Quick Start Guide
Page 1
Quick Start Guide Cisco PIX 515E Firewall 1 Check Items Included 2 Install the PIX 515E 3 Configure the PIX 515E 4 Example Configurations 5 Optional Maintenance and Upgrade Procedures
Quick Start Guide Cisco PIX 515E Firewall 1 Check Items Included 2 Install the PIX 515E 3 Configure the PIX 515E 4 Example Configurations 5 Optional Maintenance and Upgrade Procedures
Quick Start Guide
Page 2
... 433-MHz Intel Celeron processor • 32-MB RAM with the restricted (R) license; 64-MB RAM with the ability to handle over 130,000 simultaneous sessions. 99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E delivers enterprise-class security for power, failover, and network status •... Up to 188-Mbps firewall throughput • Supports 56-bit DES, 168-bit 3DES, and 128...
... 433-MHz Intel Celeron processor • 32-MB RAM with the restricted (R) license; 64-MB RAM with the ability to handle over 130,000 simultaneous sessions. 99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E delivers enterprise-class security for power, failover, and network status •... Up to 188-Mbps firewall throughput • Supports 56-bit DES, 168-bit 3DES, and 128...
Quick Start Guide
Page 4
... hardware installation procedures, refer to the rear of the PIX 515E and a power outlet. Note The chassis is located at the rear of the chassis. Connect the power cable to the Cisco PIX Firewall Hardware Installation Guide. 4 Use the other yellow Ethernet ... or hub. 2 Install the PIX 515E DMZ server Switch DMZ PIX 515E Switch Inside Outside Laptop computer Printer Personal computer Follow these steps to the Cisco PIX Firewall Hardware Installation Guide. For rack-mounting and failover instructions, refer to install the PIX 515E: Router Internet Power cable 97998 Step...
... hardware installation procedures, refer to the rear of the PIX 515E and a power outlet. Note The chassis is located at the rear of the chassis. Connect the power cable to the Cisco PIX Firewall Hardware Installation Guide. 4 Use the other yellow Ethernet ... or hub. 2 Install the PIX 515E DMZ server Switch DMZ PIX 515E Switch Inside Outside Laptop computer Printer Personal computer Follow these steps to the Cisco PIX Firewall Hardware Installation Guide. For rack-mounting and failover instructions, refer to install the PIX 515E: Router Internet Power cable 97998 Step...
Quick Start Guide
Page 5
... network security policy, you should also consider configuring the PIX 515E to deny all inbound traffic through the PIX Firewall from unsolicited traffic. Refer to the Cisco PIX Device Manager Installation Guide for configuring the PIX 515E. With just a few steps, the PDM Startup Wizard enables you to the Cisco PIX Firewall Command Reference. When connectivity occurs, the LINK LED on...
... network security policy, you should also consider configuring the PIX 515E to deny all inbound traffic through the PIX Firewall from unsolicited traffic. Refer to the Cisco PIX Device Manager Installation Guide for configuring the PIX 515E. With just a few steps, the PDM Startup Wizard enables you to the Cisco PIX Firewall Command Reference. When connectivity occurs, the LINK LED on...
Quick Start Guide
Page 14
The configurations should now indicate the interface PAT keywords. k. Click the Proceed button. The procedure remains the same, except the interface on which the translation is required is now the outside interfaces. Click the OK button. l. Check the displayed configuration for accuracy. Repeat the steps to configure the PIX Firewall. j. Click the Apply button to configure interface PAT between the inside and outside interface and the Dynamic address pool should display as shown below: 14
The configurations should now indicate the interface PAT keywords. k. Click the Proceed button. The procedure remains the same, except the interface on which the translation is required is now the outside interfaces. Click the OK button. l. Check the displayed configuration for accuracy. Repeat the steps to configure the PIX Firewall. j. Click the Apply button to configure interface PAT between the inside and outside interface and the Dynamic address pool should display as shown below: 14
Quick Start Guide
Page 15
... hosts on the Internet. e. Complete the following steps to map the DMZ IP address (30.30.30.30) statically to access it unaware of the firewall. d. h. Right click in the gray area under the Translation Rules tab. Select dmz from the Mask drop-down menu of connections per static entry and...
