查看文章 |
如何在pemu pix 中激活vpn
2009-06-01 21:48
FROM:http://blog.chinaunix.net/u/12442/showart_427979.html 在Win-XP中用pemu模拟Cisco PIX525防火墙 1、下载软件 QUOTE:
QUOTE:
QUOTE:
CODE:
serial=0x301D10D1
image=pix721 key=0x5236f5a1,0x97def6da,0x732a91f5,0xf5deef57 bios1=mybios_d8000 bios2=bios.bin bios_checksum=1
QUOTE:
I:\cisco\ccsp\pix模拟软件\pemu_win32_02>pemu.exe -net nic,macaddr=00:aa:00:00:02
:01 -net tap,ifname=tap0 -net nic,macaddr=00:aa:00:00:02:02 -net tap,ifname=tap1 -net nic,macaddr=00:aa:00:00:02:03 -net tap,ifname=tap2 -serial tcp::4444,server TAP-Win32 Driver Version 8.4 [Handle 768] TAP-Win32 Driver Version 8.4 [Handle 74C] TAP-Win32 Driver Version 8.4 [Handle 730] QEMU waiting for connection on: :4444,server <------------------显示这个信息时就可以用telnet 127.0.0.1 4444登录Pix525了 Could not open '\\.\kqemu' - QEMU acceleration layer not activated Values read from ini file: Serial=301d10da (807211226) Image="pix721" key=5236f5a1,97def6da,732a91f5,f5deef57 bios1=mybios_d8000 bios2=bios.bin bios_ckecksum=yes BIOS file mybios_d8000 (3276  read 32768 bytesBIOS file bios.bin (131072) read 131072 bytes Image file read 18374703 bytes, @100000 Key set to: 5236f5a1,97def6da,732a91f5,f5deef57 Read 16777216 bytes from flash 注:如果运行时出现“没找到tap0接口”之类的错误,请把所有的虚拟网卡都删除,重启系统,再次添加虚拟网卡即可。 作者版权所有,转载请注明来自cu-yuhuohu.
QUOTE:
128MB RAM
Total NICs found: 3 i82559 Ethernet at irq 11 MAC: 00aa.0000.0203 i82559 Ethernet at irq 11 MAC: 00aa.0000.0202 i82559 Ethernet at irq 9 MAC: 00aa.0000.0201 BIOS Flash=am29f400b @ 0xd8000 Initializing flashfs... flashfs[7]: 3 files, 2 directories flashfs[7]: 0 orphaned files, 0 orphaned directories flashfs[7]: Total bytes: 16128000 flashfs[7]: Bytes used: 2560 flashfs[7]: Bytes available: 16125440 flashfs[7]: flashfs fsck took 1 seconds. flashfs[7]: Initialization complete. 如果激活码(activation-key)不对的话,会出现以下红字信息 Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 This activation key is not valid, use default settings only This platform has an restricted (R) license. -------------------------------------------------------------------------- . . | | ||| ||| .|| ||. .|| ||. .  || | |||:..|| | |||:. C i s c o S y s t e m s -------------------------------------------------------------------------- Cisco PIX Security Appliance Software Version 7.2(1) ****************************** Warning ******************************* This product contains cryptographic features and is subject to United States and local country laws governing, import, export, transfer, and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute, or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return the enclosed items immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. ******************************* Warning ******************************* Copyright (c) 1996-2006 by Cisco Systems, Inc. Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Type help or '?' for a list of available commands.
CODE:
pixfirewall> en
en Password: pixfirewall# ac 5236f5a1 97def6d1 732a91f1 f5deef51 pixfirewall# exit pixfirewall> exit 注:如果输入指令时发现有回显问题,可在SecureCRT的telnet配置中选择“force character at a time” 因为从pix 7.x开始,无法在pemu.ini中指定激活码,因此需要启动后手工录入,录入后会写在flash中,因此不用担心信息丢失。 重新运行模拟器后,再看看防火墙的状态,已经是无限制的全功能版本了!!!
CODE:
pixfirewall> sh ver
sh ver Cisco PIX Security Appliance Software Version 7.2(1) Compiled on Wed 31-May-06 14:45 by root System image file is "Unknown, monitor mode tftp booted image" Config file at boot was "startup-config" pixfirewall up 1 min 18 secs Hardware: PIX-525, 128 MB RAM, CPU Pentium II 1 MHz Flash E28F128J3 @ 0xfff00000, 16MB BIOS Flash AM29F400B @ 0xfffd8000, 32KB 0: Ext: Ethernet0 : address is 00aa.0000.0201, irq 9 1: Ext: Ethernet1 : address is 00aa.0000.0202, irq 11 2: Ext: Ethernet2 : address is 00aa.0000.0203, irq 11 Licensed features for this platform: Maximum Physical Interfaces : 10 Maximum VLANs : 100 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Cut-through Proxy : Enabled Guards : Enabled URL Filtering : Enabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : Unlimited This platform has an Unrestricted (UR) license. Serial Number: 707211225 Running Activation Key: 0x12345678 0x97def6da 0x732a91f5 0xf5deef57 Configuration has not been modified since last system restart. 作者版权所有,转载请注明来自cu-yuhuohu. 4、限制CPU QUOTE:
如果不限制pemu将尽可能高的使用CPU,这将意味着你再也别想在你的机器上干别的活了
 还好,限制某个进程的CPU使用率很简单,安装BES软件,然后运行,把pemu进程的CPU使用率控制一下就OK了
5、bat脚本 QUOTE:
为了方便不用每次都开bes和pemu,可一次写在bat文件中:
CODE:
I:\cisco\ccsp\pix模拟软件\BES\BES.exe
I:\cisco\ccsp\pix模拟软件\pemu_win32_02\pemu.exe -net nic,vlan=1,macaddr=00:aa:00:00:02:01 -net tap,vlan=1,script=if1up,ifname=tap0 -net nic,vlan=2,macaddr=00:aa:00:00:02:02 -net tap,vlan=2,script=if2up,ifname=tap1 -net nic,vlan=3,macaddr=00:aa:00:00:02:03 -net tap,vlan=3,script=if3up,ifname=tap2 -serial tcp::4444,server XP中可删除script=if1up script=if2up script=if3up,这些是在linux中需要用的选项。 BAT文件第一次运行无效,关闭再来一次就OK了  pix-e0----------------tap0 pix-e1----------------tap1 pix-e2----------------tap2 你只要为PIX的e0配上IP并激活接口,为XP的tap0配上IP,就可以互Ping了 作者版权所有,转载请注明来自cu-yuhuohu. 6、构建网络 QUOTE:
虚拟机-----edit----vitual network settings---host virtual network mapping
在虚拟机的操作界面,把虚拟操作系统的网卡属性选择加入vnet3 or vnet4
搞定了,防火墙的inside,outside,dmz全都有主机连接了,可以开工练手了,哈哈 最后,如果Pix要联入本机(winxp)所在的网络的话,可在xp中网络连接(网上邻居-属性)中选择虚拟网卡(tap0)和物理网卡,然后右键选择桥接即可。 作者版权所有,转载请注明来自cu-yuhuohu. |
最近读者:
