Friday 22 February 2013

Juniper JNCIA-Junos - Class of Service

For this last chapter, you are going to mark some traffic.

Exercise – Marking packets

Your goal is to create a filter that you will apply on JUNOS1′s em4 interface (input). This filter will mark all packets from 10.3.3.0/24 with expedited-forwarding (EF) DSCP.

Solution

firewall {
    family inet {
        filter apply-cos {
            term from-JUNOS3 {
                from {
                    source-address {
                        10.3.3.0/24;
                    }
                }
                then {
                    forwarding-class expedited-forwarding;
                    accept;
                }
            }
            term default {
                then accept;
            }
        }
    }
em4 {
     unit 0 {
         family inet {
             filter {
                 input apply-cos;
             }
             address 172.30.25.9/30;
         }
     }
 }
This is the end of our hands-on exercises, you should now be ready to seat for the
JNCIA-Junos certification. Don’t forget you can obtain 50% off the exam cost by passing the pre-assessment exam on Juniper’s website.
Posted by at No comments:
Labels: ,

Juniper JNCIA-Junos - Routing Policy and Firewall Filters

We assume you have read chapter 2 of Juniper’s second PDF so that you can practice routing policy and firewall filters. First we are going to start with a simple route redistribution followed by a firewall filter to restrict telnet access.

Exercise 1 – Default route redistribution into OSPF

Create a policy to redistribute the existing default route (0.0.0.0/0) on JunOS1 into OSPF so that other routers can use it.

Solution

[edit]
root@JUNOS1# edit policy-options
[edit policy-options]
root@JUNOS1# set policy-statement default-static term accept-default-static from protocol static
[edit policy-options]
root@JUNOS1# set policy-statement default-static term accept-default-static from route-filter 0.0.0.0/0 exact
[edit policy-options]
root@JUNOS1# set policy-statement default-static term accept-default-static then accept
[edit policy-options]
root@JUNOS1# show
policy-statement default-static {
    term accept-default-static {
        from {
              protocol static;
              route-filter 0.0.0.0/0 exact;
             }
    then accept;
    }
}
[edit policy-options]
root@JUNOS1# top edit protocols ospf
[edit protocols ospf]
root@JUNOS1# set export default-static
[edit]
root@JUNOS1# commit
JUNOS1 advertises the default route in OSPF, check that JUNOS3 can actually see it.
root@JUNOS3# run show route protocol ospf
inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0          *[OSPF/150] 00:00:05, metric 0, tag 0
> to 172.30.25.9 via em4.0
Read more »
Posted by at No comments:
Labels: ,

Juniper JNCIA-Junos - Routing Fundamentals

Starting with Juniper’s second PDF, we can make a new practice lab for the next 3 chapters. This lab is a bit more advanced than the previous one in order to test the OSPF routing protocol. You will need 3 Juniper routers, here are the connections:
  • JUNOS1, interface em0 <-> JUNOS2, interface em0
  • JUNOS1, interface em1 <-> JUNOS2, interface em1
  • JUNOS1, interface em4 <-> JUNOS3, interface em4
  • JUNOS2, interface em3 <-> JUNOS3, interface em3
Make sure the routers have a factory default configuration (use the load factory-default command if you need to). Then set the host-name, root password and IP addresses for each router, to save time you can copy and paste the following commands (don’t forget to commit):

JUNOS1

set system host-name JUNOS1
set interfaces em0 unit 0 family inet address 172.30.25.2/30
set interfaces em1 unit 0 family inet address 172.30.25.6/30
set interfaces em3 unit 0 family inet address 192.168.1.1/24
set interfaces em4 unit 0 family inet address 172.30.25.9/30
set interfaces lo0 unit 0 family inet address 10.1.1.1/24
set system root-authentication plain-text-password
Read more »
Posted by at No comments:
Labels: ,

Juniper JNCIA-Junos - Operational Monitoring and Maintenance

For the last chapter of Juniper’s first PDF, we are going to have a closer look how to get more information about JunOS and also practice the password recovery procedure that will sooner and later be useful for you.

Exercise 1 – boot messages

Do you remember the booting process in chapter 1? Well you have a command to see the messages again (hint: use the show system command).

Solution

root@JUNOS1# run show system boot-messages
Copyright (c) 1996-2010, Juniper Networks, Inc.
...
ad1: 1024MB <QEMU HARDDISK 0.11.0> at ata0-slave WDMA2
Trying to mount root from ufs:/dev/ad0s1a
vn_read_compressed_block: invalid block index 550
Read more »
Posted by at No comments:
Labels: ,

Juniper JNCIA-Junos - Secondary System Configuration

Before diving deeper into JunOS configuration you should have read chapter 4 of Juniper’s first PDF. Let’s continue with the same lab as before.

