{"id":1028,"date":"2014-05-23T22:33:35","date_gmt":"2014-05-23T20:33:35","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=1028"},"modified":"2014-05-23T22:33:35","modified_gmt":"2014-05-23T20:33:35","slug":"virtualizando-cisco-asa-55xx","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=1028","title":{"rendered":"Virtualizando cisco asa 55xx"},"content":{"rendered":"<p>Esta vez toca ampliar el laboratorio de pr\u00e1cticas de networking&#8230; ya tengo varios routers virtuales mikrotik, pero nunca hab\u00ed\u00ada podido hacer un cisco asa.<br \/>\nHay que decir, que no es legal, no est\u00e1 soportado por cisco y que cada uno que haga lo que quiera&#8230;.<br \/>\nYo lo he usado para practicar el cambio que ha hecho cisco; de la versi\u00f3n 8.2.x a la 8.3 en adelante, ha modificado todo el tema de nat y<br \/>\nLa guia original <a href=\"https:\/\/certcollection.org\/forum\/topic\/219979-create-a-cisco-asa-vm-in-vmware-fusion\/\">aqui<\/a><br \/>\nPrimero de todo, nos bajamos la versi\u00f3n 8.4.2 de cisco asa, junto con el ASDM<br \/>\n<code>https:\/\/software.cisco.com\/download\/release.html?mdfid=280582808&softwareid=280775065&release=9.2.1.ED<br \/>\n<\/code><br \/>\nLuego nos bajamos el script que extrae los ficheros de imagen y nos hace la ISO:<br \/>\n<code>httpss:\/\/gist.github.com\/anonymous\/c3225054e6681a39be16<\/code><br \/>\nPara preparar la ISO, tengo una fedora x86 y los siguientes paquetes:<br \/>\n<code>vim-minimal vim-common mkisofs<\/code><br \/>\nY los instalamos tal que as\u00ed\u00ad:<br \/>\n<code>yum -y install vim-minimal vim-common mkisofs<\/code><br \/>\nYo, modifiqu\u00e9 el script para que el firewall arranque solo y tenga que darle al intro cada vez que se reinicia&#8230;. aqu\u00ed\u00ad cada uno que haga lo que quiera:<br \/>\n<code><br \/>\n#!\/bin\/bash<br \/>\n# FILENAME: repack.v4.1.sh<br \/>\n# AUTHOR: dmz<br \/>\n# SOURCE: https:\/\/7200emu.hacki.at\/viewtopic.php?t=9074<br \/>\n# DISCLAIMER: All information provided here are solely for self-education and investigation purposes. Provided AS-IS without any warranties.<br \/>\nVERSION=4.1<br \/>\nIMAGE=$1<br \/>\nCWD=`pwd`<br \/>\n[ -z \"$IMAGE\" ] && IMAGE=$CWD\/asa842-k8.bin<br \/>\necho \"Repack script version: $VERSION\"<br \/>\nif [ ! -f \"$IMAGE\" ]; then<br \/>\necho \"USAGE: repack.sh \/path\/to\/asa\/image\"<br \/>\nexit 1;<br \/>\nfi<br \/>\nXXD=`which xxd`<br \/>\nISOLINUX_BIN=\/usr\/share\/syslinux\/isolinux.bin<br \/>\nMKISOFS=`which mkisofs`<br \/>\nif [ ! -x \"$XXD\" ]; then<br \/>\necho \"ERROR: xxd command not found\"<br \/>\necho \"Install 'vim' or 'vim-enhanced' package to get it\"<br \/>\nexit 1;<br \/>\nfi<br \/>\nCREATEISO=no<br \/>\nif [ -x \"$MKISOFS\" -a -e \"$ISOLINUX_BIN\" ]; then<br \/>\necho \"Detected syslinux\/cdrtools - ISO will be created\"<br \/>\nCREATEISO=yes<br \/>\nelse<br \/>\necho \"no syslinux\/cdrtools - ISO creation skipped\"<br \/>\nfi<br \/>\nBASE_NAME=`basename \"$IMAGE\"`<br \/>\ncase \"$BASE_NAME\" in<br \/>\n'asa842-k8.bin') # ASA 8.4(2)<br \/>\ndd skip=102400 if=\"$IMAGE\" of=\"$CWD\/asa842-vmlinuz\" bs=1 count=1359344<br \/>\ndd skip=1461744 if=\"$IMAGE\" of=\"$CWD\/asa842-initrd-original.gz\" bs=1<br \/>\nTMP_DIR=`mktemp -d`<br \/>\npushd $TMP_DIR<br \/>\ngunzip -c \"$CWD\/asa842-initrd-original.gz\" | cpio -i --no-absolute-filenames --make-directories<br \/>\nfind . | cpio -o -H newc | gzip -9 > \"$CWD\/asa842-initrd-original.gz\"<br \/>\nsed -i -e \"s\/(VERBOSE=).