This all-in-one pack consist of vmware image that is produced on vmware 6.0.1, so this version or newer is probalby needed.
The pack is RAR, 82 MB long and has:
* Damn Small Linux (DSL) with X-Windows GUI
* GRUB Bootloader from which you can choose wheter you want to boot to ASA or Linux. ASA is chosen automatically within 3 seconds
* HD image that consist of 2 partition: 1st partition is ASA’s HD (256MB) that is mapped in ASA to DISK0:. First partition is used to store the files (configuration and possibly ASMD), and the second is used to store ASA boot files and DSL Linux. Second partition is 60% full.
* Removed the need for CDROM – boot files straight off the HD.
* Predefined interface IPs – inside interface (e0) have ip 192.168.1.1/24 and it have enabled telnet and ssh, so you don’t need serial port to set basic settings.
* If you still want serial interface display you can use pipe – in serial port settings chose “used name pipe” “\\.\pipe\vmwaredebug”, “This end is client”, “The other end is an application”, start start_gw.bat file that is included in ASA folder and telnet to localhost:567. Then start the virtual machine and watch the output in telnet client.
I tested it on my VMware 6. There is a problem. When I telnet from my SecurCRT and the simulator didn’t respond correctly with my TAB key and Arrow Key, and some other keys. So what problem it could be?
wg4ne September 18, 2008 2:23 am
use telnet to asa directly,but not to the pipe gateway.Tab key unuseable is because the pipe problem.
Did you manage to make it work on a real pc?
Would you please share the creating processs of DSL version ASA ?
wayne September 18, 2008 3:14 am
Thanks. I just tryed to make it work in my VMware system and then connect to virtual routers and switches. I just downloaded your VMWare ASA AIO virtual Image and then open existing system on VMware. I didn’t make a new system.
wayne September 18, 2008 4:05 am
Does the ASDM 6.02 work here? Cas I tryed and seems the ASDM does not work now. It always says that ” Your current ASA image version 8.0(2) doesn’t support ASDM 6.0(2). But I try to put different versions of ASDM, they don’t work all.
admin September 18, 2008 8:20 am
I will get to the ASDM later on, it will probalby need hacking the ASA code and patching it so it will read false chasis id which should be one of the publiziced keys instead of “default” 1234567890.
I didn’t tried to use image to connect to virtual routers and switches. It should work, but i didn’t tried.
Next thing is to make it work on the real PC that i already have prepared. The real PC machine is Compaq Deskpro EN (900 MHz Intel with integrated Intel i82557 and one more PCI card in the riser’s slot). I am wondering how fast it will go as the cisco published that 5505 series can do 100mbps with 500mhz cpu. I guess that vmware’s overhead do a quite slowdowns here.
Nice graph, wg4ne. I only tested nat troughout but you did it all. In qemu i got MUCH worser troughput with max about 1mbit/sec (with KQEMU accelerator).
To make it installable on the real system i will prepare the install ISO which will do it all automatically. You will need 500MB HD minimum (real small, you may say).
And for the first post, yes, there is a problem with gateway not passing the commands correctly, but, you don’t really need serial to access to asa. Simply, temporary put the ip in 192.168.1.0/24 range and access the asa via telnet or ssh and configure the whatever ip you want.
wg4ne, if you wish to help me with ASA i would make you the mod of the site and you can post the bandwidth tests (and other tests)
wg4ne September 19, 2008 1:51 pm
ok
admin September 19, 2008 9:04 pm
wg4ne, you must make an account first
markus September 26, 2008 11:06 am
very nice thing! I only have a problem with ASDM. I have tested 6.0(3) and 6.1(2) and all of them said: “Your ASA image has a version number 8.0(2) which is not supported by ASDM 6.0(3)” (or 6.1.(2) respectivly). Is there a known problem or do I use the wrong versions…?
tess September 29, 2008 3:14 pm
When i configure ss and telnet access the first time it works. After i turn off the asa then it doesnt work anymore. I saved the config. Does anyone have the same problem? thanks in advance
Pb October 3, 2008 12:04 am
Amazing work. I’m ready to donate money for this project, just give paypal acc. If you could fix ASDM it would be really nice.
admin October 5, 2008 9:25 pm
@markus, i’m still not come to the asdm part, i was trying to add all linux drivers – unsucessfully (which is one of the requirements for install cd 2.0) – so far i managed to make clean asa on same partition where the data is (so no need for extra boot partition, and requiremens have been reduced to 256MB HD).