... hosts on the Internet. e. Complete the following steps to map the DMZ IP address (30.30.30.30) statically to access it unaware of the firewall. d. h. Right click in the gray area under the Translation Rules tab. Select dmz from the Mask drop-down menu of connections per static entry and...
Quick Start Guide
Page 18
Under Source Host/Network, click the IP Address radio button. Select outside from the drop-down menu. 18 The Edit Rule window opens up, allowing you to select the ACL rules to allow traffic through the firewall. c. b. a. Under Action, select permit from the Interface drop-down menu to permit/deny traffic.
Under Source Host/Network, click the IP Address radio button. Select outside from the drop-down menu. 18 The Edit Rule window opens up, allowing you to select the ACL rules to allow traffic through the firewall. c. b. a. Under Action, select permit from the Interface drop-down menu to permit/deny traffic.
Quick Start Guide
Page 21
The illustration below shows an example VPN tunnel between two PIX 515E, and will be referenced in five simple steps. b. In the main PDM page, select the VPN Wizard option from the drop-down menu. At the ..., do the following steps. This opens the VPN Wizard page. Note The Site to Site VPN option connects two IPSec security gateways, which can include PIX Firewalls, VPN concentrators, or other devices that can quickly guide you through the process of configuring a site-to-site VPN in the following : a. Select the Site...
The illustration below shows an example VPN tunnel between two PIX 515E, and will be referenced in five simple steps. b. In the main PDM page, select the VPN Wizard option from the drop-down menu. At the ..., do the following steps. This opens the VPN Wizard page. Note The Site to Site VPN option connects two IPSec security gateways, which can include PIX Firewalls, VPN concentrators, or other devices that can quickly guide you through the process of configuring a site-to-site VPN in the following : a. Select the Site...
Quick Start Guide
Page 27
a. For PIX 1, the remote network is Network B (20.20.20.0) so traffic encrypted from the remote PIX Firewall. Click the Finish button to complete the configuration. 27 2. In the second window, select VPN traffic for PIX 2 and vice versa. The remote network for PIX 1 is permitted through the tunnel. Note When configuring PIX 2, ensure that the values are correctly entered. b. Select traffic permitted from this tunnel is the local network for remote network configuration.
a. For PIX 1, the remote network is Network B (20.20.20.0) so traffic encrypted from the remote PIX Firewall. Click the Finish button to complete the configuration. 27 2. In the second window, select VPN traffic for PIX 2 and vice versa. The remote network for PIX 1 is permitted through the tunnel. Note When configuring PIX 2, ensure that the values are correctly entered. b. Select traffic permitted from this tunnel is the local network for remote network configuration.
Quick Start Guide
Page 28
...site-to firewall box. Mismatches are a common cause of the options that all values are entered correctly. Step 5 View and Enable VPN Commands If you enabled preview commands, you selected for each of VPN configuration failures. 28 Click the Send button to enable PIX 1 for PIX 1. ...Select Preferences and check the Preview commands before sending to -site VPN communication with PIX 2. Check the configuration to ensure that you will see this page: To enable preview commands...
...site-to firewall box. Mismatches are a common cause of the options that all values are entered correctly. Step 5 View and Enable VPN Commands If you enabled preview commands, you selected for each of VPN configuration failures. 28 Click the Send button to enable PIX 1 for PIX 1. ...Select Preferences and check the Preview commands before sending to -site VPN communication with PIX 2. Check the configuration to ensure that you will see this page: To enable preview commands...
Quick Start Guide
Page 29
...the Cisco PIX Firewall and VPN Configuration Guide. 29 If you are a registered user of Cisco.com and would like to obtain a DES or 3DES/AES encryption license, go to the following website: http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl If you are available for the PIX 515E, ...for your name, e-mail address, and the serial number for free at Cisco.com. Establishing Site-to-Site VPNs with other Cisco Products For information on configuring VPN between a PIX 515E and other products such as a Cisco router that provide encryption technology, such as it appears in the show ...
...the Cisco PIX Firewall and VPN Configuration Guide. 29 If you are a registered user of Cisco.com and would like to obtain a DES or 3DES/AES encryption license, go to the following website: http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl If you are available for the PIX 515E, ...for your name, e-mail address, and the serial number for free at Cisco.com. Establishing Site-to-Site VPNs with other Cisco Products For information on configuring VPN between a PIX 515E and other products such as a Cisco router that provide encryption technology, such as it appears in the show ...
