Quick Start Guide
Page 2
... zone (DMZ) support. Some PIX 515E models include award-winning high-availability services as well as integrated hardware VPN acceleration, delivering up to eight 802.1Q VLAN-based logical interfaces • Intrusion protection from many different types of popular network-based attacks ranging from malformed packet attacks to 60/130-Mbps VPN throughput (VAC/VAC+) • Includes Cisco PIX Device Manager (PDM) for intuitive, web-based administration of firewall throughput...
... zone (DMZ) support. Some PIX 515E models include award-winning high-availability services as well as integrated hardware VPN acceleration, delivering up to eight 802.1Q VLAN-based logical interfaces • Intrusion protection from many different types of popular network-based attacks ranging from malformed packet attacks to 60/130-Mbps VPN throughput (VAC/VAC+) • Includes Cisco PIX Device Manager (PDM) for intuitive, web-based administration of firewall throughput...
Quick Start Guide
Page 4
...For rack-mounting and failover instructions, refer to the Cisco PIX Firewall Hardware Installation Guide. 4 Note For additional hardware installation procedures, refer to the Cisco PIX Firewall Hardware Installation Guide. Connect the power cable to a DSL modem, cable modem, or switch. Note The chassis is located at the rear of the chassis. Step 2 Step 3 Step 4 Step 5 Use the yellow Ethernet cable (72-1482-01) provided to connect the outside 10/100 Ethernet interface, Ethernet 0, to the rear of the chassis. 2 Install the PIX 515E DMZ server Switch DMZ PIX 515E Switch Inside...
...For rack-mounting and failover instructions, refer to the Cisco PIX Firewall Hardware Installation Guide. 4 Note For additional hardware installation procedures, refer to the Cisco PIX Firewall Hardware Installation Guide. Connect the power cable to a DSL modem, cable modem, or switch. Note The chassis is located at the rear of the chassis. Step 2 Step 3 Step 4 Step 5 Use the yellow Ethernet cable (72-1482-01) provided to connect the outside 10/100 Ethernet interface, Ethernet 0, to the rear of the chassis. 2 Install the PIX 515E DMZ server Switch DMZ PIX 515E Switch Inside...
Quick Start Guide
Page 5
... Wizard for simplified initial configuration of the PIX 515E to the outside interface. When connectivity occurs, the LINK LED on the Ethernet 1 interface of the PIX Firewall and the corresponding LINK LED on the switch or hub lights up the PIX Firewall. The factory-default configuration on the inside network to a switch or hub using the Ethernet cable. For more information on the PIX 515E. Follow these steps to flow through the PIX Firewall from the PIX 515E) or assign a static IP address to the Cisco PIX Device Manager Installation Guide for...
... Wizard for simplified initial configuration of the PIX 515E to the outside interface. When connectivity occurs, the LINK LED on the Ethernet 1 interface of the PIX Firewall and the corresponding LINK LED on the switch or hub lights up the PIX Firewall. The factory-default configuration on the inside network to a switch or hub using the Ethernet cable. For more information on the PIX 515E. Follow these steps to flow through the PIX Firewall from the PIX 515E) or assign a static IP address to the Cisco PIX Device Manager Installation Guide for...
Quick Start Guide
Page 6
... address allows external clients HTTP access to quickly configure your Internet browser. Use PDM to the DMZ server as needed. There are two publicly routable IP addresses available, one for the PIX 515E outside networks are denied. Use these examples to the DMZ web server is common to add the "s" in which the web server is a neutral zone between your PIX 515E. Substitute network addresses and apply additional policies as though it is configured such that the range of the Startup Wizard window. 4 Example Configurations...
... address allows external clients HTTP access to quickly configure your Internet browser. Use PDM to the DMZ server as needed. There are two publicly routable IP addresses available, one for the PIX 515E outside networks are denied. Use these examples to the DMZ web server is common to add the "s" in which the web server is a neutral zone between your PIX 515E. Substitute network addresses and apply additional policies as though it is configured such that the range of the Startup Wizard window. 4 Example Configurations...
Quick Start Guide
Page 11
... HTTP client, complete the following steps starting from being exposed on public networks and permits routing through the public networks. Step 2 Configure Address Translations on Private Networks Network Address Translation (NAT) replaces the source IP addresses of public IP addresses available to map into a single IP address on the public network. To configure NAT between two PIX interfaces. Select the Translation Rules tab. Ensure that have a limited number of network traffic traversing between the inside and the DMZ interfaces...