@tess, be sure NOT to save with “wr mem” but with “copy running-config disk0:/.private/startup-config” – i hope i get the path rights, wrote this from memory.
@Pb, maybe one day
Adam October 17, 2008 12:44 am
Hey all. I downloaded this and am running it in vmware no worries.
I am trying to telnet in and am prompted for a password!
Anyone know what the password is to telnet in for the first time? Its killing me!
admin October 17, 2008 8:23 am
Try “ciscoasa”.
aleks October 18, 2008 6:56 pm
Hey all,
I´ve downloaded (I think all packages, that are published here). But I don´t get any of them to run in my VMWare Server 2.
Does any one of you have the same issue and perhaps a solution?
Thanks,
Aleks
admin October 21, 2008 7:58 pm
aleks, can you post a little more details?
“Don’t work” doesn’t mean much.
aleks October 21, 2008 9:24 pm
Sure, as I read your comment I realized it my self.
But this doesn´t matter now, because it works.
I just didn´t read one special comment.
The content was that it is normal, that after “Loading kernel …” (or something like that) nothing happens in the vm console.
So, every thing is okay with the image.
But there is one other thing, that some other users already mentioned.
The asdm tool. This would be a very useful tool. Of course, it is possible to do the config via console, but it would be much easier if it would be possible to use it.
Thanks,
Aleks
admin October 23, 2008 5:26 pm
ASDM is possible but hard to provide as i need to crack the cisco’s code.
I’m still stucked at the drivers…
DaveM October 26, 2008 11:05 pm
Excellent work! I just installed on my Linux box with VMware server. Had a challenge figuring out to connect to the Unix named pipe in Linux. Found this link and thought it might be helpful for others:
So far it just hangs at Uncompressing Linux… OK, booting the kernel.
Admittedly, I’m trying this in VMware player. Has anybody gotten this to work in Vmware Fusion 2.0?
Mike October 27, 2008 5:01 pm
Nevermind, it works well so far (can telnet into it) in Vmware fusion in OS X. Of course, fusion doesn’t support named pipes, but I can output the serial port to a text file. Thanks for pre-configuring Telnet, otherwise I’d never get in!!
admin October 28, 2008 4:37 pm
DaveM, thnx for info.
Mike, i’m glad you made it work… i tought that someone could have a problems with pipe so i preconfigured the telnet to ease the access.
Many ppl get confused by that message “Uncompressing linux…” and expect console but there is no console on video card becouse real asa also need serial port to be configured and that startup output you can’t really see on real asa becouse there’s no video card, just serial port.
Mike October 28, 2008 5:59 pm
The performance is surprisingly good in vmware. Running on a 2.3Ghz Macbook Pro, I managed to get an SFTP transfer up to 52Mbit/sec with only PAT running. The packet/sec rate maxed out at 4Kpps… not bad. My vmware cpu usage topped around 80%.
Running a plain-text FTP transfer, I was able to get just around 70Mbps w/ a pps peak of 7Kpps.
I’m going to test VPN connectivity next.
In case you’re interested, my logical topology is as follows:
Macbook Pro —->Inside[ASA]Outside—-> Mac Pro
Out of curiosity, is there a reason why the ASA only reports 128Mb RAM, even though its assigned 256Mb?
admin October 29, 2008 9:32 am
You can see the benchmark from the other guy on the native platform.
500Mhz machine can do nearly 100mbit with just NAT and i guess it performs even better in transparent mode.
As far as i saw from my tests qemu/pemu is very bad in producing high troughput – i have never been able to make more than 1mbit/sec even on very fast machine.
lewis.hui October 31, 2008 1:17 pm
Firstly, thanks for your good job.
Now I find a problem. I have installed it in vmware6, but it seem that it doesn’t accept multicast packet such as ospf hello packet.Could you help me?
Thanks,
lewis.hui
Mike October 31, 2008 3:35 pm
The problem is with vmware, not the ASA image. I finally loaded the image on an 866Mhz PIII box w/ a bunch of e1000 NICs for testing. After modifying the initramfs images to load e1000 instead of e100 and duplicating it to an instance that would dump me in a shell, I was up and running.
I then hooked it up to a gigabit LAN with a box running dynamips and a single router. The router and the ASA were able to exchange OSPF routes just fine and traffic was able to pass.
admin October 31, 2008 10:16 pm
Mike, can you post some of the bandwidth benchmarks using e1000 and P3/866 in native mode (especially when asa is in transparent mode becouse i assume the bw test would be best in that case)?
