One of my most popular blogs on Cisco Inferno is the ability to install and run an ASA firewall by Cisco on GNS3. Since then I have shifted to a Macbook Pro and want to run everything in OSX. I have been using GNS3 inside a Windows VM for a while but that is a waste of resource and more. I have yearned for lack of a better word for a way to run everything natively in OSX. Today is the day I share with you how to do this. The requirements are as follows.
- A working ASA 8.4 image – (extracted as per previous ASA post)
- OSX 10.8 – (I’ve tested this but 10.7 may work)
- QEMU 11.0
- GNS3 0.8.4RC2
Download and install GNS3 from Sourceforge. This is the latest version from May. It will update the look, feel, and importantly some behind the scenes features. This is rather straight forward.
Next it is time to download the modified QEMU 11.0. Install this self extracting QEMU instance. It is pre-compiled and works with OSX 10.8. It has been patched to support JUNOS devices too.
Now set the path to QEMU as the value below.
/usr/local/bin/QEMU-system-i386
Set your path to the Qemu-img to what is listed below.
/usr/local/bin/qemu-img
So now you have directed GNS3 to the QEMU install you extracted previously, now test. Your results should look like they do below.
Now jump over to the ASA tab. This version of GNS3 has better support for QEMU instances. It actually pre populates fields. From the first drop down menu, Preconfiguration, ensure ASA 8.4(2) is selected. I set my RAM to 1024. Note QEMU options and Kernel command line options are filled. Unlike previously where you had to define them, GNS3 now does this for you.
Now time to select your ASA images.
Initrd
/Users/pandom_/Documents/GNS3/Images/asa842-initrd.gz
ASA Kernel
/Users/pandom_/Documents/GNS3/Images/asa842-vmlinuz
Voila. Now click save and close the preferences pane. Select from the side tab of devices, Security Devices, and drag onto your canvas an ASA firewall. Click the play button and watch it start up. You will have two QEMU windows open. These may appear as not responding but whilst they are open, your ASA runs. If you do close them the ASA will disable itself and turn off so do not do this
Here it is. My final topology. Connect to them all via console (left of the play button) and enjoy the study.
Hey,
have you found any way on OS X to connect from your Mac via TUN/TAP to the ASA or to a router if you are not admin but a regular user?
James
Nice work! I may have to try this out again. I haven’t had much luck running ASA on my mac.
I am receiving the following error when I try to put up the interfaces
ciscoasa(config-if)# no shutdown
Failed to change interface status: cannot get channel
Any suggestions on what to do?
Thanks
Odd. I’ve never seen that one before.
What version of ASA/GNS3/QEMU are you running?
Have you tried another instance of ASA?
Hey great work,did you find a way to reduce cpu load of 100% when running ASA8.4 on your mac ?
Odd issue there. I’ve not had anything that has caused that. I do run a new MBPr so it is an Ivy Bridge i7.