Quick Start Guide
Page 1
Quick Start Guide Cisco PIX 515E Firewall 1 Check Items Included 2 Install the PIX 515E 3 Configure the PIX 515E 4 Example Configurations 5 Optional Maintenance and Upgrade Procedures
Quick Start Guide Cisco PIX 515E Firewall 1 Check Items Included 2 Install the PIX 515E 3 Configure the PIX 515E 4 Example Configurations 5 Optional Maintenance and Upgrade Procedures
Quick Start Guide
Page 2
...130,000 simultaneous sessions. Hardware Features Software Features • 433-MHz Intel Celeron processor • 32-MB RAM with the restricted (R) license; 64-MB RAM with additional host capacity and failover capability • Internal DHCP server supports up to 256 ... PIX Firewall SERIES Fast Ethernet interfaces, making it an excellent choice for businesses requiring a cost-effective, resilient security solution with the ability to 188-Mbps firewall throughput • Supports 56-bit DES, 168-bit 3DES, and 128- 99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E ...
...130,000 simultaneous sessions. Hardware Features Software Features • 433-MHz Intel Celeron processor • 32-MB RAM with the restricted (R) license; 64-MB RAM with additional host capacity and failover capability • Internal DHCP server supports up to 256 ... PIX Firewall SERIES Fast Ethernet interfaces, making it an excellent choice for businesses requiring a cost-effective, resilient security solution with the ability to 188-Mbps firewall throughput • Supports 56-bit DES, 168-bit 3DES, and 128- 99550 About the Cisco PIX 515E Firewall The Cisco PIX 515E ...
Quick Start Guide
Page 4
... procedures, refer to the Cisco PIX Firewall Hardware Installation Guide. For rack-mounting and failover instructions, refer to the Cisco PIX Firewall Hardware Installation Guide. 4 The power switch is also rack-mountable. Note The chassis is located at the rear of the PIX 515E and a power outlet. Use...the inside 10/100 Ethernet interface, Ethernet 1, to a DSL modem, cable modem, or switch. Connect the power cable to install the PIX 515E: Router Internet Power cable 97998 Step 1 Install the rubber feet onto the five, round, recessed areas on the bottom of the chassis...
... procedures, refer to the Cisco PIX Firewall Hardware Installation Guide. For rack-mounting and failover instructions, refer to the Cisco PIX Firewall Hardware Installation Guide. 4 The power switch is also rack-mountable. Note The chassis is located at the rear of the PIX 515E and a power outlet. Use...the inside 10/100 Ethernet interface, Ethernet 1, to a DSL modem, cable modem, or switch. Connect the power cable to install the PIX 515E: Router Internet Power cable 97998 Step 1 Install the rubber feet onto the five, round, recessed areas on the bottom of the chassis...
Quick Start Guide
Page 5
... pool is unavailable. For more information on the inside Ethernet 1 interface of most small and medium business networking environments. By default, the PIX 515E denies all ICMP traffic to the Cisco PIX Firewall Command Reference. Based on the Ethernet 1 interface of your PC to the outside network securely. To access PDM, make sure that allows...
... pool is unavailable. For more information on the inside Ethernet 1 interface of most small and medium business networking environments. By default, the PIX 515E denies all ICMP traffic to the Cisco PIX Firewall Command Reference. Based on the Ethernet 1 interface of your PC to the outside network securely. To access PDM, make sure that allows...
Quick Start Guide
Page 14
Repeat the steps to configure the PIX Firewall. j. Click the OK button. k. The procedure remains the same, except the interface on which the translation is required is now the outside interfaces. Click the Proceed button. Check the displayed configuration for accuracy. The configurations should now indicate the interface PAT keywords. l. Click the Apply button to configure interface PAT between the inside and outside interface and the Dynamic address pool should display as shown below: 14
Repeat the steps to configure the PIX Firewall. j. Click the OK button. k. The procedure remains the same, except the interface on which the translation is required is now the outside interfaces. Click the Proceed button. Check the displayed configuration for accuracy. The configurations should now indicate the interface PAT keywords. l. Click the Apply button to configure interface PAT between the inside and outside interface and the Dynamic address pool should display as shown below: 14
Quick Start Guide
Page 21
...page. Select outside from the Wizards drop-down menu as the enabled interface for the current VPN tunnel. Click the Next button to configure PIX 1. Note The Site to Site VPN option connects two IPSec security gateways, which can quickly guide you through the process of configuring a... menu. PDM provides an easy-to-use VPN Wizard that can include PIX Firewalls, VPN concentrators, or other devices that support site-to-site IPSec connectivity. The illustration below shows an example VPN tunnel between two PIX 515E, and will be referenced in five simple steps. Select the Site to...
...page. Select outside from the Wizards drop-down menu as the enabled interface for the current VPN tunnel. Click the Next button to configure PIX 1. Note The Site to Site VPN option connects two IPSec security gateways, which can quickly guide you through the process of configuring a... menu. PDM provides an easy-to-use VPN Wizard that can include PIX Firewalls, VPN concentrators, or other devices that support site-to-site IPSec connectivity. The illustration below shows an example VPN tunnel between two PIX 515E, and will be referenced in five simple steps. Select the Site to...
Quick Start Guide
Page 27
For PIX 1, the remote network is Network B (20.20.20.0) so traffic encrypted from the remote PIX Firewall. Note When configuring PIX 2, ensure that the values are correctly entered. The remote network for PIX 1 is permitted through the tunnel. b. 2. Click the Finish button to complete the configuration. 27 a. In the second window, select VPN traffic for PIX 2 and vice versa. Select traffic permitted from this tunnel is the local network for remote network configuration.