There is a e1000 driver in initrd but it probalby need insmod which can be done from shell before the lina is started.
It is quite possible that vmware doesn’t pass multicast packets out of the virtual network.
lewis.hui November 18, 2008 8:43 am
I find the network interface doesn’t work in promiscuous mode, so it doesn’t work in transparent mode.Could you help to solve it? Thanks.
admin November 19, 2008 7:15 pm
lewis.hui, can you post your running-config?
trebla November 25, 2008 7:47 am
Is there a way to add more than 2 interface? Under Qemu suppose to add upto 6 interfaces.
pchelovod November 25, 2008 4:39 pm
Really very good system.
One problem I have found:
user generated crypto rsa mypublic key
cannot be saved. Command sa save all
depricated in ASA version about 7 or 8,
and we cannot use command write mem
instead that because it erases startup-config. Me be somebody can tell something
about it.
admin November 25, 2008 10:24 pm
@trebla, add the ethernet interface in the vmware config and they will show. Besides, i dunno why you need more interfaces – this is virtual machine.
@pchelovod, the config is not saved with “write mem” becouse it doesn’t work here for some reason (media format?) instead you must copy running-config directly on flash://…..startup-config file (it’s already explained somewhere).
trebla November 26, 2008 3:34 am
I will need extra interface to perform and test a lab senario. Actually I have tried to add the interface in vmware before, but after added extra interface following error shown and the system keep rebooting.
Total NICs found: 6
setup_irq: irq handler mismatch
Unable to open /proc/irq/15/irq error: Device or resource busy
Panic: kernel – intr_establish: open interupt descriptor irq 15
An internal error occurred. Specifically, a programming assertion was
violated. Copy the error message exactly as it appears, and get the
output of the show version command and the contents of the configuration
file. Then call your technical support representative.
assertion “_vf_mode_init” failed: file “vf_api.c”, line 99
Rebooting….
tron November 28, 2008 5:57 pm
The issue of not being able to write to flash the configuration also makes it difficult to
change the mode.
Anybody knows a work arround ?
admin November 28, 2008 9:01 pm
@trebla, for lab tests better use pemu – it works much slower but more accurate
@tron, instead of doing wr mem copy the running config over the startup config. It’s already explained.
tron November 30, 2008 6:27 pm
I know how to write mem using copy… (I read it in this forum
The problem is that when you change modes from single to multiple, the writing is done automatically, not by your command.
And as the write fails, the mode change
is aborted.
Has anybody successfully changed the ASA to multiple context mode ?
Good work. I installed ASA_install_V1 on a PC and it was successful. Everything as far as i have tested worked fine expect save command. However, I want to install VMWARE ASA version so that i can run it on my PC without the need to have separate machine dedicated for it but i dont know how to go about it. Is there anyone with a clue of how to do this?
admin December 3, 2008 11:47 pm
Easiest way for you is to download this virtual image and vmware player. In vmware player just add the asa vmware image you download earlier and start. It’s as simple as that.
Hi, I’ve tried the vm under VMWare workstation 6, under Win XP and Ubuntu 8.04, and I’m always stuck at the booting the kernel.
Any idea ?
Alade Adeyemi December 5, 2008 1:06 pm
I have a windows Xp installed on my PC as host and Cisco Asa as guest running on virtualbox 2.1.0.6. The installation was successful. How can i get the two communicating together because as it is now I can only ping the inside address of the ASA from the host OS. I couldn’t telnet to the device using either host terminal or PUTTY. I tried using Tera Term but no luck.Please, advice on what to do.
admin December 5, 2008 5:41 pm
@Bastien: That is normal and expected. Your ASA is probalby working. Read other posts please.
@Alade: Download this -> http://l4ka.org/tools/vmwaregateway.php and start it with vmwaregateway.exe /t. In virtual machine config check if there’s serial port emulation and “named pipe” to \\.\pipe\vmwaredebug, direction client – application. Then telnet to port 4444 and start ASA. This will help you communicate with ASA serial ports trough telnet.
Anon December 5, 2008 5:44 pm
It is possible to use the ASA in multiple context mode, however you must execute lina directly with the m (for multiple context mode) flag as follows:
lina -m
In order to change back to single mode, you’ll have to restart the process, obviously, without the m flag or execute lina_monitor.