... HTTP client, complete the following steps starting from being exposed on public networks and permits routing through the public networks. Step 2 Configure Address Translations on Private Networks Network Address Translation (NAT) replaces the source IP addresses of public IP addresses available to map into a single IP address on the public network. To configure NAT between two PIX interfaces. Select the Translation Rules tab. Ensure that have a limited number of network traffic traversing between the inside and the DMZ interfaces...
Quick Start Guide
Page 30
An example is optional; Restore the Default Configuration To restore your new license. Negotiates the Ethernet speed and duplex settings automatically. Specifies the DHCP server IP address pool for the inside Description Starts configuration mode. reload Reboots and reloads the configuration. all interface ethernet1 auto Step 4 Step 5 ip address inside 192.168.1.1 255.255.255.0 dhcpd address 192.168.1.2-192.168.1.254 inside (192.168.1.0) interface. Configures a fixed IP address for internal hosts. 30 Activation-key-four-tuple...
An example is optional; Restore the Default Configuration To restore your new license. Negotiates the Ethernet speed and duplex settings automatically. Specifies the DHCP server IP address pool for the inside Description Starts configuration mode. reload Reboots and reloads the configuration. all interface ethernet1 auto Step 4 Step 5 ip address inside 192.168.1.1 255.255.255.0 dhcpd address 192.168.1.2-192.168.1.254 inside (192.168.1.0) interface. Configures a fixed IP address for internal hosts. 30 Activation-key-four-tuple...
Quick Start Guide
Page 32
.../100 ETHERNET 0/0 FAILOVER CONSOLE Console port (RJ-45) RJ-45 to Access the PIX 515E You can access the CLI for your computer, and the RJ-45 connector on the PIX Firewall. Alternative Ways to DB-9 serial cable (null-modem) PC terminal adapter DB-9 PIX-515 99547 • If your PIX 515E has a four-port Ethernet circuit board already installed, the Ethernet circuit boards are numbered as required by the serial port for administration using the console port...
.../100 ETHERNET 0/0 FAILOVER CONSOLE Console port (RJ-45) RJ-45 to Access the PIX 515E You can access the CLI for your computer, and the RJ-45 connector on the PIX Firewall. Alternative Ways to DB-9 serial cable (null-modem) PC terminal adapter DB-9 PIX-515 99547 • If your PIX 515E has a four-port Ethernet circuit board already installed, the Ethernet circuit boards are numbered as required by the serial port for administration using the console port...
Quick Start Guide
Page 35
... Mbps LED ACT LED DO NOT INSTALL INTERFACE CARDS WITH POWER APPLIED 100 Mbps LED LINK ACT LED LED USB LINK LED 100 Mbps ACT LINK 100 Mbps ACT LINK 10/100 ETHERNET 1 10/100 ETHERNET 0 FAILOVER USB CONSOLE 10/100BaseTX 10/100BaseTX Console Power switch ETHERNET 1 ETHERNET 0 port (RJ-45) (RJ-45) (RJ-45) Table 2 PIX 515E Real Panel LEDs LED Color 100 Mbps Green ACT Green LINK Green Status Description On 100-Mbps 100BaseTX communication. Off If this light is...
... Mbps LED ACT LED DO NOT INSTALL INTERFACE CARDS WITH POWER APPLIED 100 Mbps LED LINK ACT LED LED USB LINK LED 100 Mbps ACT LINK 100 Mbps ACT LINK 10/100 ETHERNET 1 10/100 ETHERNET 0 FAILOVER USB CONSOLE 10/100BaseTX 10/100BaseTX Console Power switch ETHERNET 1 ETHERNET 0 port (RJ-45) (RJ-45) (RJ-45) Table 2 PIX 515E Real Panel LEDs LED Color 100 Mbps Green ACT Green LINK Green Status Description On 100-Mbps 100BaseTX communication. Off If this light is...
Quick Start Guide
Page 37
... service contract but do 37 The Cisco TAC website is available 24 hours a day, 365 days a year. Cisco.com features the Cisco TAC website as an online starting point for troubleshooting and resolving technical issues with Cisco products and technologies. You can order Cisco documentation in these ways: • Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace: http://www.cisco...
... service contract but do 37 The Cisco TAC website is available 24 hours a day, 365 days a year. Cisco.com features the Cisco TAC website as an online starting point for troubleshooting and resolving technical issues with Cisco products and technologies. You can order Cisco documentation in these ways: • Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace: http://www.cisco...
Quick Start Guide
Page 38
... definitions. You and Cisco will commit full-time resources during normal business hours to restore service to satisfactory levels. You and Cisco will commit all cases are reported in which you require product information.) After you do not have Internet access, contact Cisco TAC by inadequate performance of Cisco products. There is little or no effect on your network is impaired, but...
