Running the Cisco VPN client 4.8 on MK3

Uncategorized June 25th, 2008

What is MK3?  Refer back to my posting, ASA Emulator with Qemu.

Now that you are caught up, you may be thinking that MK3 is just a Windows variant and Cisco’s vpnclient should work.  Well, it didn’t at first (and neither did version 5.0.03.0530).  The 4.8 version installed about 99.9% away before telling me it failed.  What’s nice about the 4.8 version is it doesn’t rollback and remove the files it installed on the system.  The .01% that was unable finish had to do with starting the ‘Cisco Systems, Inc VPN Service’.  Even if you are asked to reboot your system, the system won’t be started and will give you an error 1053.

After googling around, I found that verion 4.8.02.0010 requires MSVCIRT.DLL in your c:\windows\system32 directory.  Once that was present, I was able to start the service and start using the client to connect into my networks.

(In case you are wondering, after you’ve successfully installed version 4.8 and try to upgrade to version 5.0, it will fail).

Congrats to Keith Tokash

ccie-rs June 25th, 2008

Keith passed his R&S lab last Thursday, June 19th. I’m not certain whether or not the torch will be passed on to another candidate or if Keith will pursue another track. At any rate, send him your congrats.

Scott Morris at InternetworkExpert

Uncategorized June 25th, 2008

When I first read the CCIE Party Recap posting by Brian McGahan at 2:53AM, I could already sense where the announcement was going. Much later in the day, I saw the breaking news from CCIEPursuit’s site which was posted at 1:29PM. It was now official that Scott was joining IE.

While many other sites are now referring to Brian McGahan, Brian Dennis, and Scott Morris as ‘The Big 3′, let us not forget about Petr Lupukov who is also a Quad CCIE. Petr may not have the fan fare like Scott does but he writes some pretty good postings up on the blog.

My hat goes off to the IE team for scoring this one, but I do have a minor concern about this merger. When I was studying for the R&S lab, I needed to complement my studying efforts and opted to purchase alternative workbooks. I chose to do so with IPExpert. Having another set of material gave me a different perspective and helped boost up my confidence in certain areas. With Scott leaving, the formatting of the IPExpert material will most likely change and possibly evolve into something else.

This could probably be a good thing for other companies out there trying to sell there workbooks. They now have a chance to boost up the content within their books. But if you have to think about it, where do we turn to for more material? For the R&S track, that’s really not an issue since you have many other companies to choose from:

Micronics Training

Netmetric Solutions

Netmaster Class

IE Mentor

CCBootcamp

I guess I’m just more concerned about the other tracks now that I have Security and Service Provider to worry about. Aside from IE, I’ve always looked to IPExpert for their strengths in the other tracks. There just seemed to be a balance to have an option. Based on what I’ve researched from various readings and forums, Micronics Training and Netmaster Class only focus on the R&S track, IE Mentor covers the SP track very well, and Netmetric Solutions is concentrated on the Security track. That leaves me with CCBootcamp whose material I haven’t really seen and may now need to invest some time with them. I can only wonder if after purchasing a $300 workbook from them if I’ll be satisfied.

Anyways, we’ll just have to wait and see.

ASA Emulator with Qemu

ccie-sec June 16th, 2008

Now that most of my TV shows are done for the season, I can finally get back into studying mode and really start focusing on my next form of torture. For the past few weeks and months I’ve just been maintaining a base knowledge of the Service Provider material, particularly MPLS, but never really embracing or absorbing the knowledge. When you aren’t really pressured to achieve a goal, your sense of urgency is much more relaxed and almost non-existent.

A little more than a year ago, I wrote about the ‘PIX Emulator with Qemu‘ posting. Since then I’ve only touched the emulator once on my machine, but have found through reading various forums that it has evolved and now supports ASA. The only way for me to really tell was to try and build another emulated instance for myself.

For my 1st attempt, I installed a vmware session running CentOS Server v4.6 to use as my base install, but as soon as I tried to run Qemu, I ending up hosing the instance because Qemu wants to run its’ own version of vmlinuz. I read that I could use a mounted USB drive to separate the vmlinuz files, but I wanted to keep the hardware aspect of the installation down to a minimum and just use a single folder on my drive. For my 2nd attempt, I ran a clean install of Windows XP and Qemu worked fine. The only issue I had with running this XP instance was it felt bloated. For my 3rd attempt, I ran Qemu in a Windows 2003 Web Edition version which seemed a tad bit faster than XP. In a linux world, if I had a vmware session running in runlevel3, memory usage would be fine-tuned and performance wouldn’t even be an issue. I was determined I could find a faster Windows solution.