Exercise 1 – Syslog

On JUNOS2, set up a syslog file to record any config changes (hint: system syslog). Commit and quit.

Solution

[edit]
root@JUNOS2# set system syslog file config-changes change-log info
[edit]
root@JUNOS2# commit and-quit
commit complete
Exiting configuration mode
Now go back to configuration mode and change junuser to give operator permissions instead of super-user. Again, commit and-quit. Using the show command, display the log related to your previous commit.

Solution

[edit]
 root@JUNOS2# set system login user junuser class operator
[edit]
root@JUNOS2# commit and-quit
commit complete
Exiting configuration mode
root@JUNOS2> show log config-changes
 Dec 16 05:06:24  JUNOS2 mgd[1392]: UI_CFG_AUDIT_SET: User 'root' set:
[system login user junuser class] "super-user -> "operator"
Use the help syslog command to learn more about the message code (UI_CFG_AUDIT_SET).
Read more »
Posted by at No comments:
Labels: ,

Wednesday 20 February 2013

Juniper JNCIA-Junos - User Interface Options & Initial Configuration


This page is to practice what you learned in Juniper’s PDF (part 1), chapter 2 and 3.  So now it is time to get active and log in as root without any password.
First thing you should notice is that Amnesiac is the default host-name. This indicates that our JunOS is running with the factory-default configuration (you can use the load factory-default command in configuration mode to have a JunOS in this state).
You are logged in as root, you should see the UNIX shell prompt root@% where you can type UNIX commands like ls or ps but this is beyond our scope. What we want is the operational mode prompt root> that is started with the cli command.
Amnesiac (ttyd0)
 login: root
--- JUNOS 10.1R1.8 built 2010-02-12 17:15:05 UTC
 root@% cli
 root>
Type show configuration to display the current factory-default configuration.
root> show configuration
## Last commit: 2011-02-17 00:34:21 UTC by root
version 10.1R1.8;
system {
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    ## Warning: missing mandatory statement(s): 'root-authentication'
}
Note the missing mandatory statement warning, this means you will not be able to commit your changes until you set up a password for root.
Read more »
Posted by at No comments:
Labels: ,

Juniper JNCIA-Junos - Operating System Fundamentals

This part is mainly theory and reading chapter 1 of Juniper’s PDF (part 1). It is only what you need for the exam; however, it is interesting to have an overview of how JunOS actually boots up.
First, make your lab in GNS3 by connecting 2 routers back to back using their em0 interface. Keep this lab for all your exercises for chapters of part 1.
Start your Juniper routers in GNS3 and console to them. As you learned in Juniper’s PDF, JunOS is based on FreeBSD, an open source UNIX Operating System. This OS is very reliable and you also get extra tools that you cannot find on Cisco IOS for instance.
The first thing you should see after starting JunOS, are the kernel modules being loaded. The kernel is the core component of the operating system.
/boot/modules/if_bge.ko text=0xa98c data=0x364+0xc syms=[0x4+0xd50+0x4+0xd18]
...
/boot/modules/mac_runasnonroot.ko text=0x7b4 data=0x4d0 syms=[0x4+0x310+0x4+0x39d]
Then, you have a chance to give parameters to the kernel in order to change the default booting process. This can be useful to recover the root password for example, but that’s not the only use. Root is the name given to the super administrator on UNIX.

Read more »
Posted by at 14 comments:
Labels:

Thursday 14 February 2013

How to build a voice lab with GNS3 and VMWare

Is it possible to build a voice lab without actual hardware? The answer is yes and no. You can build a very good lab using GNS3 and VMWare but it is not possible to build a complete lab. The underlying emulation engine for GNS3 (dynamips) does not support digital signal processors (dsps) or voice cards.
Over the next few months, I will show you how to build a very good lab without any hardware. If you want a more complete lab, you will need to obtain at least one router with dsps and voice cards. I have a 2611XM router with DSPs, a vic-2fxs card, a vic-2fxo card and an ATA-186.




watch video
Disclaimer and Due Credit:
This tutorial series is heavily based on by Jayanm of Chicago, IL.  Jaynam has obtained the following Cisco Certifications: CCIE (Voice) – CCVP – CCSP – CCNA – CQS (PIX,VPN,IDS) – VMWare Certified Professional.

