GNS3 has been a stable to my personal study. When I first achieved ROUTE on my way to CCNP I worked in a heavily switched environment. I had worked on routers and routing technologies about 5 percent of the time. It wasn’t enough to brush over the material and blitz the exam. I required a deep dive into the materials offered. I ended up using GNS3 and could create multi-area OSPF topologies, Giant EIGRP networks, and BGP with cheeky redistribution. This was only the beginning.

Imagine this inside your laptop and access anywhere?

My current place of employment is about to have ASA’s come out of the nether regions. 5585-CX is the flavour of the day. As a part of all this I am being sent to a Cisco partner course covering FIREWALL topics. I guess this aligns with the CCNP Security FIREWALL  curriculum. My ASA exposure is quite limited and I have to admit that I generally a fish out of water when it comes to hardcore security.

I have read around about people getting PIX firewalls working with GNS3 but PIX is old! ASA took over before I even got into networking. As the new CCNA Security is now adding ASA to the course (less rubbish, more content!) and CCNP Security requires ASA/IPS and ASDM. I couldn’t afford to buy ASA devices and or the required licensing. Luckily I gained access legally to licences and ASA IOS and ASDM.

I am an advocate of licensing and doing the right thing. DO NOT ask me for links to files or for a one off link. CCO login will more than let you know if you are eligible to be using the software detailed in this article. I could be breaking the rules as it is.



Let me first start this off by disclaiming that this post is not a “Welcome to GNS3”. I am expecting a level of knowledge already present and will NOT be covering basics in this post.

The version of GNS3 that this laptop is using 0.82-BETA2. I’ve not updated for a while but this is the version that works for me. Included in the All in One installer is QEMU. QEMU is the hero and emulator of the ASA software.


* If you do not have any of the required files along the way I suggest that you use the googles a little. You may find the files required.

Now – lets point GNS3 towards our ASA software. I am using 8.4.2 ASA code.

  1. Edit
  2. Preference
  3. QEMU
  4. ASA
QEMU settings work for me. They may not for you.

Note the picture above. The following settings are input into the fields.


  • Name: ASA8.4 (can be anything)
  • RAM: 1024MB
  • NICs: 6
  • NIC model: e1000
  • Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32


  • Initrd: Location of Initrd file
  • Kernel: Location of Kernel (ASA) software

Probably the most important field is below. This exact string works for ASA code 8.4 and nothing prior.

  • Kernel CMD: Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

Wall of Fire

Now add that and close the window. Next step is to drag across an ASA into the topology. This is my topology I am using to create my virtual lab.

My Security lab

Now just hit console and you will get the ASA to start. It will load up and it can take a while the first time. Due to the requirements being high if your CPU spikes or RAM is maxed expect it to be a poor experience. My laptop rocks 16gb ram and a sandy bridge i7 so I do not have many issues.

Hardware requirements are of particular concern if you are using Virtual Machines such as Security Onion also. IF they are a concern then just worry about connecting your client up!

Licence to kill

As we all know ASA licensing is intense. Stupidity comes to mind. Want VLANs? We got a licence for that. Want fail over? Got a licence for that? 10GBE on 10GBE hardware? Yes, my word you need licence for that.

Well the same goes for our ASA we have running. It is now a fully functioning ASA – same rules apply. Though that being said I do use a legit ASA licence – I have sourced one for you floating around the internet. From what I have read the people who made all this work got this key working . Until I receive a take down notice – Here kiddies!

activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6

Here I apply the key – note that the first time takes FOREVER and a day! Don’t worry just let it do it’s thing.

ciscoasa> en
ciscoasa# conf t
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit:
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: n
In the future, if you would like to enable this feature,
issue the command "call-home reporting anonymous".
Please remember to save your configuration.
ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
Validating activation key. This may take a few minutes...
Failed to retrieve permanent activation key.

Now the important thing to note here is the following. Restarting the ASA. DO NOT RELOAD. You must not reload otherwise you will need to put in another key the next time you boot up. It takes 5 minutes so it can slow you down.

What I have found is that stopping/starting via right click in the GNS3 gui will help you here. It remembers its information.

copy running-config startup-config
copy startup-config disk0

This is what allows configurations consistent through a restart.

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 5 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 0 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 10 perpetual
Total UC Proxy Sessions : 10 perpetual
Botnet Traffic Filter : Enabled perpetual
Intercompany Media Engine : Enabled perpetual

Well. That is nice. VPNs, Failover, 3DES-AES, and contexts. Spoilt aren’t you!  That’s it for provisioning an ASA in qemu. IF there is any files you are missing a light google will help you find what you are missing – allegedly. It took me about 90 minutes of research and not much longer putting it together.

Next up we bind GNS3 to our host machine, kick the console for SSH access from the host then TFTP ASDM onto our device! Phwoar. CCNA CCNP CCIE SECURITY LABS FOR EVERYBODY!

Update –  Shout out to for the love. Check his ASA video out that aligns to this!


