|
pemututorial
confDynagen support for pemuwrapper tutorial
IntroductionPemu support is based on two things:
pemuwrapper.exe Meanwhile write a .net file (similar to dynagen .net file): autostart = false
[localhost:7200]
[[7200]]
image = c:\IOS\C7200-jk9s-mz.124-12.bin
ram = 160
npe = npe-400
sparsemem = True
idlepc = 0x61200024
[[router R1]]
e1/0 = FW1 e0
[pemu localhost]
[[525]]
image = C:\image\pix802.bin
serial = 0x12345678
key = 0x00000000,0x00000000,0x00000000,0x00000000
[[fw FW1]]You might have noticed that the .net file specifies the pemuwrapper instance - currently running on localhost - it could be running also on another computer, creating a distributed lab. After that it specifies the 525 signifying the PIX 525 that PEMU emulates. Over here you can set the 'image','key','serial' and 'ram' options. The FW1] line creates the PIX 525 instance which is connected according to the previous statement to R1 e1/0 with its Ethernet0 interface. After you specify this .net file you can easily run the lab using dynagen syntax dynagen pemulab.net This run the lab and you can list pemu instances using the 'list' command: => list Name Type State Server Console R1 7200 stopped localhost:7200 2000 FW1 525 stopped localhost:10525 4000 As you can see the instance FW1 is currently stopped, but its console it bound to localhost:4000. So let's start both of them. => start /all => list Name Type State Server Console R1 7200 running localhost:7200 2000 FW1 525 running localhost:10525 4000 After this you can safely telnet to port 2000 and port 4000 and enjoy the PIX console: pixfirewall# conf t pixfirewall(config)# pixfirewall(config)# int e0 pixfirewall(config-if)# pixfirewall(config-if)# ip add 1.1.1.1 255.255.255.0 pixfirewall(config-if)# pixfirewall(config-if)# nameif inside INFO: Security level for "inside" set to 100 by default. pixfirewall(config-if)# pixfirewall(config-if)# no shut pixfirewall(config-if)# pixfirewall(config-if)# end pixfirewall# pixfirewall# ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms And 7200 console: Router>en Router# Router# Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int e1/0 Router(config-if)#ip add 1.1.1.2 255.255.255.0 Router(config-if)#no shut Router(config-if)#end Router# *Sep 19 14:44:02.175: %SYS-5-CONFIG_I: Configured from console by console *Sep 19 14:44:03.687: %LINK-3-UPDOWN: Interface Ethernet1/0, changed state to up *Sep 19 14:44:04.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/0, changed state to up Router# Router#ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/47/64 ms Complex labsHere is an example of a more complex FW POP with full redundancy autostart = false
[localhost:7200]
[[7200]]
image = c:\IOS\C7200-jk9s-mz.124-12.bin
ram = 160
npe = npe-400
sparsemem = True
idlepc = 0x61200024
[[router InsideRouter1]]
e1/0 = FW1 e0
e1/1 = InsideRouter2 e1/1
[[router InsideRouter2]]
e1/0 = FW2 e0
[[router OutsideRouter3]]
e1/0 = FW1 e1
e1/1 = OutsideRouter4 e1/1
[[router OutsideRouter4]]
e1/0 = FW2 e1
[pemu localhost]
[[525]]
image = C:\image\pix802.bin
serial = 0x12345678
key = 0x00000000,0x00000000,0x00000000,0x00000000
[[fw Firewall1]]
#e0 inside, e1 outside
e5 = Firewall2 e5 #failover link
[[fw Firewall2]]
#e0 inside, e1 outside
|
Sign in to add a comment
Really a Helpful One :-) Thanks very much .
when ever i try the above setup i get this: with the new version of dynagen_interim_0.11.0...
Unable to start PEMU instance FW1 2? No such file or directory
AND BELOW IS THE .NET FILE.
localhost:7200?
workingdir = /home/yramirez/labs/my_lab/working
[3640?] #image = /home/yramirez/labs/images/c3640-js-mz.123-14.T7-extracted.bin
localhost? [525?]
FW1?]any clues? Thanks
by the way, it works with the same version on windows.
hi yandyr, could you please post your issue on 7200emu.hacki.at