A) What you need:
Minimum requirements are:
- Dynagen
- Dynamips
- Pemu Binaries
- A Linux host (either real host or inside vmware) to run pemu. Real host recommended for reasons of performance.
- The Linux could be any distro as long as tap interfaces are supported. I tested the lab on OpenSUSE 10.2. Python and pcap are also required for Dynagen and Dynamips.

B) Lab Layout:
The lab consists of five PIX firewalls, six Cisco routers and 2 switches. (Cisco 2660+NM-16ESW)
The lab diagram is attached. The first one is the physical layout and the second one is the logical layout I use. Since the routers are connected to the switches (not directly to the PIXes) you have flexibility in your lab; for example you could have four zones with 1 router in each zone (logical diagram) or have two zones and each zone with two routers.

C) Running Pemu:
I have placed all the Pemu files in /pemu and run the PIX instances as follows:
Quote:

cd /pemu
# Running PIX 1
sudo ./pemu -no-kqemu \
-net nic,vlan=10,macaddr=00:a0:00:01:00:aa -net tap,vlan=10,script=ifup,ifname=tap10 \
-net nic,vlan=11,macaddr=00:a0:00:01:01:aa -net tap,vlan=11,script=ifup,ifname=tap11 \
-net nic,vlan=12,macaddr=00:a0:00:01:02:aa -net tap,vlan=12,script=ifup,ifname=tap12 \
-net nic,vlan=13,macaddr=00:a0:00:01:03:aa -net tap,vlan=13,script=ifup,ifname=tap13 \
-net nic,vlan=14,macaddr=00:a0:00:01:04:aa -net tap,vlan=14,script=ifup,ifname=tap14 -serial telnet::2051,server,nowait -m 128 FLASH.1

Quote:

cd /pemu
# Running PIX 2
sudo ./pemu -no-kqemu \
-net nic,vlan=20,macaddr=00:a0:00:02:00:aa -net tap,vlan=20,script=ifup,ifname=tap20 \
-net nic,vlan=21,macaddr=00:a0:00:02:01:aa -net tap,vlan=21,script=ifup,ifname=tap21 \
-net nic,vlan=22,macaddr=00:a0:00:02:02:aa -net tap,vlan=22,script=ifup,ifname=tap22 \
-net nic,vlan=23,macaddr=00:a0:00:02:03:aa -net tap,vlan=23,script=ifup,ifname=tap23 \
-net nic,vlan=24,macaddr=00:a0:00:02:04:aa -net tap,vlan=24,script=ifup,ifname=tap24 -serial telnet::2052,server,nowait -m 128 FLASH.2

Since I wanted PIX-3 to be a layer 2 firewall, two interfaces would be anough:
Quote:

cd /pemu
# Running PIX 3
sudo ./pemu -no-kqemu \
-net nic,vlan=30,macaddr=00:a0:00:03:00:aa -net tap,vlan=30,script=ifup,ifname=tap30 \
-net nic,vlan=31,macaddr=00:a0:00:03:01:aa -net tap,vlan=31,script=ifup,ifname=tap31 -serial telnet::2053,server,nowait -m 128 FLASH.3

Quote:

cd /pemu
# Running PIX 4
sudo ./pemu -no-kqemu \
-net nic,vlan=40,macaddr=00:a0:00:04:00:aa -net tap,vlan=40,script=ifup,ifname=tap40 \
-net nic,vlan=41,macaddr=00:a0:00:04:01:aa -net tap,vlan=41,script=ifup,ifname=tap41 \
-net nic,vlan=42,macaddr=00:a0:00:04:02:aa -net tap,vlan=42,script=ifup,ifname=tap42 \
-net nic,vlan=43,macaddr=00:a0:00:04:03:aa -net tap,vlan=43,script=ifup,ifname=tap43 -serial telnet::2054,server,nowait -m 128 FLASH.4

Quote:

cd /pemu
# Running PIX 5
sudo ./pemu -no-kqemu \
-net nic,vlan=50,macaddr=00:a0:00:05:00:aa -net tap,vlan=50,script=ifup,ifname=tap50 \
-net nic,vlan=51,macaddr=00:a0:00:05:01:aa -net tap,vlan=51,script=ifup,ifname=tap51 \
-net nic,vlan=52,macaddr=00:a0:00:05:02:aa -net tap,vlan=52,script=ifup,ifname=tap52 \
-net nic,vlan=53,macaddr=00:a0:00:05:03:aa -net tap,vlan=53,script=ifup,ifname=tap53 -serial telnet::2055,server,nowait -m 128 FLASH.5

The tap interfaces have been numbered as tapXY where X is the PIX number (1-5) and Y is the interface number on the PIX. Ethernet 3 (Y=3) on PIX-2 (X=2) would be tap23.
Note that each instance of pemu, has a seprate FLASH file (FLASH.X) and unique MAC addresses” onclick=”tagshow(event)” class=”t_tag”>addresses have been used for the interfaces.