As i already explained in previous posts, for console which is on serial port you need vmwaregateway. When you start vmware your serial port settings must point to shared vmwaregateway pipe. Then you connect with telnet to pipe on localhost (127.0.0.1:4444) and that’s it.
You can find around here detailed explanation.
Hi, when using vmwaregateway every key strike is sent two times to the asa. I’d rather use it under linux, you just have to create a named pipe, telling you’re server, and the other end is application, then it’ll create the file in your virtual machine dir, then just type it (in the vm dir):
sudo socat unix-connect:serialasa stdio,echo=0,raw
if you named the pipe serialasa, and it works well under ubuntu (just install socat )
Незадолго до налета ВВС из в направлении Израиля было выпущено 60 и минометных снарядов, упала в районе израильских и Нетивот Военная операция в секторе Газа, конец обстрелам со стороны палестинских ни простой, ни быстрой,
Боевики ракетами территорию Израиля армии на cektop Газа, сообщает.
Незадолго до налета ВВС из Газа Израиля было выпущено ракет и минометных снарядов, упала в районе израильских и Нетивот Военная операция в секторе Газа, должна обстрелам со стороны боевиков, ни простой, ни сказал министр
Боевики движения территорию Израиля на авианалет на cektop AFP.
the DSL is working but the ASA is nt … it gives me “uncompressing linux ….ok , booting the kernal” and nothing happened , please help me with this cause i m studying the CCSP and i need this simulation alot
thanks in advance
It is possible to use the ASA in multiple context mode, however you must execute lina directly with the m (for multiple context mode) flag as follows:
lina -m”
How to do so ? Thanks.
stapy January 8, 2009 1:32 am
thanks admin, i got them and thanks for this post … its good chance to increase our experiance in using asa
Albert January 9, 2009 8:55 am
Thanks I got it working, how is the SDM,WebVPN and Multiple Eth support coming along?
wich ASA gives better performance on PC (DSL ASA or QEMU ASA ? thanks.
admin January 11, 2009 3:57 pm
QEMU ASA is an emulation and it’s very slow. Network is alot slower (up to 40x).
VMWare is emulation too but better than QEMU.
More eth and WebVPN depends on the license.
OS My auto was broken on road. Must I call to service or 911?
Jay January 18, 2009 6:26 am
How do you increase the memory beyond 128Meg ? Without any config, the memory used is already 100meg. Could I update it to the latest ASA OS ? Seems like it’s limited to 8.02. Thanks.
admin January 18, 2009 2:52 pm
ASA works with 256MB from which some of the memory is taken by OS/Lina.
IMO 128MB free is OK, as many software routers are fine with only 32MB.
You can also do most things with that much memory.
Thanks! I’m running VMWare 2.0 and was able to fire this VM up, and change the IP so that I could ping devices on both ends. (LAN)–(HostOnlyNet)-. Some issues with writing the config, but I’ll work on that later, for now I can just update the running config from the VM with a config file. A few hours with this and I should be able to do some testing.
By the way, did anyone have issues with setting up WebVPN as a GroupPolicy setting?
Thanks again.
-P
stapy March 19, 2009 10:44 am
it will be great if u support us with ASDM cause its really v. important experiance …thanks in advance
The oldest of the distance vector IP routing protocols still in widespread use, RIP currently exists in two versions. This chapter deals with version 1 of RIP. Chapter 6, "RIPv2, RIPng, and Classless Routing," covers Version 2, which adds several enhancements to RIPv1. Most notably, RIPv1 is a classful routing protocol, whereas RIPv2 is classless. This chapter introduces classful routing, and Chapter 6 introduces classless routing. Chapter 6 also introduces RIPng, which is an adaptation of RIPv2 for support of IPv6.
Distance vector protocols, based on the algorithms developed by Bellman,[1] Ford, and Fulkerson,[2] were implemented beginning in 1969 in networks such as ARPANET and CYCLADES. In the mid-1970s Xerox developed a protocol called PARC[3] Universal Protocol, or PUP, to run on its 3-Mbps experimental predecessor to modern Ethernet. PUP was routed by the Gateway Information Protocol (GWINFO). PUP evolved into the Xerox Network Systems (XNS) protocol suite; concurrently, the Gateway Information Protocol became the XNS Routing Information Protocol. In turn, XNS RIP has become the precursor of such common routing protocols as Novell’s IPX RIP, AppleTalk’s Routing Table Maintenance Protocol (RTMP), and, of course, IP RIP.