*\/1yes\/\" etc\/init.d\/rcS<br \/>\nsed -i -e \"s\/echo -n\/echo\/\" etc\/init.d\/S10udev<br \/>\nsed -i -e \"s#^fi$#fingrep -q shell \/proc\/cmdlinen[ $? == 0 ] && echo '\/bin\/sh' >> \/tmp\/run_cmd#\" asa\/scripts\/rcS<br \/>\nsed -i -e \"\/mount\/d\" asa\/scripts\/format_flash.sh<br \/>\nsed -i -e \"s#mount=0#if [ ! -e \/dev\/hda1 ]; then \/asa\/scripts\/format_flash.sh \/dev\/hda1 0 0 \/dev\/hda; finmount=0#\" asa\/scripts\/rcS.common<br \/>\nxxd -r -g 2 -c 16 - asa\/bin\/lina <<end\n02716a0: a1c0 ab32 0a55 89e5 83e8 1283 f80b eb10\n037f350: a1c0 ab32 0a55 89e5 83e8 1283 f80b eb10\n06f4da0: 848b 0100 0083 3dc0 ab32 0aff 0f85 ae00\n06f4df0: 85db c705 40a8 1a0a 0000 0000 0f84 a200\n06f5170: 0085 c075 2be8 160b 98ff 8d95 f4f4 ffff\n06f5c50: c30f 8589 0000 00c7 4424 084f 0200 00c7\n06f5ce0: b801 0000 00d3 e0a9 0000 f43f 0f85 65ff\n06f5d10: 1400 0000 e827 9ae0 0089 c290 8d74 2600\n0c42a60: e8bb 3f00 0085 c00f 84b0 fbff ff8d 7600\n0c42a70: e8ab 3f00 0085 c089 85e8 feff ff0f 849a\n0c42b80: 5424 0889 4424 04c7 0424 0000 0000 e925\n0c42b90: 0200 00e9 0bff ffff e813 9aff ff8d 7600\n0c42db0: feff ff90 8d74 2600 8d46 02c7 45c0 0000\n0c42dc0: 0000 8945 c4c7 45c8 0000 0000 e89f f5ff\n0c42dd0: ff90 9090 e9ca fcff ff8d b426 0000 0000\n0c4a670: 3bff 8db6 0000 0000 8b45 e4c7 45c0 0100\n1502bf0: 83c4 245b 5dc3 6690 85db 75f2 a1c0 ab32\n15505a0: e94b 0000 0098 60bb 098d b426 0000 0000\n1550f50: c0ab 320a 83e8 1283 f80b eb0c 31c0 c9c3\n1551060: c0ab 320a 83e8 1283 f80b eb0c 31c0 c9c3\n1552c10: 42ee 83f8 0b0f 8589 1100 00ba 7160 bb09\n1b6f350: 4f53 5449 4300 4153 4120 3535 3230 0043\nEND\nxxd -r -g 2 -c 2 - asa\/bin\/lina <<end\n0c425d8: 0f85\n0c425ef: eb77\n0c43813: 770b\nEND\nfind . | cpio -o -H newc | gzip -9 > \"$CWD\/asa842-initrd.gz\"<br \/>\npopd<br \/>\nrm -rf $TMP_DIR<br \/>\nif [ \"$CREATEISO\" == \"yes\" ]; then<br \/>\nTMP_DIR=`mktemp -d`<br \/>\npushd $TMP_DIR<br \/>\nmkdir isolinux<br \/>\ncp $ISOLINUX_BIN isolinux\/<br \/>\ncp $CWD\/asa842-vmlinuz .<br \/>\ncp $CWD\/asa842-initrd.gz .<br \/>\ncp $CWD\/asa842-initrd-original.gz .<br \/>\ncat >isolinux\/isolinux.cfg <<eend\nserial 0\ndisplay boot.txt\ndefault asa\nlabel asa\nkernel \/asa842_vmlinuz\nappend initrd=\/asa842_initrd.gz ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0 bigphysarea=65536\nEEND\ncat >isolinux\/boot.txt <<eend\nasa - ASA 8.4(2) (DEFAULT)\nEEND\n$MKISOFS -o $CWD\/asa.iso -l\n-b isolinux\/isolinux.bin -c isolinux\/boot.cat\n-no-emul-boot -boot-load-size 4 -boot-info-table\n.\/\npopd\nrm -rf $TMP_DIR\nfi\n;;\n*) # Default case\necho \"Version <$BASE_NAME> is not supported!\"<br \/>\nexit 1;<br \/>\n;;<br \/>\nesac<br \/>\n<\/code><br \/>\nal script, le damos permisos de ejecuci\u00f3n :<br \/>\n<code><br \/>\n[root@localhost home]# chmod +x repack.v4.sh<br \/>\n<\/code><br \/>\ny ahora lo ejecutamos&#8230;..<br \/>\n<code><br \/>\n[root@localhost home]# .\/repack.v4.sh .\/asa842-k8.iso<br \/>\nRepack script version: 4<br \/>\nDetected syslinux\/cdrtools - ISO will be created<br \/>\nVersion <asa842-k8.iso> is not supported!<br \/>\n[root@localhost home]# .