There is no need to initialize the Ethernet1 interface before Ethernet0 in pemu (like what was required in pixemu).

-serial telnet::2051,server,nowait redirects the PIX console to a telnet server on TCP port 2051. Besides that it looks what you have seen with Dynamips/Dynagen, when connecting to the console via telnet, Ctrl+Z and Ctrl+C won’t stop the pixemu process. (although I prefer the telnet server since it allows me to remotely connect to the PIX console, this is the ONLY way I could prevent pixemu to stop when pressing Ctrl+Z)

The console port on each PIX in the lab is setup on telnet server on TCP port 205X:
Code:
telnet localhost 2051

As you could see, the script for all the tap interfaces is ifup (changed in pemu). This script looks for ifup.ini. You could assign ANY IP address to your tap interfaces since I don’t use the tap IPs in my lab. My ifup.ini looks like this:
Code:

tap10 10.1.0.100 255.255.255.0
tap11 10.1.1.100 255.255.255.0
tap12 10.1.2.100 255.255.255.0
tap13 10.1.3.100 255.255.255.0
tap14 10.1.4.100 255.255.255.0
tap20 10.2.0.100 255.255.255.0
tap21 10.2.1.100 255.255.255.0
tap22 10.2.2.100 255.255.255.0
tap23 10.2.3.100 255.255.255.0
tap24 10.2.4.100 255.255.255.0
tap30 10.3.0.100 255.255.255.0
tap31 10.3.1.100 255.255.255.0
tap40 10.4.0.100 255.255.255.0
tap41 10.4.1.100 255.255.255.0
tap42 10.4.2.100 255.255.255.0
tap43 10.4.3.100 255.255.255.0
tap50 10.5.0.100 255.255.255.0
tap51 10.5.1.100 255.255.255.0
tap52 10.5.2.100 255.255.255.0
tap53 10.5.3.100 255.255.255.0

D) Creating the Dynagen Network Configuration File:
My Dynagen configuration file comes bellow:
Quote:

autostart = false
# ***********************************************************************************************************************
#********************************************* Global Options for Instance 1 *****************************************
# ***********************************************************************************************************************
[localhost:7200]
debug = 0
#
ghostios = true
ghostsize = 128
idlemax = 1500
idlesleep = 30
model = 3660 # The default router model for all routers in this lab
console = 2000
#
workingdir = /windows/d/My Labs/pix-lab2
#
udp = 10000
#
# ***********************************************************************************************************************
# *************** This section specifies defaults for all routers on this Dynamips server. *****************
# ***********************************************************************************************************************
[[3660]]
image = /windows/d/My Labs/IOS/unzipped/c3660-jk9o3s-mz.123-21.extracted.bin
ram = 96 # Amount of Virtual RAM to allocate to each router instance.
rom = 4 # Size of ROM
nvram = 256 # Size of NVRAM
disk0 = 0 # Set size of PCMCIA ATA disk0
# disk1 = 64 # Set size of PCMCIA ATA disk1
cnfg = None
confreg = 0×2102
mmap = false # Set to false to use real memory rather than a disk file for router vitural memory. Conserves RAM at the expense of performance. Defaults to True

[[7200]]
image = /windows/d/My Labs/IOS/unzipped/c7200-jk9o3s-mz.123-22.extracted.bin
ram = 128 # Amount of Virtual RAM to allocate to each router instance.
rom = 4 # Size of ROM
nvram = 256 # Size of NVRAM
npe = npe-400
disk0 = 0 # Set size of PCMCIA ATA disk0
# disk1 = 64 # Set size of PCMCIA ATA disk1
cnfg = None
confreg = 0×2102 # Set the configuration register
mmap = false # Set to false to use real memory rather than a disk file for router vitural memory. Conserves RAM at the expense of performance. Defaults to True

# ***********************************************************************************************************************
# *************** Router Specific Configurations *****************
# ***********************************************************************************************************************
[[ROUTER R0]]
model = 3660
console = 2000
slot1 = NM-4T
F0/1 = NIO_linux_eth:eth1 # This is where your host (PC) connects to the lab.