I really appreciate the ground breaking research by Jaynam.
Updates and Videos in the series:
I will include future videos in this section as they are created. It is a good idea to bookmark this particular post or subscribe to our RSS Feed if you would like to keep up on all future tutorials.
Hardware
I am using a fairly basic pc with a 3Ghz hyperthreading CPU and 2GB Ram. By today’s standards, it is nothing special.
Update 1/19/09: I have added Dell 750 server with 4GB RAM for virtual servers at the Headquarters location.
Optional Hardware
As I mentioned before, I have a 2611XM router with a couple voice cards and some dsps. This is not manditory but I will include this hardware with the lab series for those that would like to purchase the hardware to follow along.
Emulated Hardware
I will be emulating 3725 routers because they will be seen on the CCIE lab. Although the 3725s call for 256 MB requirements, I have found that they only actually use ~192MB ram on my PC.
Jaynam and others have opted to use 2691′s. You may find this works better for you also.
Software
I have chosen to use Ubuntu Linux for my host operating system due to better performance over XP, stability, availability, ease of use and price.
Host OS: Ubuntu 8.0.4
PC Emulation: VMWare Server v1.0.6 or 2.x
Router Emulation: GNS3 v0.5 / v0.6
IOS: c3725-adventerprisek9_ivs-mz.124-15.T6.bin
What is possible without hardware?
It is possible to test lots of  different Cisco VOIP Technologies. Here is a short list. I am sure I will make mistakes with this list or leave things out. Feel free to email me or make a comment to help me get a more complete list.
Call Manager Features
  • Call Routing – Partitions, CSS, Time of Day routing, Route Groups, Route Lists, Route patterns, Translation Patterns, Line Groups, Hunt Lists, Hunt Pilots, 4 digit dialing
  • Media Resources – Software Based Media Resources only – Music on Hold, Software Conference Bridge
  • IP Phone registration and dialing
  • Redundancy – SRST, AAR
  • Call Admission Control – Locations based and Gatekeeper
  • Unity Integration
  • Extension Mobility
  • Attendant Console
  • IPMA

SIP Trunking
SIP-UA.com offers free SIP trunks for voice labs.

IOS Features
  • Call manager Express
  • Gatekeeper
  • IPIPGW
  • Digit manipulation
  • Auto Attendant
  • TCL Scripts
  • Voicemail Integration from CME to Unity
  • WAN QOS
  • Frame Relay
  • Class of Restriction (COR)
  • SRST
What is not possible without hardware?
  • Xcoder registration and testing
  • Hardware based conference bridges
  • Router based MOH
  • voice port configuration
  • t.37 fax store and forward
  • Fax relay
  • MGCP
  • Anything related to hardware not emulated, VG248, ATA, CAT6500, Catalyst 3550 switch.

watch video
Posted by at 8 comments:
Labels:

Install Cisco IP Communicator on Win7 in VMware

Cisco IP Communicator (CIPC) requires a sound card be installed on a PC in order to install or open. Under normal circumstances, this completely makes sense. However, in other circumstances (demos/labs), PCs are actually virtual machines … and do not have sound cards. In these situations, the engineers/trainers/etc are more concerned with dialing than actually hearing audio.

In order to use CIPC in a virtual machine, install Virtual Audio Streaming – a virtual sound card tool from ShiningMorning.com prior to installing CIPC. This software will install virtual audio drivers on your VM which allow CIPC to install and have dialing capabilities. Unfortunately, CIPC will still only allow one instance to run at a time…unlike IP Blue. I have tested this with VMWare ESXi but it may also work with other VMWare products.
Posted by at 1 comment:
Labels:

How to run multiple IP Blue phones on a single PC

In this tutorial, you will learn how to use IPBlue’s VTGO Lite softphone to test skinny phone registration and dialing by running multiple instances of emulated Cisco IP Phones.
This is the fourth tutorial in the Virtual Voice Lab Series for CCIE and CCVP studies.

Disclaimer and Due Credit:
This tutorial series is heavily based on CCIE Voice Home lab with Dynamips/VMware by Jayanm of Chicago, IL. Jaynam has obtained the following Cisco Certifications: CCIE (Voice) – CCVP – CCSP – CCNA – CQS (PIX,VPN,IDS) – VMWare Certified Professional.
I really appreciate the ground breaking research by Jaynam.

PC Preparation

  1. Install IPBlue on your workstation.  This part really shouldn’t require much of an explanation. You will need to download VTGO Lite. Here is the link.
     