... definitions. You and Cisco will commit full-time resources during normal business hours to restore service to satisfactory levels. You and Cisco will commit all cases are reported in which you require product information.) After you do not have Internet access, contact Cisco TAC by inadequate performance of Cisco products. There is little or no effect on your network is impaired, but...
Quick Start Guide
Page 41
... Cisco Systems, Inc. Addresses, phone numbers, and fax numbers are listed on recycled paper containing 10% postconsumer waste. 78-16055-01 Changing the Way We Work, Live, Play, and Learn, and iQuick Study are the property of Cisco Systems, Inc.; and/or its affiliates in the following countries. and certain other company. (0304R) Printed in this document or Web site are service...
... Cisco Systems, Inc. Addresses, phone numbers, and fax numbers are listed on recycled paper containing 10% postconsumer waste. 78-16055-01 Changing the Way We Work, Live, Play, and Learn, and iQuick Study are the property of Cisco Systems, Inc.; and/or its affiliates in the following countries. and certain other company. (0304R) Printed in this document or Web site are service...
Getting Started Guide
Page 2
... OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET...
... OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET...
Getting Started Guide
Page 7
This chapter includes the following sections: • Verifying the Package Contents, page 1-2 • Installing the PIX 515E Security Appliance, page 1-3 • Front and Back Panel Components, page 1-4 • Setting Up the Security Appliance, page 1-5 • What to install and perform the initial configuration of the security appliance. CH A P T E R 1 Installing and Setting Up the PIX 515E Security Appliance This chapter describes how to Do Next, page 1-9 78-17645-01 PIX 515E Security Appliance Getting Started Guide 1-1
This chapter includes the following sections: • Verifying the Package Contents, page 1-2 • Installing the PIX 515E Security Appliance, page 1-3 • Front and Back Panel Components, page 1-4 • Setting Up the Security Appliance, page 1-5 • What to install and perform the initial configuration of the security appliance. CH A P T E R 1 Installing and Setting Up the PIX 515E Security Appliance This chapter describes how to Do Next, page 1-9 78-17645-01 PIX 515E Security Appliance Getting Started Guide 1-1
Getting Started Guide
Page 10
Flashing Flashing when at least one network interface is located at the rear of the chassis. Figure 1-4 illustrates the back panel components. Front and Back Panel Components Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Step 5 Power up the PIX 515E security appliance. The power switch is passing traffic. PIX 515E Security Appliance Getting Started Guide 1-4 78-17645-01 Off If part of the PIX515E Security Appliance. Figure 1-3 PIX515E Security Appliance Front Panel...
Flashing Flashing when at least one network interface is located at the rear of the chassis. Figure 1-4 illustrates the back panel components. Front and Back Panel Components Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Step 5 Power up the PIX 515E security appliance. The power switch is passing traffic. PIX 515E Security Appliance Getting Started Guide 1-4 78-17645-01 Off If part of the PIX515E Security Appliance. Figure 1-3 PIX515E Security Appliance Front Panel...
Getting Started Guide
Page 11
... the Adaptive Security Device Manager, page 1-6 • Using the Startup Wizard, page 1-7 78-17645-01 PIX 515E Security Appliance Getting Started Guide 1-5 Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Setting Up the Security Appliance Figure 1-4 PIX 515E Security Appliance Back Panel 100 Mbps LED ACT LED CDAORDNSOTWIINTSHTPAOLLWIENRTEARPFPALCIEED 100 Mbps LED LINK ACT LED LED USB LINK LED 100 Mbps ACT LINK 100 Mbps ACT LINK 10/100 ETHERNET 1 10/100 ETHERNET 0 FAILOVER USB CONSOLE 10/100BaseTX 10/100BaseTX Console Power switch ETHERNET 1 ETHERNET 0 port...
... the Adaptive Security Device Manager, page 1-6 • Using the Startup Wizard, page 1-7 78-17645-01 PIX 515E Security Appliance Getting Started Guide 1-5 Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Setting Up the Security Appliance Figure 1-4 PIX 515E Security Appliance Back Panel 100 Mbps LED ACT LED CDAORDNSOTWIINTSHTPAOLLWIENRTEARPFPALCIEED 100 Mbps LED LINK ACT LED LED USB LINK LED 100 Mbps ACT LINK 100 Mbps ACT LINK 10/100 ETHERNET 1 10/100 ETHERNET 0 FAILOVER USB CONSOLE 10/100BaseTX 10/100BaseTX Console Power switch ETHERNET 1 ETHERNET 0 port...
