看了ronsun的帖子,最近才测试了一下ASA qemu,非常的棒。应该说是相当的棒。
通过udp来连接dynamips更方便。大家可以试一试。感谢ronsun!感谢为pemu工作的所有朋友!!
下载附件中的文件,解压缩到ronsun提供的ASA模拟器的目录中就可以使用了。有问题大家再讨论!!
下面是我测试ASA nat的配置清单,分享一下。
网络拓扑: R0 f0/0---- e0/0-ASA -e0/1 ------f0/0 R1
|
|e0/2
|
R2 f0/0
.net文件如下:
autostart = False
ghostios = True
sparsemem = True
model = 3660
[localhost:7200]
[[7200]]
image = .\ios\72.bin
npe = npe-400
ram = 256
exec_area = 32
[[3660]]
image = .\ios\36.bin
ram = 256
exec_area = 32
cnfg = .\config.txt
[[ROUTER R0]]
f0/0 = NIO_udp:9000:127.0.0.1:5000
f0/1 = R00 f0/0
[[ROUTER R1]]
f0/0 = NIO_udp:9001:127.0.0.1:5001
f0/1 = R01 f0/0
[[ROUTER R2]]
f0/0 = NIO_udp:9002:127.0.0.1:5002
f0/1 = R02 f0/0
============================================
ASA启动bat如下:
@echo off
setlocal
set command_name= ASA.exe -L . -hda FLASH -hdachs 980,16,32 -kernel vmlinuz -initrd asa802-k8.gz -m 256 --no-kqemu
set parameter= -append "auto nousb ide1=noprobe bigphysarea=16384 console=ttyS0,9600n8 hda=980,16,32"
set nic1=-net nic,vlan=1,macaddr=00:d0:f8:01:01:00,model=i82559er -net udp,vlan=1,sport=5000,dport=9000,daddr=127.0.0.1
set nic2=-net nic,vlan=2,macaddr=00:d0:f8:01:01:01,model=i82559er -net udp,vlan=2,sport=5001,dport=9001,daddr=127.0.0.1
set nic3=-net nic,vlan=3,macaddr=00:d0:f8:01:01:02,model=i82559er -net udp,vlan=3,sport=5002,dport=9002,daddr=127.0.0.1
set options=-serial telnet::4000,server,nowait
%command_name% %parameter% %nic1% %nic2% %nic3% %options%
==================================================================
R0,outside 路由器配置清单:
OUT#show run
hostname OUT
enable password cisco
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.11.1 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
end
==================================
R1 inside路由器配置清单如下:
hostname IN
enable password cisco
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.12.12
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
end
=================================
ASA 配置如下:
asa802(config)# show run
: Saved
ASA Version 8.0(2)
hostname asa802
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.11.11 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.12.12 255.255.255.0
!
access-list outside_in extended permit ip any host 192.168.11.50
global (outside) 1 192.168.11.15-192.168.11.25
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.11.50 2.2.2.2 netmask 255.255.255.255
access-group outside_in in interface outside
route outside 1.1.1.0 255.255.255.0 192.168.11.1 1
route inside 2.2.2.0 255.255.255.0 192.168.12.1 1
asa802(config)#
==========================================
说明一下:这个测试其实很简单,内部的in路由器可以访问外部的out路由器,外部的out路由器通过192.168.11.50这个地址映射到2.2.2.2内部路由器上,实现了外部访问内部。
telnet测试都已经通过了。顺便附上ASA.exe及相关文件。
[hide]
ASA.rar (1.92 MB)