  2. If your PC does not have multiple NICs, you can use MS Loopback adapters. (If you do have multiple nics, this part is not necessary.)
    • Go to Start > Control Panel
    • Click ‘Add Hardware’
    • Click ‘Next’
    • Select ‘Yes, I already have a connection’
    • Select ‘Add a new hardware device’
    • Select ‘Install from a list’
    • Click ‘Network Adapters’
    • Select Microsoft Loopback
    • Click ‘Next’
    • Click ‘Next’
    • Click ‘Finish’
    • Double-Click ‘Network Connections’
    • Rename the loopback interface to something descriptive.
     

    Watch the video
  3. Gather the MAC addresses for PC interfaces using the ‘ipconfig /all’ command
     

Basic Phone configs in Call Manager and IP Blue

  1. Configure two ip phones in the CUCM server or turn on auto registration
    • Configure the MAC address
    • Select the default phone button template
    • Select the default device pool
    • Select the default device security profile
    • Add a new dn and give it an extension
     

Run multiple IPBlue Softphones

  1. Create a new IP Blue shortcut with the  ‘/d’ option following the softphone executable.
  2. Open the IP Blue Softphone
  3. Change the phone options
    • Set the TFTP Server to the ip address of your CUCM server
    • Set the MAC Address with the Network interface option
    • Set the Primary Call Manager
    • Select an IP Phone model to emulate
  4. Open the Windows registry editor (Click Start > Run  and type regedit)
  5. Export the Phone settings
    • Navigate to the HKEY_LOCAL_USER\Software\IPBlue branch
    • Right-Click on the IPBlue folder and select ‘Export’
    • Give the registry file a descriptive name and click ‘Save’
  6. Repeat Steps 3-5 for each virtual phone you would like to use.
  7. Double-Click one of the .reg file for one of the softphones saved in steps above.
  8. Open the IP Blue Softphone.
  9. Double-Click another .reg file for one of the softphones saved in steps above.
  10. Open the IP Blue softphone again. (The IPBlue software references the settings in the system registry during startup)
Watch video 
Posted by at 1 comment:
Labels:

Saturday 26 January 2013

Cracking Wpa Psk With Aircrackng


Posted by at No comments:
Labels:

Tuesday 15 January 2013

GNS3 Installation Hypervisor Load Balancing - 2

PART 7: START GNS3 ON THE SERVER AND CREATE SIMPLE TOPOLOGY










Posted by at No comments:
Labels:

GNS3 Installation Hypervisor Load Balancing - 1

THIS PROCEDURE MADE UP WITHIN MULTIPLE PARTS:

1. Directory structure 2. GNS3 configurations
3. Configure Hypervisor
4. Edit Dynamips on the client
5. Edit Dynamips on the Server
6. Start Dynamips on SVR and Client
7. Start GNS3 and create simple topology




 PART 1: DIRECTORY STRUCTURES
Step 1: Directory to work with… etc.
let’s create some directories in the server, remote PC and call it “GNS3”
Server: C:\GNS3 and remote pc(s): C:\GNS3
Step 2: Image directory… etc.
Server: C:\GNS3\images\ and remote pc(s): C:\GNS3\images\
Copy all the images you are planning use to both directories
Step 3: Folder for “work area” … etc.
Server: C:\GNS3\workarea\ and remote pc(s): C:\GNS3\workarea\
Step 4: Folder for router initial configurations… etc.
Server: C:\GNS3\inital_config\ and remote pc(s): C:\GNS3\inital_config\
Step 5: Folder for Dynamips work area… etc.
Server: C:\GNS3\workarea\dynamips-work-dir\ and remote pc(s): C:\GNS3\workarea\dynamips-work-dir\
Step 6: Folder for your project directory… etc.
Server: C:\GNS3\workarea\project-dir\ and remote pc(s): C:\GNS3\workarea\project-dir\
Step 7: Folder for capture directory… etc.
Server: C:\GNS3\workarea\wireshark\ and remote pc(s): C:\GNS3\workarea\wireshark\
Your directory should look like this or what is best works for you…


PART 2: CONFIGURE GNS3
 Step 1: Configure Preferences General… etc.
Select  -- >   Edit -->   Preferences


Select--> General, fill out the required fields apply, OK







Step 2: Configure Preferences Dynamips; fill out the required fields, test, apply and OK.



 Step 3: Configure Preferences Capture; fill out the required fields apply, OK.



Step 4: Configure hypervisor…… etc.
Select; Edit IOS images and hypervisor


Select the image file, platform, model and uncheck default image… box and leave rest default, apply, OK.