Getting Started Guide
Page 12
... the Adaptive Security Device Manager PIX 515E Security Appliance Getting Started Guide 1-6 78-17645-01 The factory-default configuration automatically configures an interface for management so you can then configure and manage the security appliance using ASDM. This configuration enables a client on the inside network to obtain a DHCP address from the security appliance to connect to complete your configuration. By default, the security appliance management interface is configured with a factory-default configuration that enables quick startup. Setting Up the Security Appliance...
... the Adaptive Security Device Manager PIX 515E Security Appliance Getting Started Guide 1-6 78-17645-01 The factory-default configuration automatically configures an interface for management so you can then configure and manage the security appliance using ASDM. This configuration enables a client on the inside network to obtain a DHCP address from the security appliance to connect to complete your configuration. By default, the security appliance management interface is configured with a factory-default configuration that enables quick startup. Setting Up the Security Appliance...
Getting Started Guide
Page 14
... port of the PIX 515E, start an Internet browser. Setting Up the Security Appliance Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Step 3 Gather the following steps: Step 1 Step 2 Step 3 Use an Ethernet cable to connect your PC to the inside port (Ethernet 1) on your network. • The IP addresses of your PC to use the Startup Wizard to set up a basic configuration for the DHCP server. Alternatively, you use a static IP address, use any other interfaces to be configured. • The IP addresses to use for Network Address Translation (NAT) or Port Address...
... port of the PIX 515E, start an Internet browser. Setting Up the Security Appliance Chapter 1 Installing and Setting Up the PIX 515E Security Appliance Step 3 Gather the following steps: Step 1 Step 2 Step 3 Use an Ethernet cable to connect your PC to the inside port (Ethernet 1) on your network. • The IP addresses of your PC to use the Startup Wizard to set up a basic configuration for the DHCP server. Alternatively, you use a static IP address, use any other interfaces to be configured. • The IP addresses to use for Network Address Translation (NAT) or Port Address...
Getting Started Guide
Page 15
... download the ASDM launcher or to set up your deployment using the icmp command. Press Enter. From the Wizards menu, choose Startup Wizard. What to Do Next Next, configure the security appliance for Site-to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 ASDM starts. Chapter 2, "Scenario: DMZ Configuration" Chapter 3, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 4, "Scenario: Site-to -Site VPN See ... Follow the instructions in the Startup Wizard, click Help...
... download the ASDM launcher or to set up your deployment using the icmp command. Press Enter. From the Wizards menu, choose Startup Wizard. What to Do Next Next, configure the security appliance for Site-to -Site VPN Configuration" PIX 515E Security Appliance Getting Started Guide 1-9 ASDM starts. Chapter 2, "Scenario: DMZ Configuration" Chapter 3, "Scenario: IPsec Remote-Access VPN Configuration" Chapter 4, "Scenario: Site-to -Site VPN See ... Follow the instructions in the Startup Wizard, click Help...
Getting Started Guide
Page 26
...: Step 2 h. Use Port Address Translation (PAT) so that inside clients can map to the Address Pool. From the Interface drop-down list, choose Outside. d. These addresses are limited public IP addresses available. In the right pane of IP addresses to the same public IP address, as follows: a. Specify a Pool ID for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration g. Add addresses to the IP pool to be similar to the Configuration > NAT window. In this range of...
...: Step 2 h. Use Port Address Translation (PAT) so that inside clients can map to the Address Pool. From the Interface drop-down list, choose Outside. d. These addresses are limited public IP addresses available. In the right pane of IP addresses to the same public IP address, as follows: a. Specify a Pool ID for a DMZ Deployment Chapter 2 Scenario: DMZ Configuration g. Add addresses to the IP pool to be similar to the Configuration > NAT window. In this range of...
Getting Started Guide
Page 40
... to Do Next Chapter 2 Scenario: DMZ Configuration Step 8 If you want to save the configuration changes, the old configuration takes effect the next time the device starts. You may want the configuration changes to be saved to protect a web server in a DMZ, you have completed the initial configuration. Cisco Security Appliance Command Line Configuration Guide Cisco Security Appliance Command Reference Cisco Security Appliance Logging Configuration and System Log Messages You can configure the security appliance for other common applications of...
... to Do Next Chapter 2 Scenario: DMZ Configuration Step 8 If you want to save the configuration changes, the old configuration takes effect the next time the device starts. You may want the configuration changes to be saved to protect a web server in a DMZ, you have completed the initial configuration. Cisco Security Appliance Command Line Configuration Guide Cisco Security Appliance Command Reference Cisco Security Appliance Logging Configuration and System Log Messages You can configure the security appliance for other common applications of...