Show page

Differences

This shows you the differences between two versions of the page.

--- sred:setup_lab [2019/10/23 23:34]
horia.stoenescu
+++ sred:setup_lab [2020/11/14 21:57] (current)
horia.stoenescu
@@ Line 1: / Line 1: @@
-==== Setup lab Cisco =====
+==== Setup lab Cisco (OLD - GNS3 - 2019) =====
 See [[https://acs.curs.pub.ro/2019/mod/folder/view.php?id=5985|here]] the required files for creating on your machines the topologies found in labs (you need to be enrolled on course for accessing them).
 Folder **Tools** contains:
-  * **GNS3 installer** (version 2.2.0). After installation, access the application and choose for setup wizard: 'Run appliances on my local computer' and leave for default configuration for server path, IP (localhost) and port (3080 - TCP).
+  * **GNS3 installer** (version 2.2.0). After installation, access the application and choose for setup wizard: '//Run appliances on my local computer//' and leave for default configuration for server path, IP (//localhost//) and TCP port (//3080//). For configuring your profile, add new machines etc., access Preferences from Edit or simpler by pressing **Ctrl + Shift + P**.
-  * **Solar-putty** for console application to machines using telnet
+  * **Solar-PuTTY** for accessing console application to machines using telnet. Configure it by going to Preferences in GNS3 > General > Console Applications > Console application command for telnet, where you need to add:
+<code>
+"$path_to_solar_putty_exe" --telnet --hostname %h --port %p --name %d
+</code>
+(tutorial on this [[https://www.youtube.com/watch?v=iuev1Hyc-f4|link]])
+<note warning>
+To use the **NAT** cloud from GNS3, you will need also to install VMware Workstation (download [[https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html|here]]). Only for that component the VMware in necessary, in rest only VirtualBox.
+After installing VMWare, there is need to add some vmnets on the machine. Go to Preferences (Ctl+shift+P) > VMWare (see the executable on tab Local settings is the correct one) > Advanced local settings tab > Add vmnets from vmnet8 to vmnet8 > Configure and wait for the process to finish. After this, try to add a NAT cloud. See more on this [[https://www.gns3.com/community/discussion/how-the-nat-node-in-gns3-works|link]] about this appliance.
+</note>
+Note that for Linux device, gnome-terminal is added by default and can be used without Solar-PuTTY.
+  * **VirtualBox** installer which is the recommended hosted hypervisor for virtualization
+==== Linux machines (UbuntuVM, KaliVM and InternetVM) ====
+  * **Ubuntu**: you can download the Ubuntu 18.04 LTE image directly from their [[http://releases.ubuntu.com/18.04/|website]], use it to create a VM in VirtualBox and import it in GNS3.
+  * **Kali**: same as for Ubuntu (download from [[https://www.kali.org/downloads/|here]] iso)
+  * **InternetVM**: download the machine used in lab from [[https://drive.google.com/file/d/131Htsxcc_rcDagwfIvrk58_lKqqaAlib/view?usp=sharing|here]] (it has 2 network adapters attached to Generic Driver - one used for connection with router/FTD/WSA and the other with NAT cloud for Internet access)
+Make sure your VMs are opened in Virtual Box. Go to Preferences, VirtualBox VMs > New and select from the list the VM > Finish and verify the configuration using Edit. Ubuntu and Kali need to have 1 network adapter (on tab Network) and InternetVM 2. All adapters need to be "Generic driver" to be recognised by GNS3.
+In case of Linux devices, utilities from [[https://en.wikipedia.org/wiki/Iproute2|iproute2]] are detailed for configuring.
+== Reminder ip address Linux ==
+<code>
+user@LinuxMachine ~ $ sudo ip a a 10.10.10.2/24 dev enp0s3
+user@LinuxMachine ~ $ ifconfig enp0s3
+eth1      Link encap:Ethernet  HWaddr [...]
+          inet addr:10.10.10.2  Bcast:0.0.0.0  Mask:255.255.255.0
+          BROADCAST MULTICAST  MTU:1500  Metric:1
+[...]
+# ip a a stands for: ip address add. Try to use shortcuts for configurations
+</code>
+== Reminder ip route Linux ==
+<code>
+user@LinuxMachine ~ $ sudo ip r a default via 10.20.20.2 dev enp0s3
+user@LinuxMachine ~ $ ip r s
+default via 10.20.20.2 dev enp0s3
+[...]
+# ip r s stands for: ip route show
+</code>
+<note tip>
+Try to use shortcuts as much as possible
+</note>
+==== Cisco routers ====
+On the course link, there exist 2 images for Cisco 3640 (used in lab1) and Cisco 7200 (can be used for both 1 and 2) that need to be imported in GNS3 in a form of **appliance**. Go to File > New template (a plus sign on left) > Install an appliance from the GNS3 server > on filter add 3640/7200 and select > Click Install > Install the appliance on your local computer > Check allow custom files (click Yes to dialog box) and click Import > Add here the .bin file downloaded > Accept the warning about integrity check > Select the appliance (it needs to have the status: Ready to install > Next and Finish.
