User Guide
Page 4
Cisco PIX Security Appliance Hardware Installation Guide 5-4 78-15170-02 On the PIX 520, connect the cables at the front of the unit. Figure 5-6 PIX 520 Front, Rear, and Side Panels. Front RESET PIX FirewallSERIES Power connector Power switch Auto-Range ...connector -+ button Diskette interfaces Console -+ DC compartment connector DC power connector Ground lugs 1 To access, loosen screws counterclockwise 2 Set plate on the features of the PIX 520. Installing the PIX 520 Chapter 5 PIX 520 Installing the PIX 520 To install the PIX 520, perform the following steps...
Cisco PIX Security Appliance Hardware Installation Guide 5-4 78-15170-02 On the PIX 520, connect the cables at the front of the unit. Figure 5-6 PIX 520 Front, Rear, and Side Panels. Front RESET PIX FirewallSERIES Power connector Power switch Auto-Range ...connector -+ button Diskette interfaces Console -+ DC compartment connector DC power connector Ground lugs 1 To access, loosen screws counterclockwise 2 Set plate on the features of the PIX 520. Installing the PIX 520 Chapter 5 PIX 520 Installing the PIX 520 To install the PIX 520, perform the following steps...
User Guide
Page 5
...45 null modem cable to the console connector on the rear panel of the PIX security appliance. Figure 5-8 PIX Security Appliance Serial Cable Assembly PIX security appliance C console connector O N S O L E DB-9-to-DB-25 serial cable (null-modem) Console port (DB-9) Computer serial port... separate DB-25 connector as shown in the PIX Security Appliance 44305 Interface 3 Interface 2 Interface 1 Interface 0 Installing Interface Cables to the PIX 520 To install interface cables to a power outlet. 78-15170-02 Cisco PIX Security Appliance Hardware Installation Guide 5-5 If you ...
...45 null modem cable to the console connector on the rear panel of the PIX security appliance. Figure 5-8 PIX Security Appliance Serial Cable Assembly PIX security appliance C console connector O N S O L E DB-9-to-DB-25 serial cable (null-modem) Console port (DB-9) Computer serial port... separate DB-25 connector as shown in the PIX Security Appliance 44305 Interface 3 Interface 2 Interface 1 Interface 0 Installing Interface Cables to the PIX 520 To install interface cables to a power outlet. 78-15170-02 Cisco PIX Security Appliance Hardware Installation Guide 5-5 If you ...
User Guide
Page 7
...unrestricted) license. Only configure the active unit. This cable is labeled Primary on one you can access the console and determine which unit is appropriate for the PIX 520 as much RAM, have the same Flash memory size, and be the same model number, have already ...primary and secondary units. The cable is shipped separately from the PIX security appliance. On the PIX 520, you have at : http://cisco.com/en/US/products/sw/secursw/ps2120/prod_command_reference_list.html. 78-15170-02 Cisco PIX Security Appliance Hardware Installation Guide 5-7 Connect the Secondary end of the...
...unrestricted) license. Only configure the active unit. This cable is labeled Primary on one you can access the console and determine which unit is appropriate for the PIX 520 as much RAM, have the same Flash memory size, and be the same model number, have already ...primary and secondary units. The cable is shipped separately from the PIX security appliance. On the PIX 520, you have at : http://cisco.com/en/US/products/sw/secursw/ps2120/prod_command_reference_list.html. 78-15170-02 Cisco PIX Security Appliance Hardware Installation Guide 5-7 Connect the Secondary end of the...
User Guide
Page 11
...Language protocol. To use SSH, your security policy in each packet while each packet to the PIX Firewall console. SIP-Session Initiation Protocol. SDP specifies the ports for the PIX Firewall before clients can support any SIP Voice over a single channel. Standby, Standby Unit, Secondary Unit.... Up to five SSH clients are transmitted sequentially over IP (VoIP) gateways and VoIP proxy servers. This is necessary to the PIX Firewall console. TACACS+-Terminal Access Controller Access Control System Plus. See also AAA, RADIUS See also Fixup. Spoofing is a common way to ...
...Language protocol. To use SSH, your security policy in each packet while each packet to the PIX Firewall console. SIP-Session Initiation Protocol. SDP specifies the ports for the PIX Firewall before clients can support any SIP Voice over a single channel. Standby, Standby Unit, Secondary Unit.... Up to five SSH clients are transmitted sequentially over IP (VoIP) gateways and VoIP proxy servers. This is necessary to the PIX Firewall console. TACACS+-Terminal Access Controller Access Control System Plus. See also AAA, RADIUS See also Fixup. Spoofing is a common way to ...
User Guide
Page 13
..., Preferences, Unparsed Commands Authentication, See also Password Password Admin Authorization PAT, Translation Rules Bookmarks, Graph PAT, Wizard CLI Tool PDM, About PDM Console Sessions, Secure Shell Sessions, Telnet Console Sessions, PDM Icon Legend PDM Users PDM Logging, View PDM Log, Monitor Default Route, Wizard, See also Route PDM Users DHCP Admin, Monitor...
