Configuring PIX Failover Active/Standby using Qemu with udp tunnel mode
If you want to learn how to configure PIX Failover Active/Standby, this is a small part included in the CCIE Security blueprint click here with the right button of your mouse and choose “Salve Target As” (time length: 28:07 minutes)
……………………………………………………………………………………………………………………………………………………….
Emulating the NAC on vmware
If you want to learn how to emulate the NAC for your Security studies click here with the right button of your mouse and choose “Salve Target As” (time length: 22:48 minutes)
……………………………………………………………………………………………………………………………………………………….
Emulating an IDS-4215
If you want to learn how to emulate an IDS-4215 for the CCIE Security Lab studies click here with the right button of your mouse and choose “Salve Target As” (time length: 42:37 minutes)
……………………………………………………………………………………………………………………………………………………….
Emulating R/S Routers using Dynamips
If you want to learn how to install Dynamips and get started with R/S Netmetric Topology click here with the right button of your mouse and choose “Salve Target As” (time length: 26:37 minutes)
………………………………………………………………………………………………………………………………………………………
Installing Cisco ACS 90 days trial and SCEP in Windows 2000 (Vmware)
If you want to learn how to install Cisco ACS and a Certificate Authority in Windows 2000 click here with the right button of your mouse and choose “Salve Target As” (time length: 30:05 minutes)
………………………………………………………………………………………………………………………………………………………
Emulating 2 ASAs with Active/Active key on Windows XP
If you want to learn how to emulate 2 ASAs on Windows XP and how to integrate later on with Dynamips click here with the right button of your mouse and choose “Salve Target As” (time length: 37:32 minutes)
………………………………………………………………………………………………………………………………………………………
Emulating PIX on Windows XP (using the udp tunnel method)
If you want to learn how to emulate a PIX using UDP tunnels integrated with Dynamips click here with the right button of your mouse and choose “Salve Target As” (time length: 23:54 minutes)
………………………………………………………………………………………………………………………………………………………
Emulating PIX on Windows XP (using the tap method)
If you want to learn how to emulate a PIX using tap interfaces integrated with Dynamips click here with the right button of your mouse and choose “Salve Target As” (time length: 38:44 minutes)
………………………………………………………………………………………………………………………………………………………
Putting all the Parts Together (A Full CCIE Security Gear) with exception of a VPN_C 3005
If you want to see all the separate parts from previous videos working together with Dynamips watch this last video from the “emulation series” you just need to click here with the right button of your mouse and choose “Salve Target As” (time length: 35:40 minutes)
………………………………………………………………………………………………………………………………………………………
Installing ASDM on an emulated PIX (using tap interface method)
If you want to see how easy it’s to load an ASDM file in your emulated PIX you just need to click here with the right button of your mouse and choose “Salve Target As” (time length: 12:16 minutes)
Hi,
Could you share information about your PC I mean hardware specifications.
I just wander what to buy.
Many thanks
Tomek
Hi,
This is what I have inside my PC:
1x P5K Premium WiFi/AP (Intel® P35)
1x Core 2 Quad Q6600 (4x 2400 MHz)
1x Quad kit DIMM 8 GB DDR2-800 (8192 MB)
1x GF8600GT Super (NVIDIA GeForce 8600 GT)
1x DRW-2014L1T
1x AD-7191S
2x HD753LJ (750,0 GB)
1x StealthXStream 500W (500 vatios)
1x Armor (10 x 5,25″ external)
1x SyncMaster 2232BW (22 inches)
Hi Andy, your job is very interesting, thank you very much for publishing it, I’m from Bolivia and want to ask you, if its possible virtualize firewalls Cisco ASA 5505 (I saw you made that) to make a real connection between 2 places (separate agencies). Thank you for all the work done so far, really is very excellent.
Hi Carlos,
Thanks, technically speaking it could be done even though it would not be recommend because of its performance and also the main idea of my webpage and emulation is only for studies purposes so sorry but I cannot help you on this issue.
another interesting place I found.
Hi, Andy!