PART 3: CONFIGURE HYPERVISOR
 Step 1: Configure hypervisor… etc.
Select; Edit IOS images and hypervisor and click on “External Hypervisor” tab
Host: Your remote PC, to add more host, simply follow same steps, change IP, Port, UDP and console port
Note: XP SP2 or SP3 users; either turn of your firewall or create exceptions for dynamips and ports!
Select; Start Control Panel Windows Firewall; click on Exception tab. Click on “Add Program” for dynamips and
click on “Add Port”
After filling out rest of the fields, click on “save” and click on “IOS Images” tab




PART 4: EDIT DYNAMIPS FILE ON THE CLIENT
Step 1: Remote or login the remote PC and Start Run type “C:\Program Files\GNS3\”
Find “dynamips-start.cmd” edit with your favorite editor;
Change line five where it says 7200 to 7220

Recommend creating a shortcut for “dynamips-start.cmd” to on your desktop, because your going to use this quite frequently because everything
stop the router, you need to shutdown and restart it 
PART 5: EDIT DYNAMIPS FILE ON SERVER



Step 1: Remote or login the remote PC and Start Run type “C:\Program Files\GNS3\”
Find “dynamips-start.cmd” edit with your favorite editor;
Change line five where it says 7200 to 7221





PART 6: START DYNAMIPS ON SERVER AND CLIENT
Server:

Step 1--> Double on dynamips shortcut on the server’s desktop;
Clients:
Step 2 --> Double on dynamips shortcut on the remote PC’s desktop



Posted by at No comments:
Labels:

How To: Emulate Cisco ASA in GNS3

In this article, I will show you how to emulate Cisco ASA using Qemu. Once again, please note that ASA is not provided and will not be. So please don’t ask. Also be aware that ASA does not 100% work in Qemu but that’s enough to play with it.
Installation
First compile and patch Qemu as you would do for running JunOS. This will give us pcap, lcap and UDP tunnels (i.e. GNS3/Dynamips connections) capabilities.
Then obtain ASA itself. If you are smart and patient you will find it. I used asa802-k8.bin for my installations. As far as I know, nobody has been able to run ASA > version 8.2 (ASA keeps rebooting).
The next step is to get an initrd and a Linux kernel (inside the initrd) from your ASA image to use them with Qemu and also fix the initrd for our needs. The initrd is zipped and archived in the ASA image, we have to extract it.
There are 2 ways, manually or using a tool I created.
Manual method
Create an hexadecimal dump of your image:
hexdump -C asa802-k8.bin > asa802-k8.hex
Search for the ZIP header:
grep “1f 8b 08 00 1d” asa802-k8.hex
001228b0  1f 8b 08 00 1d 3d 73 46  00 03 ec 3a 6d 54 14 57  |…..=sF…:mT.W|
We can see that the ZIP file starts at offset 1228b0.
Let’s find the image size:
ls -la asa802-k8.bin
-rwxr-xr-x  1 root  staff  14524416 26 Nov 20:14 asa802-k8.bin
14524416 bytes.
Now we need to find out where in the file we can start extracting the ZIP part.
echo "14524416 ; ibase=16 ; last - 1228B0" | bc | tail -n 1
13334352
Extract the zipped part of the ASA image:
tail -c 13334352 asa802-k8.bin > asa802-k8.gz
Decompress it with gzip:
gzip -d asa802-k8
gzip: asa802-k8.gz: decompression OK, trailing garbage ignored
Make a temp directory and go into it so we can extract the files contained in the uncompressed archive file (the initrd):
mkdir tmp ; cd tmp
Now extract the archive with cpio (you must have the administrator rights to successfully extract device files).
cpio -i --no-absolute-filenames --make-directories < ../asa802-k8
Copy the Linux kernel to your previous directory:
cp vmlinuz ../asa802-k8.kernel
Before compressing back the initrd, create the following script in asa/scripts/first_start.sh
This script formats the 256 MB flash on first start to be used by ASA. Loads the network drivers modules for Intel e100 (i82559er in Qemu) and Intel e1000 cards and activates the network interfaces to be used in ASA. I noticed that if we immediately start ASA after this first boot, it freezes (don’t really know why but it seems the system do something and slow down during the first minute …). The next time you start the system, the script will still load the activate the network interfaces and automatically start ASA.
#!/bin/sh
 