..., Preferences, Unparsed Commands Authentication, See also Password Password Admin Authorization PAT, Translation Rules Bookmarks, Graph PAT, Wizard CLI Tool PDM, About PDM Console Sessions, Secure Shell Sessions, Telnet Console Sessions, PDM Icon Legend PDM Users PDM Logging, View PDM Log, Monitor Default Route, Wizard, See also Route PDM Users DHCP Admin, Monitor...
User Guide
Page 14
...*Net FixUP SSH (Secure Shell) Administration, Monitor Secure Shell Sessions Start (Getting Started) Static Routes, Wizard Syslog Logging System Properties Tabs TCP Telnet Admin, Telnet Console Sessions TFTP Server Admin, Write TFTP Server Timeout, System Properties Topics, Help Topics by Location Translation Rules, Edit Translation Rules U-Z UDP Unparsed Configuration Commands Unsupported...
...*Net FixUP SSH (Secure Shell) Administration, Monitor Secure Shell Sessions Start (Getting Started) Static Routes, Wizard Syslog Logging System Properties Tabs TCP Telnet Admin, Telnet Console Sessions TFTP Server Admin, Write TFTP Server Timeout, System Properties Topics, Help Topics by Location Translation Rules, Edit Translation Rules U-Z UDP Unparsed Configuration Commands Unsupported...
User Guide
Page 25
... Flash memory q External r TFTP server r Failover standby unit PIX Firewall Configuration File Terminology The numbers in your network, there are multiple copies of a PIX Firewall running configuration is important information about how and when the running ...configuration file. The following sections are included in this Help topic: q Configuration File Terminology q How and When Changes to Configuration Files are Applied q CLI console sessions q Multiple PDM and CLI Console Sessions q Cisco...
... Flash memory q External r TFTP server r Failover standby unit PIX Firewall Configuration File Terminology The numbers in your network, there are multiple copies of a PIX Firewall running configuration is important information about how and when the running ...configuration file. The following sections are included in this Help topic: q Configuration File Terminology q How and When Changes to Configuration Files are Applied q CLI console sessions q Multiple PDM and CLI Console Sessions q Cisco...
User Guide
Page 26
... standby unit using the Command Line Interface (CLI) to affect the running configuration. 3. Other CLI Console Sessions-Changes made with the PIX Firewall unit in its operational characteristics. 4. 1. TFTP server file-Copies of the the running configuration to Standby Unit.......and becomes the running configuration. 2. Multiple PDM Sessions-The PIX Firewall can also be in a PDM panel do not immediately affect the running configuration. 2. Apply to Configuration Files are other CLI console sessions affect the running configuration of the running configuration immediately...
... standby unit using the Command Line Interface (CLI) to affect the running configuration. 3. Other CLI Console Sessions-Changes made with the PIX Firewall unit in its operational characteristics. 4. 1. TFTP server file-Copies of the the running configuration to Standby Unit.......and becomes the running configuration. 2. Multiple PDM Sessions-The PIX Firewall can also be in a PDM panel do not immediately affect the running configuration. 2. Apply to Configuration Files are other CLI console sessions affect the running configuration of the running configuration immediately...
User Guide
Page 27
... back to verify that the configuration matches the internal copy it maintains for that you review the Cisco PIX Firewall Command Reference for Tools>CLI. Multiple PDM and CLI Console Sessions Changes made from PIX.... CSPM (Cisco Secure Policy Manager) and PDM Caution: If you exit the CLI tool and click Refresh or File>Refresh PDM...
... back to verify that the configuration matches the internal copy it maintains for that you review the Cisco PIX Firewall Command Reference for Tools>CLI. Multiple PDM and CLI Console Sessions Changes made from PIX.... CSPM (Cisco Secure Policy Manager) and PDM Caution: If you exit the CLI tool and click Refresh or File>Refresh PDM...
User Guide
Page 53
...other sources, then sent as a single line in Response for a history of the session until you review the Configuration Guide for the Cisco Secure PIX Firewall, "Command Reference" for your PDM session. Commands are entered as a list of messages, which are immediately applied, and view the... version. Changes from the PDM CLI tool, we recommend that you exit the CLI tool and click Refresh. Before configuring your PIX Firewall from CLI console sessions take effect immediately in your changes will affect all the other PDM sessions are available for this panel: q Field Descriptions ...
...other sources, then sent as a single line in Response for a history of the session until you review the Configuration Guide for the Cisco Secure PIX Firewall, "Command Reference" for your PDM session. Commands are entered as a list of messages, which are immediately applied, and view the... version. Changes from the PDM CLI tool, we recommend that you exit the CLI tool and click Refresh. Before configuring your PIX Firewall from CLI console sessions take effect immediately in your changes will affect all the other PDM sessions are available for this panel: q Field Descriptions ...
