This is an old revision of the document!


Setup lab Cisco

See here the required files for creating on your machines the topologies found in labs (you need to be enrolled on course for accessing them).

Folder Tools contains:

  • GNS3 installer (version 2.2.0). After installation, access the application and choose for setup wizard: 'Run appliances on my local computer' and leave for default configuration for server path, IP (localhost) and TCP port (3080). For configuring your profile, add new machines etc., access Preferences from Edit or simpler by pressing Ctrl + Shift + P.
  • Solar-PuTTY for accessing console application to machines using telnet. Configure it by going to Preferences in GNS3 > General > Console Applications > Console application command for telnet, where you need to add:
"$path_to_solar_putty_exe" --telnet --hostname %h --port %p --name %d 

(tutorial on this link)

To use the NAT cloud from GNS3, you will need also to install VMware Workstation (download here). Only for that component the VMware in necessary, in rest only VirtualBox.

Note that for Linux device, gnome-terminal is added by default and can be used without Solar-PuTTY.

  • VirtualBox installer which is the recommended hosted hypervisor for virtualization

Linux machines (UbuntuVM, KaliVM and InternetVM)

  • Ubuntu: you can download the Ubuntu 18.04 LTE image directly from their website, use it to create a VM in VirtualBox and import it in GNS3.
  • Kali: same as for Ubuntu (download from here iso)
  • InternetVM: download the machine used in lab from here (it has 2 network adapters attached to Generic Driver - one used for connection with router/FTD/WSA and the other with NAT cloud for Internet access)

Make sure your VMs are opened in Virtual Box. Go to Preferences, VirtualBox VMs > New and select from the list the VM > Finish and verify the configuration using Edit. Ubuntu and Kali need to have 1 network adapter (on tab Network) and InternetVM 2. All adapters need to be “Generic driver” to be recognised by GNS3.

In case of Linux devices, utilities from iproute2 are detailed for configuring.

Reminder ip address Linux
user@LinuxMachine ~ $ sudo ip a a 10.10.10.2/24 dev enp0s3
user@LinuxMachine ~ $ ifconfig enp0s3
eth1      Link encap:Ethernet  HWaddr [...]
          inet addr:10.10.10.2  Bcast:0.0.0.0  Mask:255.255.255.0
          BROADCAST MULTICAST  MTU:1500  Metric:1
[...]
# ip a a stands for: ip address add. Try to use shortcuts for configurations
Reminder ip route Linux
user@LinuxMachine ~ $ sudo ip r a default via 10.20.20.2 dev enp0s3
user@LinuxMachine ~ $ ip r s
default via 10.20.20.2 dev enp0s3
[...]
# ip r s stands for: ip route show

Try to use shortcuts as much as possible

Cisco routers

On the course link, there exist 2 images for Cisco 3640 (used in lab1) and Cisco 7200 (can be used for both 1 and 2) that need to be imported in GNS3 in a form of appliance. Go to File > New template (a plus sign on left) > Install an appliance from the GNS3 server > on filter add 3640/7200 and select > Click Install > Install the appliance on your local computer > Check allow custom files (click Yes to dialog box) and click Import > Add here the .bin file downloaded > Accept the warning about integrity check > Select the appliance (it needs to have the status: Ready to install > Next and Finish.

After this, from the left side, select Browse all devices, then right click on the newly added appliance and click on configure template. Add a new network slot (Slots - third tab) - PA-4E for 7200 and NM-4E for 3540. After this, you drag and drop the virtual router in your project.

Reminder ip addresses Cisco

Let's say I want to add the IP address: 10.10.10.1/24 to interface FastEthernet0/0:

CISCO_7200(config)#interface FastEthernet 0/0
CISCO_7200(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

CISCO_7200(config-if)#ip address 10.10.10.1 255.255.255.0
Reminder ip route Cisco

In this case I want to add a default route to internet via 10.30.30.2 (the ip of InternetVM on interface enp0s3):

CISCO_7200(config)#ip route 0.0.0.0 0.0.0.0 10.30.30.2

Do not forget about the question mark character that you can use for autocomplete the IOS syntax. Example:

CISCO_7200(config)#int fastEthernet 0/0
CISCO_7200(config-if)#?
  arp                Set arp type (arpa, probe, snap) or timeout
  bandwidth          Set bandwidth informational parameter
  cdp                CDP interface subcommands
  channel-group      Add this interface to an Etherchannel group
[...]

Cisco Firepower Threat Defence

Download from here the zip for Cisco FTD which contains: a VDI image and 2 OVFs. After unzipping the files, you are required to open the first one (with *-VI-6.5.0-115) using Virtual Box and configure the appliance settings as follows:

  • CPU: 4 (use only 4 vCPUs)
  • RAM: 8196 MB (the minimum required value)
  • deselect DVD
  • keep only the first 4 network adapters (deselect the last 4 of them)
  • modify the Base folder (if you want so) to add the VM files

The click Import and wait for it to complete.

After importing the VM files to your machine, keep them in the base folder location. The configuration may not work due to this path modification.

Another important aspect here is to NOT open the VM after import. Wait for GNS3 ones from below.

Before going to GNS3, you to modify the network adapter configuration. Go to VirtualBox > right click on the FTD VM > Settings > Network:

  • for adapter 1, enable it, attach to Host-only Adapter (with name VirtualBox Host-only Adapter). Then go to Advanced and choose for adapter type Paravirtualized Network (virtio-net) and keep the rest as they are
  • for adapters 2→4, enable them, attach to Generic Driver. The other fields are going to be populated by GNS3.

Continuing, there is need to import the FTD in GNS3. Go to GNS3 > Preferences (Ctrl+Shift+P) > VirtualBox > VirtualBox VMs > New > select the VM from the list (see the name you gave it) > then Finish. You need to also modify the configuration by going to Edit > Network > change adapters number to 4 (the default value is 1), modify name format to GigabitEthernet{0} and configure custom adapters:

  • for Adapter 0 change adapter type to Paravirtualized Network (virtio-net)
  • for Adapter 1→3 leave them as they are

Click Ok and Apply.

After this, you can drag and drop the newly added machine (found as appliance on left side). You can start the machine and wait for it to boot. To use a different terminal than the one from VBox, you can use PuTTY or Solar-PuTTY to access it on the management interface using ssh (port 22 is enabled by default).

The management interface has the following ip address: 192.168.56.102 (with default gateway 192.168.56.1).

After waiting for 10 minutes, from your browser access the Firepower Device Manager (FDM - a web based user interface on the firewall) using the management ip from above and https protocol (no http - there is not redirect done to http over ssl).

Credentials for FTD (default ones):

user: admin

passwd: Admin123

You have now to:

  • configure the interfaces (after connecting them with links on GNS3)
  • add a default route via the ip address with InternetVM
  • add two zones: for inside and outside interfaces
  • create an access control rule for allowing any traffic from inside zone to outside zone (the default action is at the end - deny any any).

Deploy at the end for changes to take effect.

Lab 1 topology

Lab 2 topology

Lab 3 topology

sred/setup_lab.1574191112.txt.gz · Last modified: 2019/11/19 21:18 by horia.stoenescu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0