Digging around a bit, I found 2 modified versions of Windows, TinyXP and Micro2003 (MK3), created by eXPerience. You really have to search for each one, but when you find the ISOs off bittorrent you will be very pleased with the results. For my 4th attempt I chose to use MK3 since the ISO was only 100MB. This version of Windows is completely stripped down of unnecessary dll files and services and boots up in less than 5 minutes. Someone at MS should take notes because this is how their OS should operate.

To start, I created a vmware session as depicted below.

You’ll notice that I installed a USB Controller with this vmware session. The file list below can be downloaded in advance to save some time and just copied from a USB drive. It’s up to you.

Once your MK3 installation is loaded, proceed to Google and download the files within the session:

WinPcap_4_0_2.exe –> WinPcap libraries are necessary for Dynamips and Dynagen.
dynagen-0.11.0_win_setup.exe –> If you plan on tying routers and switches to your ASA, you’ll need this.
npptools.zip –> This file is necessary for running ‘dynamips -e’ later to determine your interfaces. Once you find it, copy it to your C:\Windows\System folder.
Firefox Setup 2.0.0.14.exe –> Opera comes installed in MK3 but will become problematic once npptools.dll is added to your Windows directory.
3cdv2r10.zip –> 3CDAEMON application or any other TFTP program you would like to use.
wrar371.exe –> You’ll need this to extract the asa.zip file.
asa.zip –> You need to register a userid at the Hacki forum. Go to the ‘HOWTOs‘ forum and look for ThumperCisco’s article “How to Run Cisco ASA on Windows” where you’ll find the asa.zip or qemu.zip files.
putty.exe –> MK3 doesn’t come with telnet.exe so you’ll need one.

To speed up the vmware interfaces, edit your .vmx file and add:

ethernet0.virtualDev = “e1000″
ethernet1.virtualDev = “e1000″

To continue, you should watch the video ‘Emulating 2 ASAs with Active/Active key on Windows XP‘ created by Anderson Alves. If you don’t feel like watching the video, here’s a brief summary of the steps that I remembered:

1. Created 3 MS loopback adapters and renamed them to Lo1, Lo2, and Lo3 respectively
2. Extracted asa.zip to a folder
3. Ran ‘dynamips -e’ to figure out the NPF values my loopback adapters
4. Edited the ASA-nolina_WIN.bat file:

@echo off
ECHO Telnet to 127.0.0.1 on port 1234 to access ASA Console
ECHO ——————————————————
ECHO * * * * * * * *DO NOT CLOSE THIS WINDOW* * * * * * * *
qemupcap -L . -hda FLASH1 -hdachs 980,16,32 -kernel vmlinuz -initrd asa-nolina.gz -m 256 –no-kqemu -append “auto nousb ide1=noprobe bigphysarea=16384 console=ttyS0,9600n8 hda=980,16,32″ -net nic,vlan=0,model=pcnet,macaddr=00:aa:00:00:01:01 -net pcap,vlan=0,ifname=\Device\NPF_{73E6A630-EF98-4CBB-8C30-A60FA09DF59F} -net nic,vlan=1,model=pcnet,macaddr=00:aa:00:00:01:02 -net pcap,vlan=1,ifname=\Device\NPF_{8588A37C-458A-4E0F-84B9-92900F7D46AA} -net nic,vlan=2,model=pcnet,macaddr=00:aa:00:00:01:03 -net pcap,vlan=2,ifname=\Device\NPF_{837D83B9-3C96-4E21-A860-50FBA9134EDD} -net nic,vlan=3,model=pcnet,macaddr=00:aa:00:00:01:04 -net pcap,vlan=3,ifname=\Device\NPF_{6BAB0ACC-7806-4F33-8877-9C5804931194} -serial telnet::1234,server,nowait

5. Ran ASA-nolina_WIN.bat

6. Telnetted to 127.0.0.1 port 1234 in putty

7. Putty will appear blank, hit <Enter> to go to the #-prompt

8. Turn up your interfaces:

# ifconfig eth0 up
# ifconfig eth1 up
# ifconfig eth2 up

9. Change to where the files are:

# cd /mnt/disk0

10. Run your emulated ASA:

# ./lina_monitor

If you want to downgrade or upgrade your ASA, you need to create your own FLASH1 file. Just Google around and find the procedure.

blank