Cisco Pix 501

[GeordieSteve]

Sorry to keep asking these IT related questions on here but you people seem to be a great help.

 

Has anyone got any information on setting up a Cisco Pix 501 firewall? Never used any Cisco kit but I hear it's all browser based rather than command line. Any information would be great as I've got people crying out for VPN access.

 

Cheers folks

[JustGav]

Used them before...

 

Good little units...

 

Altho I'm not currently CCIE (it expired and I'm not paying 2000 for re-cert)

 

Still have access to cisco's website tho with all the cookbooks.

 

Gav

[GeordieSteve]

Does anyone know if the 501 needs to be set up by command line through Telnet or can it be set up through the browser interface? I think the company who fitted it have been pulling my plonker

[cashpoint]

 

Altho I'm not currently CCIE (it expired and I'm not paying 2000 for re-cert)

 

 

Gav

 

show off i'm only a lowly CCNA

 

once it's been configured you can get at it via ethernet but the inital setup is via the com port on our pix the setting are

Bit rate 9600

Data bit 8

Parity None

Stop bit 1

flow control hardware

 

if you haven't used a PIX before and you don't have the Configuration guide, setting it up will be a right shit.

 

Tdaxgav if you still have acces the the cisco site can't you get a copy of the config guide?

 

while your there you could get a copy of the latest software version could you

[GeordieSteve]

yeah I didn't expect it to be easy but they charged us £800 to install it. He refused to set it up infront of me tho and insisted it all had to be set up through Cisco commands but I'm sure they can be set up just straight from a browser like a normal appliance firewall. I have a feeling the company are trying to make it look like I have less knowledge than I have to my bosses so they can get more work out of them

[cashpoint]

£800 to install i think i need a raise

 

 

You can get a program call cisco works that make the config pretty with colours and the such but i've no idea how much it costs as i've only ever seen it used in Large compaines (500+ user).

 

If this is the only cisco kit you have than it will be command line only. As I configure our cisco kit via command line and TFTP upload (it just a text file) if there's more than a few lines to change.

 

look at the back of the box if there are 3 ethernet port. (the com port is an RJ-45 conection to so don't include that) then VPN is possible if not then your going to need a VPN module.

 

Or is it VPN out bound they want?

 

before we had the module on our pix I setup a 2000 server to act as a VPN server. It will be cheaper than a module and the config.

[GeordieSteve]

Everything is up and running now. VPN works spot on (well it would due to the fact I'm on 4Mb at home). It was worth the money but I'd just have been a little miffed if setting up the 501 was like setting up a normal appliance firewall. It seemed to me the command line stuff was all for show coz he showed me the settings applied on the browser interface afterwards and he could easily edit them from there (all that needed set up was alow SMTP in, everything out, router IP, ISP IP and allow inbound VPN connections)

[JustGav]

I can download a whole stack of cookbook configs and manuals if you want from cisco...

 

Gav

[cashpoint]

Actually i think on later PIX boxes there is a web interface, though restricted to internal IP address. Ours is a couple of years old so doesn't have the interface. I'm sure there are some with the interface as it was mention when i requalified in December.

 

The command line does more impressive and stop the developers touching it.

[GeordieSteve]

Thought as much It's got a secure interface and your right... it can only be accessed by someone with the same subnet IP scheme. This company have tried it on like this before (tends to be because I've just turned 23 and an IT manager they can try to make me look stupid). Gonna have to be very carefull with them from now on Cheers mate

[Pete]

CLI rules!

Forget the HTTP!

[cashpoint]

It's actually IP specific not subnet you have to be using the right IP not just subnet to access is it anything like the telnet i use.

 

Which company is it that did the install is it a national one or are they local?

[GeordieSteve]

Sorry I meant the correct nodes (i.e. Subnet 255.255.255.0 and the IP 132.179.100.x).

 

Local company but quite big called Knowledge IT. After a Microsoft confrence with them one of their reps came up to me and said "sorry if it was a bit difficult but a lot of the people in here know what they're talking about"... I just shook my head and walked away. Maybe a change in 3rd line will be on the cards

[cashpoint]

After a Microsoft confrence with them one of their reps came up to me and said "sorry if it was a bit difficult but a lot of the people in here know what they're talking about"... I just shook my head and walked away. Maybe a change in 3rd line will be on the cards

 

That's what happens when you turn up in a nappy

 

tdaxgav i'll PM you when i have time for the cookbook configs and manuals.

[GeordieSteve]

lol yeah I did look a tad out of place... even more so in the car park..... audi.... bmw.... vectra... Veilside Supra.... Mondeo lol

[cashpoint]

where you were going wrong there is it was a microsoft conference. Went to a Cisco lecture thing on Network and internet security run by our supplier car park was more like AMG merc, M5 BMW, R33 GTR, Supra, Ford Ka.

 

I know where did the ka come from, it was his wifes apparently.

[JustGav]

where did the ka come from, it was his wifes apparently.

 

Bet that is what he tells everyone... just like the village slapper... everyone wants a go, but nobody will admit it..

[GeordieSteve]

Got another one coming up on sharepoint services and portal server but I'd only have the misses' seicento.... so I won't bother turning up eh? lol