\/repack.v4.sh .\/asa842-k8.iso<br \/>\nRepack script version: 4<br \/>\nUSAGE: repack.sh \/path\/to\/asa\/image<br \/>\n[root@localhost home]# .\/repack.v4.sh .\/asa842-k8.bin<br \/>\nRepack script version: 4<br \/>\nDetected syslinux\/cdrtools - ISO will be created<br \/>\n1359344+0 registros le\u00ed\u00addos<br \/>\n1359344+0 registros escritos<br \/>\n1359344 bytes (1,4 MB) copiados, 9,43295 s, 144 kB\/s<br \/>\n23697936+0 registros le\u00ed\u00addos<br \/>\n23697936+0 registros escritos<br \/>\n23697936 bytes (24 MB) copiados, 165,249 s, 143 kB\/s<br \/>\n\/tmp\/tmp.mHaYlsi8ln \/home<br \/>\ngzip: \/home\/asa842-initrd-original.gz: decompression OK, trailing garbage ignored<br \/>\n114476 blocks<br \/>\n114476 blocks<br \/>\n114476 blocks<br \/>\n\/home<br \/>\n\/tmp\/tmp.bkRPw31Byc \/home<br \/>\nI: -input-charset not specified, using utf-8 (detected in locale settings)<br \/>\nSize of boot image is 4 sectors -> No emulation<br \/>\n 21.05% done, estimate finish Fri May 23 22:18:54 2014<br \/>\n 42.01% done, estimate finish Fri May 23 22:18:54 2014<br \/>\n 63.01% done, estimate finish Fri May 23 22:18:54 2014<br \/>\n 83.97% done, estimate finish Fri May 23 22:18:54 2014<br \/>\nTotal translation table size: 2048<br \/>\nTotal rockridge attributes bytes: 0<br \/>\nTotal directory bytes: 2048<br \/>\nPath table size(bytes): 26<br \/>\nMax brk space used 0<br \/>\n23823 extents written (46 MB)<br \/>\n\/home<br \/>\n<\/code><br \/>\nY ahora, al ver el directorio&#8230;<br \/>\n<code><br \/>\n[root@localhost home]# ls -l<br \/>\ntotal 119496<br \/>\n-rw-r--r--.  1 root  root  23518187 may 23 22:18 asa842-initrd.gz<br \/>\n-rw-r--r--.  1 root  root  23517694 may 23 22:18 asa842-initrd-original.gz<br \/>\n-rw-r--r--.  1 root  root  25159680 may 23 22:12 asa842-k8.bin<br \/>\n-rw-r--r--.  1 root  root   1359344 may 23 22:15 asa842-vmlinuz<br \/>\n-rw-r--r--.  1 root  root  48789504 may 23 22:18 asa.iso<br \/>\n-rwxr-xr-x.  1 root  root      4301 may 23 22:11 repack.v4.sh<br \/>\n[root@localhost home]#<br \/>\n<\/code><br \/>\nTenemos el fichero asa.iso, que lo copiaremos a nuestro vmware.<br \/>\nCreamos una m\u00e1quina virtual con los siguientes requisitos:<br \/>\n1) Disco ide de 256 Mb (no necesitamos m\u00e1s)<br \/>\n2) Tarjetas de red <strong>\u00abe1000\u00bb<\/strong><br \/>\n3) 1 sola cpu <strong><br \/>\nY nos queda tal que:<br \/>\n<a href=\"https:\/\/diablo.craem.net\/wp-content\/uploads\/2014\/05\/vmware1.png\"><br \/>\n<img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/diablo.craem.net\/wp-content\/uploads\/2014\/05\/vmware1.png\" alt=\"vmware1\" width=\"637\" height=\"608\" class=\"aligncenter size-full wp-image-1033\" \/><\/a><br \/>\nY ahora, para hacerlo m\u00e1s realista, asignar\u00e9 el puerto serie a la m\u00e1quina f\u00ed\u00adsica:<br \/>\n<a href=\"https:\/\/diablo.craem.net\/wp-content\/uploads\/2014\/05\/vmware2.png\"><img decoding=\"async\" src=\"https:\/\/diablo.craem.net\/wp-content\/uploads\/2014\/05\/vmware2.png\" alt=\"vmware2\" width=\"696\" height=\"616\" class=\"aligncenter size-full wp-image-1035\" \/><\/a><br \/>\nAhora, arrancamos la m\u00e1quina y conectamos el puerto serie &#8230;. \ud83d\ude42<br \/>\n<code><br \/>\nasaTest# sh ver<br \/>\nCisco Adaptive Security