[1] R. E. Bellman. Dynamic Programming. Princeton, New Jersey: Princeton University Press; 1957.
[2] L. R. Ford Jr. and D. R. Fulkerson. Flows in Networks. Princeton, New Jersey: Princeton University Press; 1962.
The 4.2 Berkeley Software Distribution of UNIX, released in 1982, implemented RIP in a daemon called routed; many more recent versions of UNIX are based on the popular 4.2BSD and implement RIP in either routed or gated.[4] Oddly enough, a standard for RIP was not released until 1988, after the protocol was in extensive deployment. That was RFC 1058, written by Charles Hedrick, and it remains the only formal standard of RIPv1.
Depending on the literature you reads, RIP is either unjustly maligned or undeservedly popular. Although it lacks the capabilities of many of its successors, its simplicity and widespread use mean that compatibility problems between implementations are rare. RIP was designed for smaller networks in which the data links are fairly homogeneous. Within these constraints, and especially within many UNIX environments, RIP continues to be a popular routing protocol.
点击下载此文件
I tested it on my VMware 6. There is a problem. When I telnet from my SecurCRT and the simulator didn’t respond correctly with my TAB key and Arrow Key, and some other keys. So what problem it could be?
use telnet to asa directly,but not to the pipe gateway.Tab key unuseable is because the pipe problem.
http://chengongjun.spaces.live.com/blog/cns!E6C64B63F46EE49A!165.entry
Test result of the asa vmware version.
Tcp throughout only.
NAT ,web vpn
Ipsec test result will be added later.
Did you manage to make it work on a real pc?
Would you please share the creating processs of DSL version ASA ?
Thanks. I just tryed to make it work in my VMware system and then connect to virtual routers and switches. I just downloaded your VMWare ASA AIO virtual Image and then open existing system on VMware. I didn’t make a new system.
Does the ASDM 6.02 work here? Cas I tryed and seems the ASDM does not work now. It always says that ” Your current ASA image version 8.0(2) doesn’t support ASDM 6.0(2). But I try to put different versions of ASDM, they don’t work all.
I will get to the ASDM later on, it will probalby need hacking the ASA code and patching it so it will read false chasis id which should be one of the publiziced keys instead of “default” 1234567890.
I didn’t tried to use image to connect to virtual routers and switches. It should work, but i didn’t tried.
Next thing is to make it work on the real PC that i already have prepared. The real PC machine is Compaq Deskpro EN (900 MHz Intel with integrated Intel i82557 and one more PCI card in the riser’s slot). I am wondering how fast it will go as the cisco published that 5505 series can do 100mbps with 500mhz cpu. I guess that vmware’s overhead do a quite slowdowns here.
Nice graph, wg4ne. I only tested nat troughout but you did it all. In qemu i got MUCH worser troughput with max about 1mbit/sec (with KQEMU accelerator).
To make it installable on the real system i will prepare the install ISO which will do it all automatically. You will need 500MB HD minimum (real small, you may say).
And for the first post, yes, there is a problem with gateway not passing the commands correctly, but, you don’t really need serial to access to asa. Simply, temporary put the ip in 192.168.1.0/24 range and access the asa via telnet or ssh and configure the whatever ip you want.
I have finished the ipsec vpn one session throughput test
http://chengongjun.spaces.live.com/blog/cns/
wg4ne, if you wish to help me with ASA i would make you the mod of the site and you can post the bandwidth tests (and other tests)
ok
wg4ne, you must make an account first
very nice thing! I only have a problem with ASDM. I have tested 6.0(3) and 6.1(2) and all of them said: “Your ASA image has a version number 8.0(2) which is not supported by ASDM 6.0(3)” (or 6.1.(2) respectivly). Is there a known problem or do I use the wrong versions…?
When i configure ss and telnet access the first time it works. After i turn off the asa then it doesnt work anymore. I saved the config. Does anyone have the same problem? thanks in advance
Amazing work. I’m ready to donate money for this project, just give paypal acc. If you could fix ASDM it would be really nice.
@markus, i’m still not come to the asdm part, i was trying to add all linux drivers – unsucessfully (which is one of the requirements for install cd 2.0) – so far i managed to make clean asa on same partition where the data is (so no need for extra boot partition, and requiremens have been reduced to 256MB HD).
@tess, be sure NOT to save with “wr mem” but with “copy running-config disk0:/.private/startup-config” – i hope i get the path rights, wrote this from memory.
