Skip navigation
Cisco Learning Home > CCNP Security Study Group > Discussions
12241 Views 33 Replies Latest reply: Mar 14, 2014 1:22 AM by Hesam Ebrahimi RSS 1 2 3 Previous Next

Currently Being Moderated

Cisco ASA 8.4 with GNS 0.8.3.1 - open /proc/bigphysarea failed, error 2

Dec 1, 2012 9:35 AM

Rajesh Agrawal 71 posts since
Nov 2, 2009

lina_bigphysarea_size: open /proc/bigphysarea failed, error 2

 

I have configured it right according to below details:

 

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto

nousb console=ttyS0,9600 bigphysarea=65536

 

http://blog.ciscoinferno.net/gns3-and-c ... 8-4-part-1

 

I have followed the above reference even then i am unable to connect to ASA 8.4 its running however there is no output coming on console one error is there when i open console.

 

I have windows 7 64 bit and GNS 0.8.3.1 64 bit (standalone) with asa842-initrd (57238 KB) and asa842-vmlinuz (1328 KB)

 

Someone please help me out its very urgent. Please help me all the experts with your expert advice. Screen Shot is attached below


  • Mike 16 posts since
    Aug 4, 2010

    Rajesh,

     

    Your configuration looks exactly like mine which is working fine.  In the past I have had difficulty with various versions of GNS3 when I had it installed in the Users folder.  I suggest that you try moving your installation to the root drive, C:/GNS3 and put all your subdirectories under that:

     

    c:/gns3

         /ios

         /projects

    Since I have done this I have had very few, if any, problems with GNS3.

    I have attached a screen shot of my ASA preferences, that show my paths to images.

     

    Whoops!  Didn't attach files.

     

    HTH

    Regards,

    Mike

     

    Message was edited by: Mike I originally did this when having a lot of problems with gns3.  It was a suggestion from Rene Molenaar of GNS3Vault.com.

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009

    Hi Rajesh-

     

    Before running GNS3, (and while the app is closed), from a cmd prompt, see what ports are in use.  You can use the following:

     

    netstat -an

     

    Look for listening/open local ports on:

     

    TCP 3001

     

    and/or

     

    UDP 20000

     

    If either of these appear, bring up GNS3, go to the Qemu Configuration shown in Mike's post, and change the Console and/or Base ports to add "1" to the one that was previously in use.   for example, if the TCP 3001 was in use, change the configuration to use TCP 3002 (presuming that wasn't in use.   Same concept for the UDP base port.

     

    Let us know what you find, and happy emulation.

     

    Best wishes,

     

    Keith Barker

  • Mike 16 posts since
    Aug 4, 2010

    Keith,

    Very good suggestion.  From my experience it is always a good idea to use Task Manager to close all processes associated with gns3 before starting any topology use or build.  I have found instances of Qemu running from previous work that has been shutdown.  Also, dynamips is pretty persistant as well.

     

    regards,

    Mike

  • How much memory do you have on your box? Do you have read access to the working directory via the permissions that GNS3 is run under?

     

    Also - you may have just gotten bad ASA images. May be worth re-downloading.

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009

    Hi Rajesh-

     

    I see TCP port 10,000 open, which is a base port that dynamips uses.  (This may not directly impact the ASA and the Qemu, but you should change your base port for dynamips to 10,001 (or make sure that all dynamips processes are stopped and that that port isn't open before beginning).  That is for avoiding future issues.

     

    I noticed a difference between your install and mine, and that is the flavor of GNS3.   On the download page for GNS3.net there are 3 options for Windows.   The all-in-one, the all-in-one-32bit, and the all-in-one-64 bit.   I am using the first (which uses a 32bit version of Qemu (as reported by task manager).

     

    Here is what I would recommend at this point.   Change the dynamips to base port of 10,001, reboot and see if that changes anything.  (It won't likely, but give this a shot).    

     

    After that, use control panel to uninstall GNS3.   Once uninstalled, re-install the same one I am using (the all-in-one that doesn't specify 32 or 64 bit.   Re-configure to point to the folders you want to use, and  the setting for IOS and ASA as you currently have (with the exception of the dynamips 10,000 port which looks like it is open already, so change that to 10,001), and see if the different version of GNS3 is what makes the difference.

     

    Let us know.

     

    Thanks,

     

    Keith Barker

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009

    Can you provide a screen shot of the Qemu "General Settings" page?

     

    Thanks,

     

    Keith

  • lateef 5 posts since
    Jan 11, 2009

    Hi guys,

     

    Sorry this might not be relevent but i really need help if any of you can

    Thanks all in advance

    I am currentely studying for CCNP Security Firewall v2.0 exam. I bought an ASA. I spent few hours setting it up and couldn't get through ASDM. Please find the config below

     

    I can ping to and form PC but can't get to asdm form browser

     

    ASA Version 8.4(2)
    !
    hostname ciscoasa
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Ethernet0/0
    shutdown
    !
    interface Ethernet0/1
    shutdown
    !
    interface Ethernet0/2
    shutdown
    !
    interface Ethernet0/3
    shutdown
    !
    interface Ethernet0/4
    shutdown
    !
    interface Ethernet0/5
    !            
    interface Ethernet0/6
    shutdown
    !
    interface Ethernet0/7
    shutdown
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    ftp mode passive
    pager lines 24
    mtu inside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.1.2 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0

    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
    !
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active  
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email callhome@cisco.com
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:867cc8d35c50321b19beff1764a5c0d5
    : end
    ciscoasa#

     

    ciscoasa#

    ciscoasa# ping 192.168.1.2

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

    !!!!!

    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

    ciscoasa# sh run

    : Saved

     

    ciscoasa# sh flash
    --#--  --length--  -----date/time------  path
       87  25159680    Dec 04 2012 14:30:10  asa842-k8.bin
       88  17010808    Dec 04 2012 14:31:22  asdm-645-204.bin
        3  2048        Dec 04 2012 14:33:32  log
        6  2048        Dec 04 2012 14:33:48  crypto_archive
       80  0           Dec 04 2012 14:33:50  nat_ident_migrate
       10  2048        Dec 04 2012 14:33:50  coredumpinfo
       11  59          Dec 04 2012 14:33:50  coredumpinfo/coredump.cfg
       89  260         Dec 04 2012 14:33:50  upgrade_startup_errors_201212041433.log

    128573440 bytes total (85966848 bytes free)
    ciscoasa#

     

     

    Any help much appriciated

     

    Lateef

  • Mike 16 posts since
    Aug 4, 2010

    Lateef:

     

    You have left out the asdm command pointing to your asdm image on disk0.

     

    Mike

  • Next time please start your own thread. This is not related to the original post.

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009

    Hi Lateef-

     

    Are you physically connected to the ASA's switch on port 0/5?  That is the only port that isn't shutdown.

     

    Keith

  • lateef 5 posts since
    Jan 11, 2009

    Hi Keith,

     

    First of all Keith thank you very much for taking time to reply

     

    Yes, I am physically connected on Ethernet0/5.

     

    ciscoasa# ping 192.168.1.2

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

    !!!!!

    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

     

    Lateef

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)