Appliance Software Version 8.4(2)<br \/>\nDevice Manager Version 7.2(1)<br \/>\nCompiled on Wed 15-Jun-11 18:17 by builders<br \/>\nSystem image file is \"Unknown, monitor mode tftp booted image\"<br \/>\nConfig file at boot was \"startup-config\"<br \/>\nasaCraem up 1 day 9 hours<br \/>\nHardware:   ASA 5520, 1024 MB RAM, CPU Pentium II 3000 MHz<br \/>\nInternal ATA Compact Flash, 256MB<br \/>\nBIOS Flash unknown @ 0x0, 0KB<br \/>\n 0: Ext: GigabitEthernet0    : address is 000c.29a2.705e, irq 0<br \/>\n 1: Ext: GigabitEthernet1    : address is 000c.29a2.7068, irq 0<br \/>\n 2: Ext: GigabitEthernet2    : address is 000c.29a2.7072, irq 0<br \/>\n 3: Ext: GigabitEthernet3    : address is 000c.29a2.707c, irq 0<br \/>\n 4: Ext: GigabitEthernet4    : address is 000c.29a2.7086, irq 0<br \/>\nLicensed features for this platform:<br \/>\nMaximum Physical Interfaces       : Unlimited      perpetual<br \/>\nMaximum VLANs                     : 100            perpetual<br \/>\nInside Hosts                      : Unlimited      perpetual<br \/>\nFailover                          : Disabled       perpetual<br \/>\nVPN-DES                           : Disabled       perpetual<br \/>\nVPN-3DES-AES                      : Disabled       perpetual<br \/>\nSecurity Contexts                 : 0              perpetual<br \/>\nGTP\/GPRS                          : Disabled       perpetual<br \/>\nAnyConnect Premium Peers          : 5000           perpetual<br \/>\nAnyConnect Essentials             : Disabled       perpetual<br \/>\nOther VPN Peers                   : 5000           perpetual<br \/>\nTotal VPN Peers                   : 0              perpetual<br \/>\nShared License                    : Disabled       perpetual<br \/>\nAnyConnect for Mobile             : Disabled       perpetual<br \/>\nAnyConnect for Cisco VPN Phone    : Disabled       perpetual<br \/>\nAdvanced Endpoint Assessment      : Disabled       perpetual<br \/>\nUC Phone Proxy Sessions           : 2              perpetual<br \/>\nTotal UC Proxy Sessions           : 2              perpetual<br \/>\nBotnet Traffic Filter             : Disabled       perpetual<br \/>\nIntercompany Media Engine         : Disabled       perpetual<br \/>\nThis platform has an ASA 5520 VPN Plus license.<br \/>\nSerial Number: 123456789AB<br \/>\nRunning Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000<br \/>\nConfiguration register is 0x0<br \/>\nConfiguration has not been modified since last system restart.<br \/>\n<\/code><br \/>\nenjoy your virtual asa<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Esta vez toca ampliar el laboratorio de pr\u00e1cticas de networking&#8230; ya tengo varios routers virtuales mikrotik, pero nunca hab\u00ed\u00ada podido hacer un cisco asa. Hay que decir, que no es legal, no est\u00e1 soportado por cisco y que cada uno que haga lo que quiera&#8230;. Yo lo he usado para practicar el cambio que ha [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,5],"tags":[],"class_list":["post-1028","post","type-post","status-publish","format-standard","hentry","category-cisco","category-linux"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1028"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1028\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}