For PIX 1, the remote network is Network B (20.20.20.0) so traffic encrypted from the remote PIX Firewall. Note When configuring PIX 2, ensure that the values are correctly entered. The remote network for PIX 1 is permitted through the tunnel. b. 2. Click the Finish button to complete the configuration. 27 a. In the second window, select VPN traffic for PIX 2 and vice versa. Select traffic permitted from this tunnel is the local network for remote network configuration.
Quick Start Guide
Page 28
...before sending to -site VPN communication with PIX 2. Click the Send button to ensure that all values are a common cause of the options that you will see this page: To enable preview commands: a. Check the configuration to enable PIX 1 for PIX 1. Step 5 View and Enable VPN... Commands If you enabled preview commands, you selected for PIX 1. Mismatches are entered correctly. In the main PDM page, select Options. b. When configuring PIX 2, enter the exact same values for each of...
...before sending to -site VPN communication with PIX 2. Click the Send button to ensure that all values are a common cause of the options that you will see this page: To enable preview commands: a. Check the configuration to enable PIX 1 for PIX 1. Step 5 View and Enable VPN... Commands If you enabled preview commands, you selected for PIX 1. Mismatches are entered correctly. In the main PDM page, select Options. b. When configuring PIX 2, enter the exact same values for each of...
Quick Start Guide
Page 29
.../formgenerator.pl If you are available for the PIX 515E, as secure remote management (SSH, PDM, etc.), site-to-site VPN, and remote access VPN. For more information on activation key examples or upgrading software, refer to the Cisco PIX Firewall and VPN Configuration Guide. 29 Note You will... receive the new activation key for your name, e-mail address, and the serial number for free at Cisco.com. These encryption licenses are not a registered user of Cisco.com and would like to obtain...
.../formgenerator.pl If you are available for the PIX 515E, as secure remote management (SSH, PDM, etc.), site-to-site VPN, and remote access VPN. For more information on activation key examples or upgrading software, refer to the Cisco PIX Firewall and VPN Configuration Guide. 29 Note You will... receive the new activation key for your name, e-mail address, and the serial number for free at Cisco.com. These encryption licenses are not a registered user of Cisco.com and would like to obtain...
Quick Start Guide
Page 30
reload Reboots and reloads the configuration. Erases the running configuration. activation-key Updates the PIX Firewall activation key by completing the following CLI commands by replacing the activation-key-four-tuple with the activation key obtained with...space between each element. You can use the activation key: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Description show version Shows the PIX Firewall software version, hardware configuration, license key, and related uptime data. all interface ethernet1 auto Step 4 Step 5 ip address inside 192.168.1.1 255.255.255.0...
reload Reboots and reloads the configuration. Erases the running configuration. activation-key Updates the PIX Firewall activation key by completing the following CLI commands by replacing the activation-key-four-tuple with the activation key obtained with...space between each element. You can use the activation key: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Description show version Shows the PIX Firewall software version, hardware configuration, license key, and related uptime data. all interface ethernet1 auto Step 4 Step 5 ip address inside 192.168.1.1 255.255.255.0...
Quick Start Guide
Page 31
...following website for detailed command information and configuration examples: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/index.htm The Cisco TAC website is available to the PIX 515E. Allows the configuration of the timeout value of syslog messages displayed... dhcpd ping_timeout 750 Step 8 dhcpd auto_config outside interface of the firewall. Takes a data sample and stores the sample data in seconds) granted to the DHCP server. Exits the current configuration mode. Enables the PIX Firewall to automatically configure DNS, WINS, and domain name values from...
...following website for detailed command information and configuration examples: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/index.htm The Cisco TAC website is available to the PIX 515E. Allows the configuration of the timeout value of syslog messages displayed... dhcpd ping_timeout 750 Step 8 dhcpd auto_config outside interface of the firewall. Takes a data sample and stores the sample data in seconds) granted to the DHCP server. Exits the current configuration mode. Enables the PIX Firewall to automatically configure DNS, WINS, and domain name values from...
Quick Start Guide
Page 32
...port Ethernet circuit board is required to DB-9 serial cable (null-modem) PC terminal adapter DB-9 PIX-515 99547 • If your computer, and the RJ-45 connector on the PIX Firewall. Locate the blue console cable from the accessory kit. Alternative Ways to enter configuration commands. Note ...Use the console port to connect to a computer to Access the PIX 515E You can access the CLI for your PIX 515E has a four-port Ethernet circuit ...
...port Ethernet circuit board is required to DB-9 serial cable (null-modem) PC terminal adapter DB-9 PIX-515 99547 • If your computer, and the RJ-45 connector on the PIX Firewall. Locate the blue console cable from the accessory kit. Alternative Ways to enter configuration commands. Note ...Use the console port to connect to a computer to Access the PIX 515E You can access the CLI for your PIX 515E has a four-port Ethernet circuit ...
Quick Start Guide
Page 33
... If you need to install an optional circuit board, refer to the "Installing a Circuit Board in the PIX 515E" section in the Cisco PIX Firewall Hardware Installation Guide. 33 If a four-port FE card is used with the restricted license, only one network interface is Ethernet 3. (Using more than one or two single-port Ethernet circuit... circuit boards are numbered top to use as a failover unit, install the failover feature and cable as described in the "Installing Failover" section in the Cisco PIX Firewall Hardware Installation Guide.
... If you need to install an optional circuit board, refer to the "Installing a Circuit Board in the PIX 515E" section in the Cisco PIX Firewall Hardware Installation Guide. 33 If a four-port FE card is used with the restricted license, only one network interface is Ethernet 3. (Using more than one or two single-port Ethernet circuit... circuit boards are numbered top to use as a failover unit, install the failover feature and cable as described in the "Installing Failover" section in the Cisco PIX Firewall Hardware Installation Guide.