Is it possible for you to make download of your tutorials easy ? I mean easy as download .avi/mpg files. Also, personally I prefer to read guides, so is there any textual information available ? except hacki’s forum…
Hi Harrier,
I had a problem with my laptop and all the sources of my videos were there, I only have the converted version for flash, which is the one I have on my webpage.
About read guides, sorry I don’t have any as I thought it would be good for people to see some videos instead. sorry again.
Cheers
Hi Andy,
Great site! Is it also possible to connect a router(real hardware) to a PC with an ASA emulator and then get an IP-adress(dhcp) on your outside interface of the emulated ASA? In other words can i use the ASA emulator on a real test network as if it is a real ASA?
I have trouble with seeing IPS guide - at 33:43 it stops forever. With CANAC all is good.
Hi Harrier,
I was able to see the full video for IPS, maybe could be a problem with the provider at the time you were watching. Did you manage to see the full video now?
Cheers
Hi, Andy!
I’m able to see full video, as well as my IPS going to prevent my botnet from intrusions
at least I hope so - I have no license in it.
This is great stuff! Thanks so much for taking the time and effort to post this information in such an easy to use way!!!!
Hi,
I went through most of the posts in 7200emu.hacki.at and also your video. I tried several things (like adjusting vlan, model type etc). however i cant get my ASA to ping the loopback interface i have setup. One of the posts mentions that this could be a problem with the onboard NIC. If so my question is, when the NICs needed by the ASA is emulated in software by qemu and the other interface that i am trying to ping is a loopback interface why would it matter if my onboard NIC has some weird chipset?
Further how do i go about fixing this problem.
Cheers,
Have you also tried to use PIX emulation instead using udp tunnel mode? This seems to be the most stable version for windows so far.
Just try that first and them we can go for ASA emulation from there.
Cheers
Hi,
Got it working. So i guess it is a chipset problem, though i dont understand why. I am running ASA in windows XP inside vmware. vmware is configured to emulate e1000 card, though i dont have it on my mcahine. with that done i am able to ping the ASA interfaces from both the vmware guest and host OS. Now except for VPN concentrator i have all equipments needed for CCIE security
Thanks guys
Cheers,
Thanks for your boss Anderson….do some for voice….awaiting!!!
i am having issues downloading playing the video on R&S dynamips setup, it usually stops at 6.56mins
Hi,
I opened a ticket with my web hosting to see why this is hapenning.
Sorry about that.
Cheers,
Andy
my 64bit xp has realtek al888 codec sound but it has not been working. and my dynamips too is having some issues.
please can you help me out
Hi, about your sound problem in 64 xp I start having the same problems some weeks back, I’m suspecting Microsoft Automatic Update has something to do with it, because I also have a Realtek and now its not working.
I will see if I can find out what is going on, about your dynamips issues, what are the exactly problem?
thanks for the update, please as soon as you solve your realtek issue kindly help mw with it too, concerning the dynamips, the tutorial u have, i can only download max of 6-8mins of the 26mins no matter how fast my internet is?
Hi, I was advised by my web hosting to split the files in sizes of 100 Megas and let people download them before actually watching them so I am planning to do that, this weekend so you can download them.
hello andy,
any solution to your sound issue, incase you downloaded a driver or software that solved it, please kindly help me because i am also interested.
thanks
Hii Andy,
I can’t watching videos in this tutorials, we’re load very slow and standby ! and I can’t download it !
hi Andy,
thanx a lot very nice.
Hi andy,
really nice. I was in search of NAC VIDEO to learn with handson. thanks for this nice video. I will emulate NAC.
Hi Andy,
Thanks for the tutorials. Very much appreciated. There is one issue regarding the ASA on XP tutorial. I am not able to bind the loopback interace to a phyiscal interface. I have tried on 3 different machines with no success. I noted the equipment you have in your PC in a reply further up these respones (#2). I have purchased the same motherboard, processor, etc. It still won’t work with the specs you provided above. I noticed in the tutorial in your network connection list that there is an intel pro 100 ve card there (disconnected) and another intel pro/wireless 3945 ABG connection. These aren’t mentioned in your hardware specs above and I do not see them included with my Asus P5K board. I have a Marvell and Realtek gig integrated Nic’s. Did you need one of these intel cards to make this work. Just want to confirm before I hunt around for one of these?