@Pb, maybe one day
Hey all. I downloaded this and am running it in vmware no worries.
I am trying to telnet in and am prompted for a password!
Anyone know what the password is to telnet in for the first time? Its killing me!
Try “ciscoasa”.
Hey all,
I´ve downloaded (I think all packages, that are published here). But I don´t get any of them to run in my VMWare Server 2.
Does any one of you have the same issue and perhaps a solution?
Thanks,
Aleks
aleks, can you post a little more details?
“Don’t work” doesn’t mean much.
Sure, as I read your comment I realized it my self.
But this doesn´t matter now, because it works.
I just didn´t read one special comment.
The content was that it is normal, that after “Loading kernel …” (or something like that) nothing happens in the vm console.
So, every thing is okay with the image.
But there is one other thing, that some other users already mentioned.
The asdm tool. This would be a very useful tool. Of course, it is possible to do the config via console, but it would be much easier if it would be possible to use it.
Thanks,
Aleks
ASDM is possible but hard to provide as i need to crack the cisco’s code.
I’m still stucked at the drivers…
Excellent work! I just installed on my Linux box with VMware server. Had a challenge figuring out to connect to the Unix named pipe in Linux. Found this link and thought it might be helpful for others:
http://communities.vmware.com/thread/28508
Keep up the good work!
So far it just hangs at Uncompressing Linux… OK, booting the kernel.
Admittedly, I’m trying this in VMware player. Has anybody gotten this to work in Vmware Fusion 2.0?
Nevermind, it works well so far (can telnet into it) in Vmware fusion in OS X. Of course, fusion doesn’t support named pipes, but I can output the serial port to a text file. Thanks for pre-configuring Telnet, otherwise I’d never get in!!
DaveM, thnx for info.
Mike, i’m glad you made it work… i tought that someone could have a problems with pipe so i preconfigured the telnet to ease the access.
Many ppl get confused by that message “Uncompressing linux…” and expect console but there is no console on video card becouse real asa also need serial port to be configured and that startup output you can’t really see on real asa becouse there’s no video card, just serial port.
The performance is surprisingly good in vmware. Running on a 2.3Ghz Macbook Pro, I managed to get an SFTP transfer up to 52Mbit/sec with only PAT running. The packet/sec rate maxed out at 4Kpps… not bad. My vmware cpu usage topped around 80%.
Running a plain-text FTP transfer, I was able to get just around 70Mbps w/ a pps peak of 7Kpps.
I’m going to test VPN connectivity next.
In case you’re interested, my logical topology is as follows:
Macbook Pro —->Inside[ASA]Outside—-> Mac Pro
Out of curiosity, is there a reason why the ASA only reports 128Mb RAM, even though its assigned 256Mb?
You can see the benchmark from the other guy on the native platform.
500Mhz machine can do nearly 100mbit with just NAT and i guess it performs even better in transparent mode.
As far as i saw from my tests qemu/pemu is very bad in producing high troughput – i have never been able to make more than 1mbit/sec even on very fast machine.
Firstly, thanks for your good job.
Now I find a problem. I have installed it in vmware6, but it seem that it doesn’t accept multicast packet such as ospf hello packet.Could you help me?
Thanks,
lewis.hui
The problem is with vmware, not the ASA image. I finally loaded the image on an 866Mhz PIII box w/ a bunch of e1000 NICs for testing. After modifying the initramfs images to load e1000 instead of e100 and duplicating it to an instance that would dump me in a shell, I was up and running.
I then hooked it up to a gigabit LAN with a box running dynamips and a single router. The router and the ASA were able to exchange OSPF routes just fine and traffic was able to pass.
Mike, can you post some of the bandwidth benchmarks using e1000 and P3/866 in native mode (especially when asa is in transparent mode becouse i assume the bw test would be best in that case)?
There is a e1000 driver in initrd but it probalby need insmod which can be done from shell before the lina is started.
It is quite possible that vmware doesn’t pass multicast packets out of the virtual network.
I find the network interface doesn’t work in promiscuous mode, so it doesn’t work in transparent mode.Could you help to solve it? Thanks.
lewis.hui, can you post your running-config?
Is there a way to add more than 2 interface? Under Qemu suppose to add upto 6 interfaces.
Really very good system.
One problem I have found:
user generated crypto rsa mypublic key
cannot be saved. Command sa save all
depricated in ASA version about 7 or 8,
and we cannot use command write mem
instead that because it erases startup-config. Me be somebody can tell something
about it.