Quick Start Guide
Page 30
... can use the activation key: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Description show version Shows the PIX Firewall software version, hardware configuration, license key, and related uptime data. Restore the Default Configuration To restore your default configuration back to the...inside 192.168.1.1 255.255.255.0 dhcpd address 192.168.1.2-192.168.1.254 inside (192.168.1.0) interface. activation-key Updates the PIX Firewall activation key by completing the following steps: Step 1 Step 2 Step 3 Command configure terminal clear configuration all values are assumed to...
... can use the activation key: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Description show version Shows the PIX Firewall software version, hardware configuration, license key, and related uptime data. Restore the Default Configuration To restore your default configuration back to the...inside 192.168.1.1 255.255.255.0 dhcpd address 192.168.1.2-192.168.1.254 inside (192.168.1.0) interface. activation-key Updates the PIX Firewall activation key by completing the following steps: Step 1 Step 2 Step 3 Command configure terminal clear configuration all values are assumed to...
Quick Start Guide
Page 31
... hosts on the inside interface. Command Step 6 dhcpd lease 3600 Step 7 dhcpd ping_timeout 750 Step 8 dhcpd auto_config outside interface of the firewall. Takes a data sample and stores the sample data in milliseconds), before assigning an IP address to the DHCP client. The lease indicates ... detailed command information and configuration examples: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/index.htm The Cisco TAC website is available to permanent memory. To access the TAC website, go to the PIX 515E. Enables the DHCP daemon to begin listening for...
... hosts on the inside interface. Command Step 6 dhcpd lease 3600 Step 7 dhcpd ping_timeout 750 Step 8 dhcpd auto_config outside interface of the firewall. Takes a data sample and stores the sample data in milliseconds), before assigning an IP address to the DHCP client. The lease indicates ... detailed command information and configuration examples: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/index.htm The Cisco TAC website is available to permanent memory. To access the TAC website, go to the PIX 515E. Enables the DHCP daemon to begin listening for...
Quick Start Guide
Page 32
...RJ-45 connectors and a DB-9 connector. The four-port Ethernet circuit board is required to enter configuration commands. Alternative Ways to Access the PIX 515E You can access the CLI for your computer, and the RJ-45 connector on the other end. Step 2 Connect the RJ-45 connector... 99547 • If your PIX 515E has a four-port Ethernet circuit board already installed, the Ethernet circuit boards are numbered as required by the serial port for administration using the console port on the PIX Firewall. Step 1 Connect the blue console cable so that you must run a serial terminal ...
...RJ-45 connectors and a DB-9 connector. The four-port Ethernet circuit board is required to enter configuration commands. Alternative Ways to Access the PIX 515E You can access the CLI for your computer, and the RJ-45 connector on the other end. Step 2 Connect the RJ-45 connector... 99547 • If your PIX 515E has a four-port Ethernet circuit board already installed, the Ethernet circuit boards are numbered as required by the serial port for administration using the console port on the PIX Firewall. Step 1 Connect the blue console cable so that you must run a serial terminal ...
Quick Start Guide
Page 33
... 0/0 FAILOVER CONSOLE 99545 Ethernet 3 Ethernet 1 Ethernet 0 • If your PIX 515E has one Ethernet circuit board requires the PIX 515E-unrestricted license for access. If a four-port FE card is used with the restricted license, only one network interface is Ethernet 3. (Using more than one or ... board is Ethernet 2 and the bottom circuit board is activated.) Note If you have a second PIX 515E to the "Installing a Circuit Board in the PIX 515E" section in the Cisco PIX Firewall Hardware Installation Guide. 33 If you need to install an optional circuit board, refer to use as...
... 0/0 FAILOVER CONSOLE 99545 Ethernet 3 Ethernet 1 Ethernet 0 • If your PIX 515E has one Ethernet circuit board requires the PIX 515E-unrestricted license for access. If a four-port FE card is used with the restricted license, only one network interface is Ethernet 3. (Using more than one or ... board is Ethernet 2 and the bottom circuit board is activated.) Note If you have a second PIX 515E to the "Installing a Circuit Board in the PIX 515E" section in the Cisco PIX Firewall Hardware Installation Guide. 33 If you need to install an optional circuit board, refer to use as...