Thanks,
I would like to thank you Anderson for converting the tutorials into .rar file. It was an obstacle to download them to review at home.
Thank you.
Hi Ryan,
I think there is no problem which model of NIC you are using whatsoever. You need to make sure that your Dynamips detect them, in order to do so, go to Network Device List and check if you can see the NIC device there, then get the all line and copy into the .net file of your Dynamips.
Regarding PIX emulation, the best one that works for me its the UDP tunnel mode version.
Cheers.
hi Andy
thank you for these tutorial
Hi Andy,
Thanks for such a great work. I need suggestion for my CCIE security lab at home as I have all the physical devices at home with the exception of IPS for which I am using vmware. I want to know how this will interact with the physical devices using the instruction providing in your video for IPS? Do I have to create vlan sub interface on IPS in order to make it work with physical devices or your Gig interface pair can work with vlan 10 and vlan 20?
Please let me know.
Fred
Hi Fred,
You will need at least two NIC cards on your desktop and bind them in vmware, one NIC for the first NIC in IPS for C&C interface for management and another for promiscuous mode using VLAN 10 and VLAN 20, if you want you can bind the second and third NIC to a real NIC for inline mode and bing the first NIC in vmware to a loopback in your desktop and always use that desktop for management of IPS that also would work.
Make sure you disable the NIC and enable it in IPS everytime you bring up the image in vmware in order for it to work.
Hello Andy,
Thank you for your reply. Could you please elaborate more on disable the NIC and enable it in IPS? Do you mean enabling by going under vmware workstation settings and enable and disable it from there? Also suppose if I have 3 nic card 2 for mapping Gig0/1 and Gig0/2 and third one for Management and I will mapped those under vmware and then I believe it should work?
Please confirm
Fred
Hi,
You gotta it, enable and disable the NIC I meant you should go under vmware workstation settings of the emulated IPS and click on disable and enable again for all the NICs everytime you bring the image up, otherwise it won’t work.
Regarding the NICs and mappings in vmware you got it, if you map then right in the Global settings of vmware and then on the actual IPS emulated image it shoud work, watch my video of Putting all the parts together and you can see from there how I do it.
Cheers
hello andy,
hello, i bought two 3550 switches, and i also have to Quad card adaptec card on my desktop.
my question is how will i bind the switch fastethernet to my vitual router ? reason is that what ip address would be assigned to the NIC card or it would simple act as a bridge even when i assign IP to my router and also to my switch?
thanks
Hi,
You need to click on Network Device list and get your respective model from there for example:
NIO_gen_eth:\Device\NPF_{7FA4822C-538A-49EB-92B7-2F28F29C0188}
Name : local0
Desciption: Marvell Gigabit Ethernet Controller
You need to put that in the .net file like this as an example:
[localhost]
[[ROUTER R1]]
image = C:\FILES\Images\c3725-ipvoice-mz.123-14.T7.extracted.BIN
ram = 160
disk0 = 64
disk1 = 64
model = 3725
idlepc = 0×60a6ce04
F0/0 = NIO_gen_eth:\Device\NPF_{7FA4822C-538A-49EB-92B7-2F28F29C0188}
Now you have the F0/0 of your virtual router connected with your real card and you can manually put any ip address in there and it will be binded to your real switch, using SVI ip address or bringing this L2 port into a L3 with no switchport and then configure an IP address under that port on the switch 3550.
Cheers
Dear Anderson, first of all, congratulations on your outstanding achievements and for sparing some time to share your knowledge with the community, we appreciate that, thanks a lot!
Have you achieved any success on running ASDM with ASA emulation? I have configured both ASAs successfully just as your tutorial says, and can mess with them through command line, but I’d like to run ASDM for client demonstrations. Is it possible?
