Enable VPN Encryption feature and Troubleshooting ASA 8.4.2 in GNS3 1.X

Start the ASA and look at the console.

The VPN encryption feature is disabled and required to perform some activation.

Applying the first activation key

Enable the ASA and enter the first activation key follow by type reload.
en
activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
reload

Note: Be sure to type reload once this key is activated, else it won't be working. This might take up to 5 minutes once the reload had been confirm. Press enter to confirm.

Applying the second activation key

Enable the ASA in the console
activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
This process might take up to 10 minutes

The VPN encryption feature had been enable successful. If you hit problem activating, the issue could be when activating the first key "activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5", there is no reload done which why it is stuck there. Go back to the Applying the first activation key and not to miss that important steps of reload the ASA after inputing the keys.

Troubleshooting: Network error: Connection refused!

Ensure that there is only 1 console window running. They could be two session running which why it is restarting and Connection refused!

• Tried to exit GNS3 to see if it helps
• Create a new Project

Troubleshooting: The VPN encryption feature seem to be de-activated each time I reboot or power off the ASA

copy running-config startup-config
copy startup-config disk0
This is what allows configurations consistent through a restart.

Troubleshooting: Always getting stuck at Ethernet Giga eth5 Lan Connection on the console screen

Leave with the default settings as noted was:
Kernal command line: ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 ide1=noprobe no-hlt
Additional settings, Options: -nographic -cpu coreduo -icount auto -hdachs 980,16,32

Note: Leave the Kernal command line and do not change anything if you are using GNS3 1.2 and above as changing might have "Interface GigabitEthernet5 "", is administratively down, line protocol is up" stuck for 5 minutes.

Change (tweak) Settings:
Kernal command line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 ide1=noprobe no-hlt -net nic
Additional settings, Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

In old GNS3 0.8.X
Kernal command line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536
Additional settings, under Options, best recommended setting is: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Troubleshooting: How to erase all the configuration and start a new config again ASA without adding or install in GNS3

Note: This step is optional.

Erase the configuration in flash memory

enable
wr era
There is no password, just press enter

We will not pre-configure the firewall.Type n and press enter

Add and Install ASA 8.4.2 in GNS3 1.2 and above

Setting up using GNS3 1.2

Under GNS3 1.X, Preference, Select QEMU VMs. Click New to began configuring the ASA

Key-in a name for the ASA device and select the type as ASA 8.4(2).

Ensure the correct Qemu binary is selected.
- qemu-system-x86_64w.exe is for 64 bit OS

- qemu-system-i386w.exe is for 32 bit OS

Since I am using Windows 64 bit OS, I selected qemu-system-x86_64w.exe. Ensure there is enough RAM.

Specify the ASA VM initrd and a kernel image.
You can download from here http://fileml.com/l/0h684 or http://fileml.com/l/0h690 and just need to uncompress the zip file and browse the location.

Once the location of the Initial Ram disk(initrd) and Kernel image had been set, press Finish

Click Edit as there is some additional parameters to complete the ASA setup.

Leave with the default settings as noted was:
Kernal command line: ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536 ide1=noprobe no-hlt
Additional settings, Options: -nographic -cpu coreduo -icount auto -hdachs 980,16,32

Creating a FLASH drive for ASA

Locate the QEMU directory as we need to create a flash drive.
Hint: Hold the Shift Key on the keyboard, right-click qemu folder. There will be Open command window here. Click Open command window here to get the next menu

Type in the command window: qemu-img create FLASH512 512M

Select HDD tab

Browse and select FLASH512 that was created in the previous command prompt windows using qemu-img command

Press Apply and OK

Drag and drop the ASA from Security devices into the Project Window. Right click on the ASA device and select Start to run the ASA follow by Console to see command line.

Type in the ciscoasa
show ver
to show the version of the ASA