Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to unpack asa*.bin for using in GNS3? #2

Open
ig-loginov opened this issue Sep 12, 2018 · 5 comments
Open

How to unpack asa*.bin for using in GNS3? #2

ig-loginov opened this issue Sep 12, 2018 · 5 comments

Comments

@ig-loginov
Copy link

I unpack asa944-16-smp-k8.bin using bin.py and get two files asa944-16-smp-k8-initrd-original.gz and asa944-16-smp-k8-vmlinuz. When I'm trying to run them in GNS3 I have an error
INIT: version 2.88 booting
Starting udev
[ 9.928700] udevd[505]: starting version 182
[ 10.855231] ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 10
[ 10.947480] e1000_uio(e1000_pci.0.2.0): user interrupt driver successfully loaded.
Configuring network interfaces... done.
Populating dev cache
no cdrom devices
[ 13.722192] tipc: Started in network mode
[ 13.722721] tipc: Own node address <1.1.1>, network identity 1234
[ 13.725539] tipc: Enabled bearer <eth:tap0>, discovery domain <1.1.0>, priority 10
info: Running in kvm virtual environment.
/asa/scripts/vm_lib: line 221: /mnt/disk0/system-serial-number: No such file or directory
cp: cannot stat '/mnt/disk0/system-serial-number': No such file or directory
[ 15.584344] IHM: Initializing Interface Helper Module
[ 15.584403] IHM: registering chr device
[ 15.584470] Module registered 251, from (pid 1079)
[ 15.760572] 988.760510 [2606] netmap_init run mknod /dev/netmap c 10 60 # error 0
[ 15.761156] netmap: loaded module

Loading...

Starting image verification
[ 20.781129] traps: lina_monitor[1141] trap invalid opcode ip:40f4da sp:7fffffffe3f8 error:0 in lina_monitor[400000+26000]
/tmp/run_cmd: line 5: 1141 Illegal instruction (core dumped) cgexec -g memory:privileged -g cpuset:restricted/lina /asa/bin/lina_monitor -l
INIT: Switching to runlevel: 6
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting... [ 32.317855] Restarting system.
[ 32.317855] reboot: machine restart

I'm using these args:
Kernel Command Line: no-hlt -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
Option: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Please help to run asa in GNS3 using bin file!

@saidelike
Copy link
Contributor

It is theoretically possible to use your method to load an ASA image into GNS3 but the currently documented way is to use the .qcow2 instead of the .bin, at least for the versions where it exists. See https://github.com/nccgroup/asatools/blob/master/tutorial.md

@ig-loginov
Copy link
Author

I understand but I want to know how to load .bin.

@saidelike
Copy link
Contributor

Any particular reason? The .bin is inside the .qcow2...

@ig-loginov
Copy link
Author

Could explain detailed how I can run asa*.bin in GNS3?

@fidgetingbits
Copy link
Collaborator

I believe we've never been able to get a regular .bin to work properly inside GNS3, at least do do what we wanted. Some will boot and we can get gdb running, but then networking won't work, etc. And to be clear by "a regular .bin" I mean one that doesn't come from inside a .qcow2 file. If you're running a .bin that comes from inside a .qcow2, you may as well used the .qcow2.

That said, the approach was to just tick a box that causes GNS3 to let you specify a specific flash disk, kernel binary and initrd image.

The flash disk you can create using qemu-img. On linux this is just like qemu-img create FLASH-XXX 512M.

The initrd and kernel filie you can extract from any firmware .bin you want to run using bin.py -u -f <asaXXX.bin>

Then when you create a new ASA firewall in GNS3 you should be able to tick a box that says 'This is a legacy ASA VM', which will then let you specify the path to the flash disk and extracted files in the firewall settings.

Beyond that we can't give you any better instructions, because things didn't work reliably for debugging and networking at the same time, so we stopped going down that route.

If you do figure out how to get non-ASAv images working reliably, especially if you can get networking and debugging working simultaneously, we'd be really interested to hear about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants