How to configure any ASAv .qcow2 image for serial telnet access

Create the initial “master” ASAv VM

Download the ASAv qcow2 file with the OS version of your choice from Cisco.com. Open the GNS3 preferences. Go to QEMU > QEMU VMs and hit new. Select the option to run the Qemu VM on the GNS3 VM. Hit next.

Choose “Default” for the VM type and hit next. Name the VM (ASAV 9.6.1 for example) and hit next. Select the x86_64 Qemu binary and set  the RAM to 2048mb. Hit next.

Select New Image, browse to your downloaded qcow2 file, and click open to upload the file to your GNS3 VM. Once it has finished uploading, click next.

Select the ASA symbol, change the category to Security Devices, and set the console type to vnc. We will change this to telnet later in the guide.

Click the network tab. Set the number of adapters to 8. Set the first port name to Management0. Set the name format to GigabitEthernet0\{0}.

Click the Advanced settings tab. Uncheck the “Use as a linked base VM” box. We will check this later in the guide. Click OK then Apply > OK to save the device.  This device will be configured as the “master template” for the ASAv.

  • Configure the ASAv for telnet access

Create a junk project and drag one instance of the new ASAv to it. Power it on and double click it to open the TightVNC viewer. The ASAv will automatically reboot once during the initial power-up after “determining the device platform”.  After the second boot, it will stop at the ciscoasa> prompt. Once you get that you are ready to move to the next step.

The ASAv serial port is disabled by default.  The software seems to require a file on the root of Disk0: called use_ttyS0 to enable the serial interface. The easiest way to add this is to clone the existing \coredumpinfo\coredump.cfg file and rename it. Use these commands to clone it:

 

ciscoasa#conf t

ciscoasa(config)# cd coredumpinfo

ciscoasa(config)# copy coredump.cfg disk0:/use_ttyS0  (that’s  S zero not S and the letter O)

 

Verify the file exists with the command dir disk0:/

Once it’s there, reload the ASA. There’s no need to save the config at this point. We just want the ASA to reload with that file in place. It should show the GRUB boot loader, and boot, but the interaction will stop with the message “Lina to use serial port /dev/ttyS0 for console IO”. At this point it has transferred the interactive control to the serial port.

Power the ASAv off. Right click it, and select configure.  Change the console type from vnc to telnet. You must power the ASAv off to do this. You can change it with the device powered on, but it will throw the error “No connection could be made because the target machine actively refused it” if you try to launch the console and will not connect. Click Apply > OK to save.

Power the ASAv back on and double click to open the console. It will take 30-45 seconds before any output will appear. The GRUB boot screen and boot process won’t show in the serial port output. The serial port isn’t active until the ASA software loads. My Surface pro takes 30 seconds to show output.

The ASAv “master” is now configured for console access.

 

  • OPTIONAL – configure other base features/options

At this point you can add other options to the master template. If you wish to assign an interface IP, description, username/password, or any other configuration as a “base” ASA build,  you can do so now. I added the asdm-761.bin file to the image so I would not have to download it to the ASA every time I create a new device in a project. I did not want to leave any config information other than the asdm image in my master file so I issued the write erase command and reloaded after copying the file.

 

  • FInalize the master template

Once you have your ASAv configured for telnet console access and any other features you want, issue the write memory command (not necessary if you don’t have running config settings in your ASA) and power it off. You can delete the device from your project now. Any changes are part of the qcow2 file that resides on the GNS3 VM.

 

Open the GNS3 preferences, select QEMU > QEMU VMs, choose your ASAv and click edit.

On the General settings tab, change the console type to telnet. All ASAv instances created from this template will now be configured for telnet to the console port.

Lastly, click the Advanced Settings tab. Check the box next to “Use as a linked base VM” and click OK. This option tells GNS3 to clone the qcow2 file for each new ASAv host created in a project. This will allow your “master template” file to remain unchanged while creating new instances preconfigured with the telnet serial settings and any other customizations that were made in the optional section.

Close the preferences page, click Apply > OK to save the template. You’re ready to create your secure firewall labs.