 成长值: 58255
|
Virtual Security ESXi LAB
I have successfully produced this via a VMware ESXI desktop running i7 3.4 32 gig ram 2 tb sata disk -dell pc 9020.
Idea being iou as the routing and switching base plugging in via cloud interfaces all the additional devices, ASA, PC, Server (working so far) then ACS, IPS, WSA, ISE vWLC etc
Note : ASA have 1 connection, trunk port on the IOU switch using sub interfaces on the ASA to create as many as interfaces as you like.
I know that some of the kit may not work but we can see how far we can get it.
================================================================================
Software …
Hidden Content
--------------------------------------------------------------------
Vmware Esxi - Product: VMware vSphere 5 Desktop Host Licensed for 1 physical CPUs (1-12 cores per CPU)
This needs to be licensed and include - Product Features: Remote virtual Serial Port Concentrator.
Unfortunately I cannot share this as it is not my own, but you can download the software from VM and find a licence key some ware – if someone can share this please send me the links and I will update.
--------------------------------------------------------------------
IOU – people from RnS will know about UD’s sterling work … thanks again mate.
http://certcollection.org/forum/topic/177230-12221-iou-web-vm-update-oct-2013/
Take the time to read the how to doc it is very good.
http://certcollection.org/forum/topic/184010-iou-web-help-updated-18082013-added-timer-multiple-config-packs/
--------------------------------------------------------------------
ASA
http://www.4shared.com/archive/VKUVeW5-ba/ASA842_OVF.html
Note only works on esxi.
--------------------------------------------------------------------
IPS 4240 ver 7
http://www.4shared.com/file/61_IM-FHce/forty-two-forty.html
thanks to unholy darkness
ESXI verified so far
username cisco
password ciscoips123
================================================================================
VM – allow remote serial connections
VM’s internal firewall blocks these so firstly turn this off, Don’t for get to first enable ssh on exsi – via console (bios type interface). Then allow the ports on the VM’s firewall (internal ).
http://virtuallyhyper.com/2013/01/connecting-to-a-vm-using-serial-port-over-the-network-with-moxa-device-server/
I have my devices serial mapped like this…
HOSTNAME IP ADDRESS PORT CLOUD PORT NOTE
IOU-VM IOU Host IP 80 MGMT
R1 IOU Host IP 2001 IOU VM
R2 IOU Host IP 2002 IOU VM
R3 IOU Host IP 2003 IOU VM
R4 IOU Host IP 2004 IOU VM
R5 IOU Host IP 2005 IOU VM
R6 IOU Host IP 2006 IOU VM
SW1 IOU Host IP 2007 IOU VM
SW2 IOU Host IP 2008 IOU VM
SW3 IOU Host IP 2009 IOU VM
SW4 IOU Host IP 2010 IOU VM
ASA1 ESXI Host IP 3001 91 mgmt int g3 via host only for asdm
ASA2 ESXI Host IP 3002 92 mgmt int g3 via host only for asdm
ASA3 ESXI Host IP 3003 93 mgmt int g3 via host only for asdm
ASA4 ESXI Host IP 3004 94 mgmt int g3 via host only for asdm
Win7 192.168.1.21 mgmt int e0/1 | e0/0
VM Switch for cloud connections
Here you will create a vswitch sending all vlans one for each cloud interface, so you will create cloud-91-8.
Idea being to connect any device to IOU say ASA you connect the nic on each device into this cloud and they talk.
(This is imperative for this to work).
In vmware create standard switch …
“Host\configuration\networking\add networking”
Connection types = virtual machine (next)
Network access = create vsphere standard switch (next)
Connection settings
Network label: = Cloud-9x
VLan ID : = ALL(4095) <<<<<<important do not miss!
(next)
Summary (next).
Do this 8 times for each Cloud-91, Cloud-92, Cloud-93 etc
IOU
Import your IOU then
Add more memory and cores to IOU more the better (whatever you can afford)
Add 10 NICs (to the VM) – NIC 1 for IOU management, NIC2=Cloud-91, NIC3=Cloud-92 etc.
!
Build Topology in IOU (read UD’s IOU guide)
http://certcollection.org/forum/topic/184010-iou-web-help-updated-18082013-added-timer-multiple-config-packs/
The dot net file I have used is this….
!
######Routers are devices 1,2,3,4,5,6##
######Switches are 7,8,9,10###########
######Routers to switches###########
1:0/0 7:0/1
1:0/1 8:0/1
2:0/0 7:0/2
2:0/1 8:0/2
3:0/0 7:0/3
3:0/1 8:0/3
4:0/0 7:1/1
4:0/1 8:1/1
5:0/0 7:1/2
5:0/1 8:1/2
6:0/0 7:1/3
6:0/1 8:1/3
####Switch to switch connections####
7:3/0 8:3/0
7:3/1 8:3/1
7:3/2 9:3/2
7:3/3 9:3/3
7:2/2 10:2/2
7:2/3 10:2/3
9:2/2 8:2/2
9:2/3 8:2/3
9:3/0 10:3/0
9:3/1 10:3/1
8:3/2 10:3/
8:3/3 10:3/3
#####Cloud interfaces staring from 91=eth01,92=eth02,etc######
7:4/0 91:0/0
8:4/0 92:0/0
7:4/1 93:0/0
8:4/1 94:0/0
7:4/2 95:0/0
8:4/2 96:0/0
7:4/3 97:0/0
8:4/3 98:0/0
#####routers to routers serial######
1:1/0 4:1/0
1:1/1 5:1/0
4:1/1 2:1/0
2:1/1 3:1/1
3:1/0 5:1/1
!
Once saved the net file, set routers to layer3 images / switches to layer2 images (latest ones)
Increate ram – set routers to 512 and switches to 1024.
Increase Eth number to 5 on sw1-sw4 giving you e4/0-3.
Label each could interface and assign it an Eth interface, these will map to the NICs on the iou VM i.e. Cloud-91= nic2, Cloud-92= nic3 etc (this order as mgmt. is nic 1).
!
Ensure the devices sheet looks identical to below.
!
Now of course turn the devices and clouds on.
!
ASA
Import your ovf file
Set your first NIC to Cloud-9x
Set Nic 4 to the local vm network you can use this for asdm connections (just add address to ASA g3).
ALso can use host only for and vm host to host connection i.e. ASA to ASA, ASA to PC etc
!
Set serial connection to use over telnet (esxi host - port mapping) ….
Network server
Port URI: = telnet port as telnet://:300x
!
Other devices I.e. PC / Server .
Install them and add 2 NICs 1 to appropriate cloud interfaces other to VMnetwork for mgmt...
Test connectivity.
For example here ASA 1 g0.111 (vlan 111 tagged) connected via cloud-91 to sw1 e4/1, which is set to trunk running vl 111
!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! ASA1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!
interface GigabitEthernet0
no nameif
no security-level
no ip address
!
interface GigabitEthernet0.111
vlan 111
nameif inside
security-level 100
ip address 6.6.111.11 255.255.255.0
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! SW1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
SW1#sh run int e4/0
!
interface Ethernet4/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
SW1(config-if)#do sh ru int vl 111
!
interface Vlan111
ip address 6.6.111.7 255.255.255.0
!
SW1(config-if)#do ping 6.6.111.11
Sending 5, 100-byte ICMP Echos to 6.6.111.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/206/1029 ms
!
Enjoy .. Dave
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2014-6-6 17:44:28
置顶卡
喧嚣卡
变色卡
千斤顶