[[ROUTER R1]]
model = 3660
console = 2001
slot1 = NM-4T
F0/1 = NIO_linux_eth:tap31

[[ROUTER R2]]
model = 3660
console = 2002
slot1 = NM-4T

[[ROUTER R3]]
model = 3660
console = 2003
slot1 = NM-4T

[[ROUTER R4]]
model = 3660
console = 2004
slot1 = NM-4T
F0/1 = NIO_linux_eth:tap30

[[ROUTER R5]]
model = 3660
console = 2005
slot1 = NM-4T

#*************************************************
#********** Ethernet Switches **********
#*************************************************

[[ROUTER SW1]]
model = 3660
console = 2011
mmap = true
slot1 = NM-16ESW

F1/0 = R0 F0/0
F1/1 = R1 F0/0
F1/2 = R2 F0/0
F1/3 = R3 F0/0

#***** PIX2 Interfaces *****
F1/5 = NIO_linux_eth:tap20
F1/6 = NIO_linux_eth:tap21
F1/7 = NIO_linux_eth:tap22
F1/8 = NIO_linux_eth:tap23
F1/9 = NIO_linux_eth:tap24

#***** PIX1 Interfaces *****
F1/10 = NIO_linux_eth:tap10
F1/11 = NIO_linux_eth:tap11
F1/12 = NIO_linux_eth:tap12
F1/13 = NIO_linux_eth:tap13
F1/14 = NIO_linux_eth:tap14

#
#
#
[[ROUTER SW2]]
model = 3660
console = 2012
mmap = true
slot1 = NM-16ESW

F1/4 = R4 F0/0
F1/5 = R5 F0/0

#***** PIX4 Interfaces *****
F1/0 = NIO_linux_eth:tap40
F1/1 = NIO_linux_eth:tap41
F1/2 = NIO_linux_eth:tap42
F1/3 = NIO_linux_eth:tap43

#***** PIX5 Interfaces *****
F1/10 = NIO_linux_eth:tap50
F1/11 = NIO_linux_eth:tap51
F1/12 = NIO_linux_eth:tap52
F1/13 = NIO_linux_eth:tap53
#
#
#

Note that FastEthernet0/1 on R0 (PC A in the Diagram) is connected to eth1 (my Ethernet interface). This is to connect your PC(Host) to the lab. Since I am using two 3660 Router with NM-16ESW as switches, there is no need for the bridge program. No troubles with libpcap0.8 anymore !
You could edit the config the connect the eth1 to some other place in your lab like PC B.

E) Run your Lab!
Assuming that pemu is still running, you have to run your lab:
Code:

sudo dynamips -H 7200
dynagen pix-lab2.net

NOTE:
Since dynagen uses the tap interfaces in the config, they have to exist before you reference them, meaning that you have to run pemu before running dynagen!. Also if you don’t want to run the entire lab, for example if you don’t want the Failover PIXes (PIX2 and PIX 4), you have to comment out the corresponding conigurations form the dynagen network file.

F) FAQ:
Q. I Want to use Windows as my Host PC, can i run pemu in Windows? (logic seems OK, and I have partially tested it, but need feedback)
A. No. So far a stable version of Win32 pemu doesn’t exist. But you could run Linux in VMware and run Pemu in the Linux and connect VMware to your rest of your lab running on Windows with Cygwin. You have to setup VMWARE to bridge the guest traffic to the real network and then, in dynagen, connect your real interface to a device (Router). Your Pemu instance would communicate with the rest of your lab like this:

Pemu <---|tap Interface|---> Linux Eth0 <---|VMware Bridged|---> Real Interface <------> Router Interface on Dynagen

For example, if you want to connect a Router in windows to your pemu in Linux(run in VMware), your configuration would be something like bellow:
Dynagen Configuration:
Code:

[[ROUTER R4]]
model = 7200
console = 2004
slot1 = PA-4T
s1/0 = F1 4
slot3 = PA-4E
E3/3 = NIO_gen_eth:\Device\NPF_{75DC075D-7777-4A4A-8888-C937F22BDCC3}

Running Pemu:
Code:

./pemu -no-kqemu \
-net nic,vlan=1,macaddr=00:a0:00:04:00:aa -net tap,vlan=1,script=ifup \
-net nic,vlan=2,macaddr=00:a0:00:04:01:aa -net tap,vlan=2,script=ifup \
-net nic,vlan=3,macaddr=00:a0:00:04:02:aa -net tap,vlan=3,script=ifup \
-net nic,vlan=4,macaddr=00:a0:00:04:03:aa -net tap,vlan=4,script=ifup -serial telnet::2054,server,nowait -m 128 FLASH

Ifup file:
Quote:

tap0 10.0.0.1 255.255.255.0
tap1 10.1.0.1 255.255.255.0
tap2 10.2.0.1 255.255.255.0
tap3 bridge eth0

Note that in Linux, you have to bridge, either with bridge (included in pemu) or bridge-utils, between the Eth0 and tap interface (like what you would do in a Linux host when you want to communicate between the host and the PIX), so you have to do double bridging to make this work!