+After this, from the left side, select Browse all devices, then right click on the newly added appliance and click on configure template. Add a new network slot (Slots - third tab) - PA-4E for 7200 and NM-4E for 3540. After this, you drag and drop the virtual router in your project.
+== Reminder ip addresses Cisco ==
+Let's say I want to add the IP address: 10.10.10.1/24 to interface FastEthernet0/0:
+<code>
+CISCO_7200(config)#interface FastEthernet 0/0
+CISCO_7200(config-if)#no shutdown
+%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
+%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
+CISCO_7200(config-if)#ip address 10.10.10.1 255.255.255.0
+</code>
+== Reminder ip route Cisco ==
+In this case I want to add a default route to internet via 10.30.30.2 (the ip of InternetVM on interface enp0s3):
+<code>
+CISCO_7200(config)#ip route 0.0.0.0 0.0.0.0 10.30.30.2
+</code>
+<note>
+Do not forget about the question mark character that you can use for autocomplete the IOS syntax. Example:
+<code>
+CISCO_7200(config)#int fastEthernet 0/0
+CISCO_7200(config-if)#?
+  arp                Set arp type (arpa, probe, snap) or timeout
+  bandwidth          Set bandwidth informational parameter
+  cdp                CDP interface subcommands
+  channel-group      Add this interface to an Etherchannel group
+[...]
+</code>
+</note>
+==== Cisco Firepower Threat Defence ====
+Download from [[https://drive.google.com/file/d/1wZi3h7wnMnDx0GxVye_ArfvzNHU71pxE/view?usp=sharing|here]] the zip for Cisco FTD which contains: a VDI image and 2 OVFs. After unzipping the files, you are required to open the first one (with //*-VI-6.5.0-115//) using Virtual Box and configure the appliance settings as follows:
+  * CPU: 4 (use only 4 vCPUs)
+  * RAM: 8196 MB (the minimum required value)
+  * deselect DVD
+  * keep only the first 4 network adapters (deselect the last 4 of them)
+  * modify the Base folder (if you want so) to add the VM files
+The click Import and wait for it to complete.
+<note important>
+After importing the VM files to your machine, **keep them in the base folder location**. The configuration may not work due to this path modification.
+</note>
+<note important>
+Another important aspect here is to **NOT open the VM** after import. Wait for GNS3 ones from below.
+</note>
+Before going to GNS3, you to modify the network adapter configuration. Go to VirtualBox > right click on the FTD VM > Settings > Network:
+  * for adapter 1, enable it, attach to **Host-only Adapter** (with name VirtualBox Host-only Adapter). Then go to Advanced and choose for adapter type **Paravirtualized Network (virtio-net)** and keep the rest as they are
+  * for adapters 2->4, enable them, attach to **Generic Driver**. The other fields are going to be populated by GNS3.
+Continuing, there is need to import the FTD in GNS3. Go to GNS3 > Preferences (Ctrl+Shift+P) > VirtualBox > VirtualBox VMs > New > select the VM from the list (see the name you gave it) > then Finish. You need to also modify the configuration by going to Edit > Network > change adapters number to 4 (the default value is 1), modify name format to GigabitEthernet{0} and configure custom adapters:
+  * for Adapter 0 change adapter type to Paravirtualized Network (virtio-net)
+  * for Adapter 1->3 leave them as they are
+Click Ok and Apply.
+After this, you can drag and drop the newly added machine (found as //appliance// on left side). You can start the machine and wait for it to boot. To use a different terminal than the one from VBox, you can use PuTTY or Solar-PuTTY to access it on the management interface using ssh (port 22 is enabled by default).
+<note tip>
+The management interface has the following ip address: **192.168.56.102** (with default gateway 192.168.56.1).
+</note>
+After waiting for 10 minutes, from your browser access the Firepower Device Manager ([[https://www.cisco.com/c/en/us/products/security/security-management/firepower-device-manager.html|FDM]] - a web based user interface on the firewall) using the management ip from above and https protocol (no http - there is not redirect done to http over ssl).
+<note>
+**Credentials** for FTD (default ones):
+user: admin
+passwd: Admin123
+</note>
+You have now to:
+  * configure the interfaces (after connecting them with links on GNS3)
+  * add a default route via the ip address with InternetVM
+  * add two zones: for inside and outside interfaces
+  * create an access control rule for allowing any traffic from inside zone to outside zone (the default action is at the end - deny any any).
+Deploy at the end for changes to take effect.
 === Lab 1 topology ===
@@ Line 10: / Line 143: @@
 === Lab 2 topology ===
+{{:sred:lab2_sred_topology2.png?750|}}
+=== Lab 3 topology ===
+{{:sred:lab3_sred_topologie.png?750|}}

Remote setup

Eve-ng cloud setup

Local setup

SRED project 2023

Cookbooks:

Courses

See them on course page

sred/setup_lab.1571862855.txt.gz · Last modified: 2019/10/23 23:34 by horia.stoenescu

Show page Old revisions

Media Manager Back to top