Wednesday, September 16, 2009

Internetwork Expert CCIE Security Lab on Dynamips

I was able to perform most of INE CCIE Security Lab 1 tasks (Security Lab Workbook Volume II v5.0 Beta) on Dynamips, see my configuration sec-iewb.net file below:
autostart=false
[localhost:7200]
workingdir = C:\Program Files\Dynamips\security\lab1\wrk
[[3745]]
image = C:\Program Files\Dynamips\images\C3745-AD.BIN
ram = 128
ghostios = true
[[Router R1]]
model = 3745
console = 2001
F0/0 = SW1 F1/1
S1/0 = FRSW 1
[[Router R2]]
model = 3745
console = 2002
F0/0 = SW1 F1/2
S1/0 = FRSW 2
[[Router R3]]
model = 3745
console = 2003
F0/0 = SW1 F1/3
F0/1 = SW2 F1/3
S1/0 = FRSW 3
S1/1 = FRSW 13

[[Router R4]]
model = 3745
console = 2004
F0/0 = SW1 F1/4
F0/1 = SW2 F1/4
S1/0 = FRSW 4
[[Router R5]]
model = 3745
console = 2005
F0/0 = SW1 F1/5
F0/1 = SW2 F1/5
S1/0 = FRSW 5
[[Router R6]]
model = 3745
console = 2006
F0/0 = SW1 F1/6
F0/1 = SW2 F1/6
S1/0 = FRSW 6
[pemu localhost]
[[525]]
image = C:\Program Files\Dynamips\images\pix804.bin
serial =
key =
[[FW PIX1]]
[[FW PIX2]]
[localhost:7201]
workingdir = C:\Program Files\Dynamips\security\lab1\wrk
[[3640]]
image = C:\Program Files\Dynamips\images\c3640-jk9o3s-mz.123-14.T7.bin
ram = 128
ghostios = true
[[3745]]
image = C:\Program Files\Dynamips\images\C3745-AD.BIN
ram = 128
ghostios = true
[[Router BB1]]
model = 3640
console = 2007
slot1 = NM-4T
slot2 = NM-4T
S1/0 = BB3 S1/0
S1/1 = FRSW 21
[[Router BB2]]
model = 3640
console = 2008
slot0 = NM-4E
e0/0 = SW1 F1/15
[[Router BB3]]
model = 3640
console = 2009
slot0 = NM-4E
slot1 = NM-4T
e0/0 = SW2 F1/15
[[Router SW1]]
model = 3745
console = 2012
slot1 = NM-16ESW
# Inter-Switch trunk
F1/0 = SW2 F1/0
# VMWare IPS Control
F1/7 = NIO_gen_eth:\Device\NPF_{536501F5-B971-4928-93B1-C33F737F1429} # lo2
# pix1
F1/8 = PIX1 e3
F1/9 = PIX1 e0
# pix2
F1/10 = PIX2 e3
F1/11 = PIX2 e0
# AAA/CA
F1/12=NIO_gen_eth:\Device\NPF_{28042AFE-9EF5-4599-837F-FF9714E840E1} #lo1
# Trunk to SW2
F1/13=SW2 F1/13
F1/14=SW2 F1/14
[[Router SW2]]
model = 3745
console = 2013
slot1 = NM-16ESW
# VMWare IPS Sensing
F1/7 = NIO_gen_eth:\Device\NPF_{0C2A39A6-9BAE-46BB-8BF6-52EB674203AB} # lo3
# pix1
F1/8 = PIX1 e1
F1/9 = PIX1 e2
# pix2
F1/10 = PIX2 e1
F1/11 = PIX2 e2
# Test PC
F1/12=NIO_gen_eth:\Device\NPF_{BB0DFDA4-4757-4526-BD9E-58CCD4C4DA4C} #lo0
[[FRSW FRSW]]
# R1 to FRSW
1:102 = 2:201
# 1:103 = 3:301
# 1:113 = 13:311
# 1:104 = 4:401
# 1:105 = 5:501
# R2 to FRSW
2:203 = 3:302
# 2:213 = 13:312
# 2:204 = 4:402
# 2:205 = 5:502
# R3 to FRSW
# 3:304 = 4:403
# 3:305 = 5:503
# 13:314 = 4:413
13:315 = 5:513
# R4 to FRSW
4:405 = 5:504
# R6 to FRSW
# 6:51 = 21:51
# 6:100 = 21:100
# 6:101 = 21:101
6:201 = 21:201
# 6:301 = 21:301
# 6:401 = 21:401
Dynamips is running on Win XP with VMware workstation 6.5 where I’ve Win2k3 and IPSv5 installed in VMware. Win2k3 is running Cisco ACS 4.2 (90-day trial version), Certificate Authority (CA&IIS) and tftp/syslog (simple freeware from tftpd32.jounin.net). IPSv5 doesn’t work with new Cisco IPS Manager Express or even IDM. I’ve used PIX 8.0(4) which is compatible with ASA. Cisco VPN client sessions are established from XP.
I’m using DELL Studio notebook Intel Core2 Duo 2.4 CPU with 4GB (XP is using only 3GB). See also CCIE Security Home Lab with dynamips which is for INE workbook version 1.

No comments: