GNS3 ASA Summary
The Cisco ASA is a very popular firewall that we can use in our GNS3 simulations in the form of the Cisco ASAv. The Cisco ASAv can be resource intensive so we will want to limit it’s use on weaker hardware. ASAv will run under KVM requiring either a native Linux install like we covered previously or the GNS3 VM on Windows/macOS.
Gather our files
Before we can import the appliance, we will need the latest appliance file for the GNS3 Appliance Registry and the desired Cisco ASAv .qcow image from Cisco. Unfortunately access to the ASAv images requires a CCO with a valid support contract attached that has access to ASAv downloads. While there are other ways to obtain these images, they do violate Cisco’s licensing agreement and will not be discussed here.
If you want to learn more about GNS3, you may be interested in The Book of GNS3 available on Amazon as paperback or Kindle. Check it out using our Amazon affiliate link, https://amzn.to/322eKCO.
- ASAv Appliance Template – This is the appliance template from the GNS3 github and needs to be saved with the .gns3a extension
- asav9-10-1-10.qcow2 – This is the latest ASAv 9.10 interim release at the time of writing this article and can be obtained from the Cisco Download site with a valid login.
Importing the new Appliance
Here we will start with the same basic process as the VyOS Appliance with our files in the Downloads folder. Start by clicking on import appliance from the file menu in GNS3 and select the ASAv template to begin the import.
Once selected the import process will display a description of this appliance as well as some information on its architecture.
Since we are running a native linux install we will be running the appliance directly on the local machine. If you are running under Windows or macOS then you will need to deploy it to the GNS3 VM as discussed previously.
The server requirements should pass assuming you have a healthy install and were able to import the VyOS appliance.
Now we can see that the template, at the time of this article, does not detect installation files as it does not support 9.10.1-10. In this case we will create a custom version in order to proceed with the import.
Start by clicking on Create a new version and then name the version appropriately. In this case 9.10.1-10.
Once the version has been created navigate to the .qcow required beneath it and the click import to go locate the .qcow file. By default GNS3 will start the section window in your downloads directory. If the .qcow is not in that location then navigate to its location and then select it.
With the image imported we can proceed by highlighting our version and then clicking next. When the popup appears double check you have named the version correctly and then click yes to proceed.
On the next screen ensure the correct qemu binary has been auto selected. In the case of the ASAv this will be x86_64 and then click next to proceed.
The next page will be the summary of the newly imported appliance. These values can be modified after you’ve completed the import or on a per device basis. I would not advise making any changes to the ASAv template with the exception of the console type which we will cover later in this article.
The final page before you finish will provide you with some basic details on the ASAv. Like all ASA’s it will not have any passwords by default. Additionally all new ASAv’s will perform a double-boot to configure themselves for the virtualization host. Click finish to complete the import process.
Changing the console type to telnet
By default the ASAv will output to a VNC console. This has limited usefulness to as it does not allow copy/paste or scroll-back functionality. We can correct this by modifying the ASAv master disk image so that all ASAv’s created from that template have a telnet console enabled via the virtual serial port.
Editing the ASAv parameters
To start we will go to the preferences under the edit main menu item. Once there navigate to the Qemu VMs tab on the side bar and select the Cisco ASAv 9.10.1-10 template. If you have multiple ASAv template versions this process will need to be repeated for each one.
Once here click on the Edit button to open the ASAv template configuration. Once there navigate to the Advanced Settings tab and uncheck linked base VM tab. This will change the behavior so that when you deploy an instance it uses the base image instead of cloning the template allowing us to modify the template for our needs.
Click OK to finish the changes, then Click OK on the Preferences window.
Now create a new throwaway project that we will use to modify the base template to change the console type.
Now we can drag an ASAv onto our project, start the simulation with the green play button, and then open the console and wait for the ASA to boot.
Once we are into the ASAv you will enter the following commands to change the ASAv behavior to use the serial console.
en conf t N (Disable Auto Call Home) cd coredumpinfo copy coredump.cfg disk0:/use_ttyS0
Now you can confirm the existence of the file, save the configuration, and reload the ASA.
show disk0 end wr me reload no
Once the ASA has rebooted you should see that the terminal is now being redirected to the serial console after the image finishes booting.
Now you can close the console, stop the simulation with the red stop button, and then right click on the ASAv and click configure. Once here we will change the console type to telnet so that we can test our changes to the image. After clicking OK restart the simulation and open the console of the ASAv. It should open in a terminal window rather than your VNC viewer.
Next you will stop the simulation and return to the main preferences window by use of the edit top menu. Once there return to the Qemu VMs panel and select the ASAv template once again then edit the properties.
Under general settings change the console type to telnet from VNC and then move to the Advanced Settings tab.
Once in the Advanced Settings tab you will re-enable base vm linking to restore template functionality to the ASAv appliance type using our freshly modified base image.
Click OK and then OK again back in the Preferences window. Once back into your simulation you will delete the ASAv instance that was used for configuration. Then drag two new ASAv’s onto the project.
Start the simulation and confirm that the consoles work and you have two separate ASAv instances by checking the virtual serial numbers.
The ASAv appliance is now ready for use in your simulations. If you want to read more articles on GNS3 then click here!