@trebla, add the ethernet interface in the vmware config and they will show. Besides, i dunno why you need more interfaces – this is virtual machine.
@pchelovod, the config is not saved with “write mem” becouse it doesn’t work here for some reason (media format?) instead you must copy running-config directly on flash://…..startup-config file (it’s already explained somewhere).
I will need extra interface to perform and test a lab senario. Actually I have tried to add the interface in vmware before, but after added extra interface following error shown and the system keep rebooting.
Total NICs found: 6
setup_irq: irq handler mismatch
Unable to open /proc/irq/15/irq error: Device or resource busy
Panic: kernel – intr_establish: open interupt descriptor irq 15
———————————————–
Traceback output aborted.
Flushing first exception frame:
Abort: Assert failure
vector 0×00000000
edi 0×0000000f
esi 0xd524b7b0
ebp 0xd4bf7658
esp 0xd4bf764c
ebx 0×000000cd
edx 0xd4bf7690
ecx 0×00000006
eax 0×00000000
error code n/a
eip 0xdd6a72a1
cs 0×00000073
eflags 0×00000246
CR2 0×00000000
Nested traceback attempted via signal, from:
Page fault: Address not mapped
vector 0×0000000e
edi 0xd4bf70db
esi 0xd4bf70bf
ebp 0xd4bf6fe8
esp 0xd4bf6fa0
ebx 0xd4bf70bf
edx 0×08acd5d8
ecx 0×00000000
eax 0×00000000
error code 0×00000004
eip 0×0805ee77
cs 0×00000073
eflags 0×00010286
CR2 0×00000084
An internal error occurred. Specifically, a programming assertion was
violated. Copy the error message exactly as it appears, and get the
output of the show version command and the contents of the configuration
file. Then call your technical support representative.
assertion “_vf_mode_init” failed: file “vf_api.c”, line 99
Rebooting….
The issue of not being able to write to flash the configuration also makes it difficult to
change the mode.
Anybody knows a work arround ?
@trebla, for lab tests better use pemu – it works much slower but more accurate
@tron, instead of doing wr mem copy the running config over the startup config. It’s already explained.
I know how to write mem using copy… (I read it in this forum
The problem is that when you change modes from single to multiple, the writing is done automatically, not by your command.
And as the write fails, the mode change
is aborted.
Has anybody successfully changed the ASA to multiple context mode ?
Nice post u have here
Added to my RSS reader
Good work. I installed ASA_install_V1 on a PC and it was successful. Everything as far as i have tested worked fine expect save command. However, I want to install VMWARE ASA version so that i can run it on my PC without the need to have separate machine dedicated for it but i dont know how to go about it. Is there anyone with a clue of how to do this?
Easiest way for you is to download this virtual image and vmware player. In vmware player just add the asa vmware image you download earlier and start. It’s as simple as that.
Hi, I’ve tried the vm under VMWare workstation 6, under Win XP and Ubuntu 8.04, and I’m always stuck at the booting the kernel.
Any idea ?
I have a windows Xp installed on my PC as host and Cisco Asa as guest running on virtualbox 2.1.0.6. The installation was successful. How can i get the two communicating together because as it is now I can only ping the inside address of the ASA from the host OS. I couldn’t telnet to the device using either host terminal or PUTTY. I tried using Tera Term but no luck.Please, advice on what to do.
@Bastien: That is normal and expected. Your ASA is probalby working. Read other posts please.
@Alade: Download this -> http://l4ka.org/tools/vmwaregateway.php and start it with vmwaregateway.exe /t. In virtual machine config check if there’s serial port emulation and “named pipe” to \\.\pipe\vmwaredebug, direction client – application. Then telnet to port 4444 and start ASA. This will help you communicate with ASA serial ports trough telnet.
It is possible to use the ASA in multiple context mode, however you must execute lina directly with the m (for multiple context mode) flag as follows:
lina -m
In order to change back to single mode, you’ll have to restart the process, obviously, without the m flag or execute lina_monitor.
Thanks, i’ll try it
Hi, do you know how to use console port under vmware in linux ?
I’ll found this:
http://www.virtualization.info/2006/03/tech-accessing-serial-console-on.html and this:
http://communities.vmware.com/thread/28508
but before I’ll take a look on that maybe someone did already
As i already explained in previous posts, for console which is on serial port you need vmwaregateway. When you start vmware your serial port settings must point to shared vmwaregateway pipe. Then you connect with telnet to pipe on localhost (127.0.0.1:4444) and that’s it.