##
## Author: Jeremy Grossmann (2009)
## Contributor: J. Pedro Flor (28 january 2010)
##
 
FIRST_START=no
if test ! -e /mnt/disk0/lina_monitor
then
 cd /asa/scripts/
 echo "d" > /asa/scripts/fdisk.pf.in
 echo "o" >> /asa/scripts/fdisk.pf.in
 echo "n" >> /asa/scripts/fdisk.pf.in
 echo "p" >> /asa/scripts/fdisk.pf.in
 echo "1" >> /asa/scripts/fdisk.pf.in
 echo "1" >> /asa/scripts/fdisk.pf.in
 echo ""  >> /asa/scripts/fdisk.pf.in
 echo "t" >> /asa/scripts/fdisk.pf.in
 echo "4" >> /asa/scripts/fdisk.pf.in
 echo "w" >>/asa/scripts/fdisk.pf.in
 
 echo ""
 echo -n "Initializing partition..."
 /sbin/fdisk /dev/hda < /asa/scripts/fdisk.pf.in > /dev/null 2> /dev/null
 echo "done"
 
 echo ""
 echo -n "Formating and mounting partition..."
 mkdosfs -F 16 /dev/hda1 > /dev/null 2> /dev/null
 mount -t vfat -o umask=0000,noatime,check=s,shortname=mixed /dev/hda1 /mnt/disk0 > /dev/null 2> /dev/null
 echo "done"
 echo ""
 
 cp /asa/bin/lina /mnt/disk0/lina
 cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor
 FIRST_START=yes
fi
 
# load drivers
modprobe e100
modprobe e1000
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 up
ifconfig eth3 up
ifconfig eth4 up
ifconfig eth5 up
 
if test $FIRST_START = yes
then
 echo ""
 echo "          Cisco ASA with  Multiple Security Contexts"
 echo "          =============================================="
 echo ""
 echo "This is your first boot, please wait about 2 minutes for 'disk0' creation"
 echo "and then execute the following commands inside the Linux prompt:"
 echo ""
 echo " # cd /mnt/disk0"
 echo " # /mnt/disk0/lina_monitor"
 echo ""
 echo ""
 echo ""
 echo "Please note to use the following command under ASA to save your configs:"
 echo ""
 echo " ciscoasa(config)# boot config disk0:/.private/startup-config"
 echo " ciscoasa(config)# copy running-config disk0:/.private/startup-config"
 echo ""
 echo ""
 echo ""
 echo "To get webvpn working, execute the following commands:"
 echo ""
 echo " ciscoasa# mkdir disk0:/var"
 echo " ciscoasa# mkdir disk0:/var/log"
 echo " ciscoasa# mkdir disk0:/csco_config"
 echo " ciscoasa# mkdir disk0:/csco_config/97"
 echo " ciscoasa# mkdir disk0:/csco_config/97/webcontent"
 echo ""
 echo "          ( Powered by Pedro Flor )"
 echo "          ( pedro.flor@gmail.com  )"
 echo ""
 exit
fi
 
echo ""
echo ""
echo "Starting Cisco ASA with  Multiple Security Contexts..."
echo ""
 
cd /mnt/disk0
/mnt/disk0/lina_monitor
In order for the script to be loaded at startup, edit etc/init.d/rcS and change /asa/bin/lina_monitor by /asa/scripts/first_start.sh
Change first_start.sh permissions:
chmod 755 first_start.sh
Now you can compress all the file and have the initrd ready to use in Qemu:
find . | cpio -o -H newc | gzip -9 > ../asa802-k8.initrd.gz

Automated extraction method

TODO

Using ASA with Qemu

Create a FLASH (this is a virtual hard disk).
qemu-img create FLASH 256M
Then you can start Qemu.
qemu -hda FLASH -kernel asa802-k8.kernel -hdachs 980,16,32 \
-initrd asa802-k8.initrd.gz -m 512 -no-kqemu -nographic -append \
"console=ttyS0,9600n8 hda=980,16,32 bigphysarea=16384 auto nousb ide1=noprobe"
TODO: networking of ASA. Very similar with JunOS emulation.

Using ASA with GNS3

To be completed:
In Preferences -> Qemu -> Qemuwrapper section:
Set the path to Qemuwrapper (can be found in the GNS3 package)
Set the working directory (e.g. /tmp).
Set the path to your patched Qemu in “Path to Qemu”
In ASA section:
Set the paths to your initrd and kernel.
Drag and Drop an ASA symbol on the scene, start the firewall and telnet to it.
Posted by at 1 comment:
Labels: ,
Subscribe to: Posts (Atom)