Configuring Cisco ASAv QCOW2 with GNS3 VM

1. Overview


There are many problems were experienced when using Cisco ASAv firewall virtual servers in GNS3 network simulation software. Fortunately, all of those issues had been fixed in GNS3 VM virtual machines security. In this article will present you about how to configure Cisco ASAv firewall virtual servers image with qcow2 virtual security appliance format in GNS3 VM virtual server.

Cisco ASAv firewall virtual servers is referring to Adaptive Security Virtual Appliance (ASAv) of Cisco virtual security appliance firewall product. Even though it is a virtual security appliance, yet it brings a full firewall managed security services functionality the same as hardware appliance to a virtualized environments with a secured traffic and multi-tenant environments. It is very easy and fast for disaster recovery comparing to hardware appliance since it is running on server virtualization or in an data center virtualization.

2. Prerequisites


In this article of configuring ASAv firewall virtual servers, it is assumed that:

a. you already have GNS3 VM virtual server installed up and running on your computer. In case that you don’t, please refer to this link. Installing GNS3 VM on VMware Workstation
b. you have already downloaded Cisco ASAv virtual machines security qcow2 image (asav941-203.qcow2, asav971.qcow2, or asav981-5.qcow2), a hda file  from the Cisco website. Cisco service contract is needed to be able to download it.

3. Configuring GNS3 for ASAv Firewall Virtual Servers


Go to “Edit“, click on “Preferences“. On preferences window, under “QEMU” option click on “Qemu VMs” and then click “New” to add to Cisco ASAv firewall virtual servers qcow2 image of the virtual firewall appliance.

Selection the option of “Run the IOS on the GNS3 VM” to run Cisco ASAv on GNS3 VM virtual machines security. Then, click “Next” to continue.

Give a Name the firewall virtual servers, “ASAv94” as in this article, click  “Next” to continue.

Select the  x86_64 Qemu binary and set  the RAM to 2048 BM. click “Next” to continue. ASAv firewall virtual servers need at lease 2048 MB of RAM to works.


Select “New Image”, then browse to the locate where you had download ASAv firewall virtual servers qcow2 file (asav941-203.qcow2), and click “Open” to upload the file to your GNS3 VM virtual server. Once it has finished uploading, click “Finish”.

On preferences window, under “QEMU” option click on “Qemu VMs” and then click “Edit” to edit some configuration for new added Cisco ASAv firewall virtual servers qcow2 image virtual firewall appliance.

Under the “General Settings” On Symbol section, browse for ASA symbol. On Category section, select “Security Devices“. On Console type section, choose “vnc” option. In section 4 of this article will talk about telnet for console access.

Under the “Network” tab within the QEMU VM configuration, Install 6 network card adapters for ASAv firewall virtual servers by setting number 6 to Adapters section. Set the first ASAv firewall virtual servers interface name to Management0. In the Name format section set it to Gi0\{0}. Then, click “OK“. Click “OK” again to save the configuration.

ASAv firewall virtual servers now should appear under “Security Devices” window on the main GNS3 screen . Let create a new project to see if ASAv firewall virtual servers image is working properly.

After we power on the ASAv firewall virtual servers, it will automatically reboot once during the initial power-up. This happen after it finished determining the device platform. It will stop at the ciscoasa> prompt after the second boot as in bellow picture.


Now you can start playing with ASAv firewall virtual servers as a network security tools in your lab for what ever you wish for.

4. Configuring Telnet Access


Working with ASAv firewall virtual servers via VNC isn’t really sound comfortable for me. I would prefer to work with it via telnet access instead.

To work with ASAv firewall virtual servers through telnet, we need serial port to be enabled. Unfortunately, ASAv firewall virtual servers serial port is disabled by default. However, we still can manually enable it. We need to create a file on the root of Disk0: called use_ttyS0 to enable the serial interface. The easiest way to accomplish this is to clone the existing \coredumpinfo\coredump.cfg file and rename it. To clone it, use the following commands. That S0 is capital letter S and number zero 0 not S and the letter O. Verify that the file is cloned successfully with the command dir.

ciscoasa#copy disk0:/coredumpinfo/coredump.cfg use_ttyS0

Now you can shutdown your ASAv firewall virtual servers and change the console type from “vnc” to “telnet” instead by right click ASAv, and select configure. We don’t need to save the configuration of ASAv firewall virtual servers at this point.

Power on your ASAv firewall virtual servers back, right click on it and choose console to open the access. ASAv firewall virtual servers needs sometime to boot up. After it finished booting up, you will see something as the following.

5. Conclusion


Now you should be able to configure ASAv firewall virtual servers in qcow2 image format with GNS3 VM virtual server. It is really a great network security tools to do your ASAv firewall lab with firewall virtual servers before you start working with your production ASA firewall. That is all about configuring ASAv firewall virtual servers with GNS3 VM virtual server for now. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them. Thank you and enjoy your ASAv lab on GNS3 VM.