You can find around here detailed explanation.
Огромное спасибо за потрясающие идеи!!! Буду следить за блогом, много всего интересного. А мой блог о науке, надеюсь, тоже понравится
Hi, when using vmwaregateway every key strike is sent two times to the asa. I’d rather use it under linux, you just have to create a named pipe, telling you’re server, and the other end is application, then it’ll create the file in your virtual machine dir, then just type it (in the vm dir):
sudo socat unix-connect:serialasa stdio,echo=0,raw
if you named the pipe serialasa, and it works well under ubuntu (just install socat
)
óäèâèëî, ÷òî ïðî÷èòàë îá ýòîì èìåííî ñåé÷àñ
кто хочет меняться ссылками, пишите
я люблю все ваши слова..
èíòåðåñíî)) ÿ êàê ðàç ïîñìîòðåë ñåé÷àñ 3+2, òàê íàñìåÿëñÿ)) âñåì ðåêîìåíäóþ âñïîìíèòü
÷òî æå òàì ñìåøíîãî?
нам что-то похожее препод вчера в универе рассказывал, на самом деле тема интересная
вот спамеров то развелось
зато правда все написано
Незадолго до налета ВВС из в направлении Израиля было выпущено 60 и минометных снарядов, упала в районе израильских и Нетивот Военная операция в секторе Газа, конец обстрелам со стороны палестинских ни простой, ни быстрой,
Боевики ракетами территорию Израиля армии на cektop Газа, сообщает.
Незадолго до налета ВВС из Газа Израиля было выпущено ракет и минометных снарядов, упала в районе израильских и Нетивот Военная операция в секторе Газа, должна обстрелам со стороны боевиков, ни простой, ни сказал министр
Боевики движения территорию Израиля на авианалет на cektop AFP.
госкомитета rpynna Украины труда и расследовавшая причины в причиной не ctatb неисправность
lx2VDi Thanks for good post
the DSL is working but the ASA is nt … it gives me “uncompressing linux ….ok , booting the kernal” and nothing happened , please help me with this cause i m studying the CCSP and i need this simulation alot
thanks in advance
the enable password pleaseeeee
Nice post.
Nice post.
Keep on blogging!
экспертная rpynna промышленной охране и горному причины в причиной не ctatb оборудования
i need the enable password please, any1 can help me ?
password is already posted on this page
“Anon December 5, 2008 5:44 pm
It is possible to use the ASA in multiple context mode, however you must execute lina directly with the m (for multiple context mode) flag as follows:
lina -m”
How to do so ? Thanks.
thanks admin, i got them and thanks for this post … its good chance to increase our experiance in using asa
Thanks I got it working, how is the SDM,WebVPN and Multiple Eth support coming along?
wich ASA gives better performance on PC (DSL ASA or QEMU ASA ? thanks.
QEMU ASA is an emulation and it’s very slow. Network is alot slower (up to 40x).
VMWare is emulation too but better than QEMU.
More eth and WebVPN depends on the license.
OS My auto was broken on road. Must I call to service or 911?
How do you increase the memory beyond 128Meg ? Without any config, the memory used is already 100meg. Could I update it to the latest ASA OS ? Seems like it’s limited to 8.02. Thanks.
ASA works with 256MB from which some of the memory is taken by OS/Lina.
IMO 128MB free is OK, as many software routers are fine with only 32MB.
You can also do most things with that much memory.
Tcp named pipes is much better than vmware gateway, you connect to multiple virtual serial devices, even remotely.
http://shvechkov.tripod.com/nptp.html
Hello,
Is it possible to change somewhere the Asa Serial number?
It is possible, but not easily.
You must change the code of the lina to be able to do it. That requires lina disassembling.
dear admin
i tried to ssh to asa using putty but it doesnt work … can u please advice?
Has anyone been able to get ASDM to work with this ASA ?
hey admin
is there any news about asdm?
Thanks! I’m running VMWare 2.0 and was able to fire this VM up, and change the IP so that I could ping devices on both ends. (LAN)–(HostOnlyNet)-. Some issues with writing the config, but I’ll work on that later, for now I can just update the running config from the VM with a config file. A few hours with this and I should be able to do some testing.
By the way, did anyone have issues with setting up WebVPN as a GroupPolicy setting?
Thanks again.
-P
it will be great if u support us with ASDM cause its really v. important experiance …thanks in advance