38 thoughts on “GNS3 and Cisco ASA 8.4 (Part 1)

  1. Hi, thanks for the great post.  Clarify please…

    Kernel CMD: Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536


    Kernel CMD: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

    Thank you 🙂

    1. in the “Kernel CMD Line” type:

      -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

  2. Hi, I have followed the steps. However after I put in the key, and restart the ASA>>Stop and den start…It still says that license is limited. I meant failover is disabled. Please assist me

    1. Hey Karan,

      In global configuration mode I used the command as posted in the blog to apply the key.
      I then issued a wr mem and copy start flash0: as a redundancy. I then proceeded to stop/start via the GNS3 console. That worked for me. Give it a go Karan.

      Let me know how you get on.

  3. Here is a problem that I have. I can connect an ASA in GNS3 to the Windows Loopback and, using static routes, ping to the ASA and from the ASA. BUT… If I want to connect that ASA to the Ethernet, and then to a switch…mirrored to another PC with the same configuration, I get nowhere. PS: disabling the PC firewall is a must in order to allow the PC to route ICMP packets, I found. Help!

  4. unable to save config in ASA, i entered the key, it got activated but after i close and re-open ASA…again I have to enter the key..m using windows 7 ultimate

  5. I’m running gns3 in a win 7 64 but and I keep getting lina_bigphysarea_size: open /proc/bigphysarea failed, error 2

    I’m doing every step right I can’t get ASA to load

    1. I doesn’t work in windows 7, because I’m having the same problem and I decided to test in windows XP pro and boom! working perfect!

      1. I had the same problem, and I uninstalled then reinstalled to C:GNS3 rather than Program Files. It worked after that.

  6. I am not able to load this asa in my windows machine at all..I start the device a popup windows appears, then that’s it. I open console and it just hangs never presenting a prompt. Windows 7 64bit is my pc. Any suggestions?

  7. I had problem with the “…..Error 2” for days, I was keep changing stuff and it did not work, I found a simple solution that worked for me I hope it works for you all to. It was a fair simple solution.

    1. Disable AV (Anti Virus)

    2. Re-install the GNS3

    3. Place all ASA stuff in ‘C:GNS3’

    4. Make all the setting changes you will

    5. DO NOT RUN THE ASA at this stage

    6. Close the program and reopen it (It seems the settings would not take effect if you do not reopen the GNS3)

    7. Then it works

    The problem I was facing was, I was changing the setting but, did not close and open GNS3

    Hope it was a help.

  8. I tried to ping from my asa to the Loopback. and and it is not getting ping .. the output was ????? like ths .. so that i have to do

    1. Hi Ramon,

      You need to save your configuration. After doing this, in GNS3, right click on the ASA, and select Stop. Then Start the ASA once more.

      You cannot perform a restart otherwise it will wipe the licence file.



  9. Great Blog. Recently moved to Mac from Ubuntu (Fedora before that) and have moved almost 95% of my “stuff” over. I was wondering if you know of IPS 7.1 running on GNS3? Thanks

  10. guys i’m getting this error,i can get some help on this matter
    “lina_bigphysarea_size: open /proc/bigphysarea failed, error 2”


  11. Hi, I have already setup the ASA and used ur method to install the license. I am trying to use SSL Clientless VPN on this ASA but its not working even after all the configurations. When I enter the SSL Portal address on the client machine; browser gives message that webpage not found where as I am able to ping from the client machine to ASA OUTISIDE Interface IP. Can anyone help me with that ?

  12. Have you seen it were the ASA wont bring up any interfaces?

    Starting Likewise Service Manager
    Processor memory 654311424, Reserved memory: 62914560
    IMAGE ERROR: An error occurred when reading the controller type
    Ignoring PCI device in slot:0 (ven:0x8086 dev:0x1237 rev:0x02)
    Ignoring PCI device in slot:0 (ven:0x8086 dev:0x7000 rev:0x00)
    Ignoring PCI device in slot:0 (ven:0x8086 dev:0x7010 rev:0x00)
    Ignoring PCI device in slot:0 (ven:0x8086 dev:0x7113 rev:0x03)
    Driver not found for vid = 0x8086 did = 0x100e
    Driver not found for vid = 0x8086 did = 0x100e
    Driver not found for vid = 0x8086 did = 0x100e
    Driver not found for vid = 0x8086 did = 0x100e
    Driver not found for vid = 0x8086 did = 0x100e
    Driver not found for vid = 0x8086 did = 0x100e
    Ignoring PCI device in slot:6 (ven:0x1af4 dev:0x1002 rev:0x00)

  13. My ASA is stopping here, not booting up. Using GNS3 1.1

    Unpacking initramfs…Clocksource tsc unstable (delta = 322185892 ns)

  14. In GNS3 1.3.7 My ASA is not booting and stops here

    Unpacking initramfs…(0) Kernel panic – not sysncing : bad gzip magic numbers

  15. Dear All,
    I am unable to copy ASDM file from tftp server to GNS3 1.3.9 even tried all following possibilities:
    1. Configured loopback address.
    2. Configured virtual machine and integrated with Gns 3 but unable to copy file to gns3
    3. Copied all inspection rule from internet and copied in ASA and enabled and allowed host using access list but not able to copy ASDSM file.
    Please anyone can help me out to get this sorted out because I am extremely excited to work on ASA along with various lab for my certifications.

  16. configuration of ASA on gns3 1.3.11 is a little different and tricky… in new version of gns3 there is not direct tab/link in preferences for configuration of ASA, you can find it under the Qemu tab.

Leave a Reply

Your email address will not be published. Required fields are marked *