the initial ASA setup from here, and paste the set of commands the file contains into the console window and press return on your keyboard.

5. Once this is complete your ASA should now be running and you will now have access to the enable mode. Enter into enable mode, and then enter into configuration terminal mode and download the starter configuration from here. Once the file has downloaded, paste the set of commands it contains into the console and press return on your keyboard.

6. In the main GNS3 application window drag the cloud object from the left hand  side bar into the center workspace, and then double click the object. In the cloud properites window, select your virtual box host only adapter and click OK. In the main GNS window drag a switch into the center workspace and then proceed to link the cloud, switch and ASA devices together. Your topology should look similar to the below:

ASA Topology Diagram

7. Open your created virtual machine and then download and install a copy of tftpd32 from here. Following the installation of the tftp application download the asdm-621 installation file from here. Proceed and configure tftpd32 to point to the in which you have stored asdm-621 file in.

8. From within GNS3, open the console for the ASA device again and type the following commands to upload the asdm installation to your ASA device. Each line should be proceeded by pressing return on your keyboard.

copy tftp flash
[Enter your virtual machines IP address, where TFTPd32 is running]
Press enter to accept the default destination
[Image copy starts & finishes]
config t
asdm image flash:/asdm-621.bin

9. In your virtual machine download and install Fiddler and the ASDM Launcher which are available from here and here. When the installation is complete set Fiddler to decode HTTPS by selecting the following:  

Fiddler –> Tools –> Fiddler Options –> HTTPS –> Check ‘Decrypt HTTPS Traffic’.

In the Fiddler menu bar, click Rules –> Customize Rules. Proceed and download the customised rules file from here, and then and paste these new rules, erasing any existing information, into the customize rules dialog box.

10. Configure Java to proxy the ASDM launcer information to Fiddler. To perform this go to the virutal machines control panel and perform the following:

Java –> Network Settings –> Use Proxy Server –> “localhost:8888” –> Advanced –> Use Same Proxy For All Protocols.

11. With Fiddler running, load the ADSM Launcher and enter the username of “ciscoasa” with the password of “cisco” and set the connection IP address to and click OK. Press “Yes” when alerted by Fiddler and ASDM should now load correctly.

I hope this helps getting your ASA 5520 emulated in GNS3.

Uninstalling Microsoft Office Communications Server 2007 R2

Uninstalling Microsoft OCS 2007 R2 probably isn’t something your going to do on a regular basis. I recently had a requirement to perform this and to make sure the uninstalltion went accordingly I tested this a few times in a virtual lab environment. During my testing I followed several online guides, including those on TechNet and community blogs, however I always encountered issues when attempting to remove services and being prompted with error stating services were still active and associated data would be left in Active Directory. After a few failed attempts I decided to devise my own decommissioning method to remove all service attributes from Active Directory. To test this was successful I reinstalled OCS 2007 R2 in the same lab environment and everything worked as expected. My decommissioning steps are detailed below:

1. In the OCS 2007 R2 Administrative Console, expand Standard Edition Servers, expand your servers computer name and then right click the “Users” container and click “Delete Users”. Follow the presented wizard to remove all OCS attributes from your SIP enabled user accounts.

Note: This does not delete your Active Directory user accounts, it simply SIP disables the users.

2. Right click your servers computer name and select “Deactivate”, then proceed to deactivate each role in the following order. Performing these steps in the incorrect order will impact the uninstallation of the product.

Response Group Service
Outside Voice Control
Conferencing Announcement Service
Conferencing Attendant
Application Host
Application Sharing Server
A/V Conferencing Server
Web Conferencing Server
Web Components Server
Front End Server – If deactivation fails, run this again but check the force option.

3. Once the deactivation is complete, go to the control panel of your server and select either Add/Remove Programs or Programs & Features depending on your operating system version. Proceed and remove the following services in the below order.

Application Host
Application Sharing Server
Audio/Video Conferencing Server
Conferencing Announcement Service
Conferencing Attendant
Outside Voice Control
Response Group Service
Web Conferencing Server
Standard Edition Server (Front-End)
Managed API 2.0 Core 64-bit
Managed API 2.0 Speech x64
Managed API 2.0 Windows Workflow Activities Server Speech Language Pack
OCS 2007 R2 Administrative Tools
Web Components Server
Core Components

4. Demote your server from the domain and proceed to delete it’s Active Directory computer account and its associated DNS A and SRV records.

That’s it, you have successfully removed Office Communications Server 2007 R2 from your environment. If you have a requirement to unprepare your domain or forest there is some good information on performing this here.

Microsoft Exchange 2010 – Cannot Send E-Mail To A Mail Enabled Public Folder

I was recently assisting a colleague with an issue he had experienced with a Microsoft Exchange 2003 to Microsoft Exchange 2010 migration. The migration had completed correctly, however for an unknown reason you could not send e-mail to any mail-enabled public folders, despite whether these were created newley from within the Exchange Management Console or were replicated as a part of the migration. All of the mail-enabled public folder properties were correct, including permissions, and Exchange 2010 Service Pack 1 had also been applied. When e-mailing a mail-enabled public folder from an external network no NDR was produced, however when e-mailing from the internal network the following NDR was returned:

#554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn’t found. ObjectNotFoundException: The Active Directory user wasn’t found. ##

After performing some research it turned out this is a known problem with Exchange 2010 migrations as detailed here. The issue occurs due to the legacy administrative group (First Administrative Group) being empty following the migration. To resolve this issue perform the following actions:

1. Open ADSI Edit on either a domain controller or your Microsoft Exchange 2010 server.

2. Navigate to the “CN=Servers” ADSI attribute by locating the below path, I have also included a screenshot of the location to help identify the attribute:

CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,

The Active Directory user wasn’t found.

3. Right click the “CN=Servers” container and select delete. Click OK when prompted in order to confirm the action. Note: Do not delete the top level container “First Administrative Group”, this is against Microsoft best practices and may have a negative affect on your Exchange organisation.

4. Ensure replication of your Active Directory database has occurred to all domain controllers and then attempt sending an e-mail to one of your mail-enabled public folders. You should now find e-mail makes it way to these folders as expected.

For more information on this issue, please see the following URL: http://msexchangeteam.com/archive/2010/05/05/454821.aspx