Senin, 02 Mei 2011

ASA di GNS XP n 7 Running tested


Akan ada hari cerah mulain sekarang :)



Dimulai dengan cara yang terbodoh, karena saya juga memulainya dari kesulitan untuk mencobanya maka jika menemukan tulisan ini maka harusnya cocok untuk anda.

saya sudah mencobanya dan running, ingat ya running!!! jadi jangan putus asa jika ada kesulitan ini belum seberapa :

download file berikut :

hxxp://www.4shared.com/account/file/254501758/d82e3ec5/asa.html
hxxp://www.4shared.com/file/cm7sFS6d/asa802-k8initrd.html---> pakai ini terbaru
hxxp://www.4shared.com/account/file/254512204/85f1c21e/run_ASA_in_GNS3_1_.html
hxxp://www.4shared.com/account/file/254502490/6ab3e84c/vmlinuz.html
hxxp://www.4shared.com/file/255524061/64f96bc1/configuring_ASA___steps_video.html


ikuti instruksi berikut :

Edit --> Preference --> Qemu --> ASA

Initrd --> asa802-k8.initrd.gz (unpacked file) ingat ini tetap gz jangan di bongkar

Kernel -- > vmlinuz

kernel cmd Line --> auto console=ttyS0,9600 bigphysarea=16384 ide1=noprobe

semua ada di program files/gns ingat ya tanpa terkecuali!!!

dan BOOM seperti biasa di gns drag n run console deh :)

jalankan untuk mengaktifkan console
# modprobe e100

# ifconfig eth0 up
# ifconfig eth1 up
# ifconfig eth2 up
# ifconfig eth3 up
# ifconfig eth4 up
# ifconfig eth5 up

# cp /asa/bin/lina /mnt/disk0/lina
# cp /asa/bin/lina_monitor /mnt/disk0/lina_monitor

# cd /mnt/disk0
# /mnt/disk0/lina_monitor



cara wr di sini adalah karena tidak bisa WR:

ciscoasa# copy run disk0:/.private

Source filename [running-config]?

Destination filename [/.private/running-config]? start

%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Cryptochecksum: 75a1ab8d 67a3d116 2bd87367 7942168c

1966 bytes copied in 7.30 secs (280 bytes/sec)
ciscoasa#


kalau ada kesulitan mungkin membantu (tapi saya tidak sampai menggunakanya)

For all of you who cannot ping or establish connectivity - this is due to the fact that the "default" mac addresses overlap between your ASA instances. if you run QEMUWRAPPER you will see this. The way I fixed it was:

ASA1:

# ifconfig eth0 down hw ether 00:00:AB:CD:10:10
# ifconfig eth1 down hw ether 00:00:AB:CD:10:11
# ifconfig eth2 down hw ether 00:00:AB:CD:10:12
# ifconfig eth3 down hw ether 00:00:AB:CD:10:13
# ifconfig eth4 down hw ether 00:00:AB:CD:10:14
# ifconfig eth5 down hw ether 00:00:AB:CD:10:15

ifconfig eth0 up
# e1000: eth0: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth1 up
# e1000: eth1: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth2 up
# e1000: eth2: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth3 up
# e1000: eth3: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth4 up
# e1000: eth4: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth5 up
e1000: eth5: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex

(proceed with boot after)

ASA2:

# ifconfig eth0 down hw ether 00:00:AB:CD:11:10
# ifconfig eth1 down hw ether 00:00:AB:CD:11:11
# ifconfig eth2 down hw ether 00:00:AB:CD:11:12
# ifconfig eth3 down hw ether 00:00:AB:CD:11:13
# ifconfig eth4 down hw ether 00:00:AB:CD:11:14
# ifconfig eth5 down hw ether 00:00:AB:CD:11:15

ifconfig eth0 up
# e1000: eth0: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth1 up
# e1000: eth1: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth2 up
# e1000: eth2: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth3 up
# e1000: eth3: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth4 up
# e1000: eth4: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex
# ifconfig eth5 up
e1000: eth5: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex

(proceed with boot after)

ASA1:

ciscoasa(config)# int e0/0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0


ASA2:

ciscoasa(config)# int e0/0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# ip address 10.10.10.2 255.255.255.0
ciscoasa(config-if)#

Results:


ciscoasa# ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa# ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/10/40 ms

ciscoasa# show arp
inside 10.10.10.1 0000.abcd.1010

There !

I still have the save issue. A note to posters - when you offer help, please VERIFY that your help works. I have seen this thread on many different boards and it is the same guys posting the same stuff. The key items you will have issues with are:

1. Channel cannot connect to interface - this is a bad image issue / mem issue. Acquire the proper image.
2. No ping / network connectivity - resolved above. If you are studying for the CCIE Security, you should understand that nameif doesn't fix issues and that the ASA can ping regardless of inspect ICMP. You will at least get an ARP entry even if the ping isn't allowed. For this issue however, no arp entries were being generated as they were duplicate !
3. No save to flash:/.private/ - I still have this issue.

Thx Aluminati
ok ya..
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)