Sorry for bothering you and thanks again for your blog!
Rogerio Crispim
Hi,
I managed to make it work with PIX emulation with no problems, I will try to release a video on that and I gotta to say that this ASA emulation is not 100% stable so I would use PIX in UDP method to connect it through the Dynamips.
Cheers
How do you play the downloaded files?
Hi
I’m fine using Camtasi player, I’ve followed all the instructions but cannot access adsm using the web browser.page cannot be displayed I’m using pix version 8.0 (3) and asdm 6.0 (2). all the interfaces have been properly configured and I’m able to ping the inside interface from my PC.
Thanks
Eyambe Johnson
andy
i must say u are the best. in your pix tap emulation video, u promised to upload your pix bat file. please i dont know how to create one. is their a way i can get a copy of your pix bat file. i will be grateful
Hi Nwachonky,
The best emulation so far its using PIX in UDP mode, the tap mode and ASA is unstable so far, so I will put here the contents of my bat for PIX1 and the portion part of it in Dynamips, hope it helps.
@echo off
ECHO Telnet to 127.0.0.1 on port 4444 to access PIX1 Console
ECHO ——————————————————-
ECHO * * * * * * *DO NOT CLOSE THIS WINDOWS* * * * * * * *
pemu -net nic,vlan=1,macaddr=00:00:00:00:00:01 -net udp,vlan=1,sport=3001,dport=3000,daddr=127.0.0.1 -net nic,vlan=2,macaddr=00:00:00:00:00:02 -net udp,vlan=2,sport=30001,dport=30000,daddr=127.0.0.1 -net nic,vlan=3,macaddr=00:00:00:00:00:03 -net udp,vlan=3,sport=3000001,dport=3000002,daddr=127.0.0.1 -serial telnet::4444,server,nowait -m 128 FLASH
Just copy and paste the part starting at @echo off up to FLASH and save it into a .bat extension and you should be able to launch it.
The Dynamips portion of it comes in here:
[[Router SWITCH_SW2]]
model = 3640
console = 2008
autostart = false
slot1 = NM-16ESW
F1/0 = NIO_gen_eth:\Device\NPF_{81332D71-8591-4DEF-8245-F56E3A9CD350} # Lo6 Windows XP Client PC
F1/7 = SWITCH_SW4 F1/7
F1/8 = SWITCH_SW3 F1/8
F1/10 = NIO_udp:3000:127.0.0.1:3001 # Eth0 PIX1
F1/11 = NIO_udp:30000:127.0.0.1:30001 # Eth1 PIX1
F1/12 = NIO_udp:3000002:127.0.0.1:3000001 # Eth2 PIX1
If you take a closer look you will see that what I have set here as source ports its what I have setup as destination port on the bat file, so the tunnel comes up after this config.
To bring up more than one PIX just changes the ports to any number you want following the same concept.
Hi Andy,
Many many thanks for your great tutorial, very much appreciated it. I was able to setup everything as per your videos. Got all things working on Vista (instead xp), and vmware. Thanks to you!!!
one question if you don’t mind, when I try to save running config in ASA, I get this disk error…. any idea how to fix this?
Thanks!
ciscoasa(config)# wr mem
Building configuration…
Cryptochecksum: cf2606ed 6f3b7a3c 3415880a a666b01a
%Error opening disk0:/.private/startup-config ()
Error executing command
[FAILED]
ciscoasa(config)#
ciscoasa(config)# sh disk
–#– –length– —–date/time—— path
5 4096 Feb 18 2008 18:36:12 .private
6 0 Jan 05 2009 05:52:03 .private/mode.dat
7 0 Feb 18 2008 21:22:38 .private/DATAFILE
13 0 Jan 05 2009 05:55:41 .private/startup-config
Hi Arif,
This is a well known problem with this version of ASA, the most stable version is PIX in UDP mode, sorry but I am studying hard for CCIE Voice now so I am finding myself without time to fix this ASA issue at the moment.
Hello everyone. I need some help. I am trying to setup a Remote Access VPN on a network and it is failing. The network has a PIX 506E with 2 interface(Outside,Inside) connected to a Netopia DSL Router. The network has Static IP’s assigned to the outside of the PIX and on the DSL router. Anyone have a config that they may be able to share?
Can someone through some light on “Could not find centry for IPSec SA delete message” Please and explain what it means
hi andy
what abt IPS 5.1 on 4215 over vmware
any help
thanks
MM
hello everyone,
Can any one having idea about integrating all the security devices(ASA, PIX, IPS, Routers & switches) in GNS3? or any video.
Thanks
Andy,
Thank you so much for putting these tutorials. I was trying to emulate ASA and found very valuable info from various post at hacki. Thanks to thumpercisco@hacki for contributing but my salute is to you for demonstrating it. Without your video, I would probably struggle for another 10 hours to enable ASA interfaces in GNS3. Thanks again!
thanks for the very informative posts!
regards
Thanks and keep up the good job! Best of luck on your ccie exam. And come back for soon!
just i wanna say many thanks to you
Hi Andy,
U re great and hard work do for others, we will appriciate 10000 ly.
im living in sri lanka,so i already finished CCSP also ,and i also read u re articale that s why am i said ure Brilliant man. ure the person who wrote simple setup it mean not a simple setup compare with others.
my question is i can setup whole security setup in my vista machine, Toshiba satelite A200 centrino Duo 2.5GB RAM laptop and VM ware and Virtual Box are installed.do u have any machine recommended to us.and what TAP and UDP issuse about vista.and also i want to ure pix.bat, ASA folder, PIX folder ,ASA-nonina2_win.bat ,interfaces.txt ,Netmetric security.net Dynamips folder,also .i m using GNS3 if its ok with these configuration compatible with GNS3 also and how to setup.thing is andy we have no good resource find in sri lanka,that s the reson ure LAB setup is ok with us.give ure courage to us and pass CCIE security lab through ure knowleage and spread to others with out worries.i hope u re good reply to and conceran about LITTLE Country from SRI LANKA ,we also with u andy.
Thanks
Ure student
Rajeewa
thanks very much for all of intersting stuff on this website without your help i cant make the emulation of the ASA on my computer
Hi andy ,
I have one doubt for this ASA one want prepare VM ware XP machine or my main machine ,u re interface txt is deference between all together setup video to compare in ASA setup interface loopback video .can u give me solution for this ,im very new for his ,any one can help me .what is the machine and which loopback want to bind which machine loopback simply explain ,ill appreciate u re earlier response Andy
Thanks
Rajeewa from
Sri lanka
Hi Anderson,
Its great work from you. Its great learning from you. Without real equipments around its very intresting to work around with simulators,
Like GNS3 and VMWARE. These Two are great software and we have great people like you teaching us on this.
I am preparing for Cisco CCSP.
Regards,
Praveen India.
Good day
i’m searching for a real configurations within ISP and clients and if possible security connexion.
thanks
Hey Andy,
I cant get my emulated IPS to save any of the configuration changes that I make on it ont even the IP add.. Do u have a solution for it?
Hi Andy
First of all thanks a lot for brilliant posts n videos. Cud u tel me ya suggest me how to start preparation for CCIE. Rt nw i completed CCNP (Just classes), gonna ryt composite exam pretty soon.
Is it ryt tym to start basic preparation for CCIE ya hv to be more proficient on CCNP concept & labs.
Getting confusion… cud u help me plzzzzzz… its a humble request.
Thanking You
Shahin.
editing the ASA-nolina_WIN.bat is very fast. It didn’t give me the exact info I need there and quite disappointing.
hi anderson,
I have been trying to configure trunking between external (real) switch and my PC (dynagen) running winXP. i have tried few things but all in vain.
Basically, i have and ASA and IPS, so i want to use these real stuff with dynagen that hosts all routing n switching devices.
I would appreciate your help in this regard!
waiting for your reply.