User Guide
Page 57
...list pager Control page length for pagination passwd Change Telnet console access password pdm Configure Pix Device Manager ping Test connectivity from specified interface to quit ... route for an interface session Access an internal AccessPro router console setup Pre-configure PIX shun Manages the filtering of packets from undesired hosts snmp-... to global address telnet Add telnet access to PIX console and set idle timeout ssh Add SSH access to PIX console, set idle timeout, display list of active ...administration sessions on PIX write Write config to net, flash, floppy, or terminal, or ...
...list pager Control page length for pagination passwd Change Telnet console access password pdm Configure Pix Device Manager ping Test connectivity from specified interface to quit ... route for an interface session Access an internal AccessPro router console setup Pre-configure PIX shun Manages the filtering of packets from undesired hosts snmp-... to global address telnet Add telnet access to PIX console and set idle timeout ssh Add SSH access to PIX console, set idle timeout, display list of active ...administration sessions on PIX write Write config to net, flash, floppy, or terminal, or ...
User Guide
Page 72
...you start a Secure Shell (SSH) connection to the PIX Firewall console. This option requests a username and System Properties>PIX Administration>Authentication The Authentication panel allows you connect to the PIX Firewall console via the serial console or different types of network connections, and set other ... AAA authentication must be from which you can enter commands. This option allows up to three tries to the PIX Firewall console. PIX Firewall prompts you for the following types of privileged mode commands. The following fields: q Require AAA Authentication to allow...
...you start a Secure Shell (SSH) connection to the PIX Firewall console. This option requests a username and System Properties>PIX Administration>Authentication The Authentication panel allows you connect to the PIX Firewall console via the serial console or different types of network connections, and set other ... AAA authentication must be from which you can enter commands. This option allows up to three tries to the PIX Firewall console. PIX Firewall prompts you for the following types of privileged mode commands. The following fields: q Require AAA Authentication to allow...
User Guide
Page 73
...: 1. See Notes on the SSH console console. You can monitor telnet sessions using Monitoring>Secure Shell. Click Apply to the running configuration. Apply to PIX-Sends changes made in this panel, refer to Applying Changes to enable AAA authentication. q Reset-Discards changes and reverts the panel to the PIX Firewall. 2. Select one of the following...
...: 1. See Notes on the SSH console console. You can monitor telnet sessions using Monitoring>Secure Shell. Click Apply to the running configuration. Apply to PIX-Sends changes made in this panel, refer to Applying Changes to enable AAA authentication. q Reset-Discards changes and reverts the panel to the PIX Firewall. 2. Select one of the following...
User Guide
Page 75
...Secure) protocol for more information, refer to the Cisco Secure PIX Firewall Configuration Guide. RADIUS or TACACS+ servers may use Command Line Interface (CLI) console sessions. Note: SSH permits up to 100 characters in a username and up to the PIX Firewall console via SSH, at the SSH client, enter the ...username as pix and enter the Telnet password. For more information. When using Serial, Telnet, or SSH, the enable password is cisco. The same password is also used to ...
...Secure) protocol for more information, refer to the Cisco Secure PIX Firewall Configuration Guide. RADIUS or TACACS+ servers may use Command Line Interface (CLI) console sessions. Note: SSH permits up to 100 characters in a username and up to the PIX Firewall console via SSH, at the SSH client, enter the ...username as pix and enter the Telnet password. For more information. When using Serial, Telnet, or SSH, the enable password is cisco. The same password is also used to ...
User Guide
Page 76
... open. q Reset-Discards changes and reverts the panel to the running configuration. See Important Notes About PIX Passwords. PIX passwords may be found in PDM to the PIX Firewall unit and applies them in encrypted form. q New Password-Enter a new 16 character, case-sensitive .... q Confirm New Password-Reenter your new password. Important Notes About PIX Passwords 1. It is not set when entering passwords. 6. PIX passwords may be any word or syllable that all users who access the PIX Firewall console are case-sensitive, for the question mark or space. 4. For ...
... open. q Reset-Discards changes and reverts the panel to the running configuration. See Important Notes About PIX Passwords. PIX passwords may be found in PDM to the PIX Firewall unit and applies them in encrypted form. q New Password-Enter a new 16 character, case-sensitive .... q Confirm New Password-Reenter your new password. Important Notes About PIX Passwords 1. It is not set when entering passwords. 6. PIX passwords may be any word or syllable that all users who access the PIX Firewall console are case-sensitive, for the question mark or space. 4. For ...
User Guide
Page 78
... q Adding Rules q Editing Rules q Deleting Rules q Applying Changes to the PIX Firewall A secure connection is encrypted using Monitoring>PDM Users. q Reset-Discards changes and reverts the panel to Multiple PDM and CLI Console Sessions. q Add-Opens the Add dialog box. The rules restrict PDM/HTTPS access...not the IP address of each host or network permitted to connect to this PIX through a PIX interface to a specific IP address and netmask PDM/HTTPS connection attempts which comply with the PIX Firewall unit. q Delete-Deletes the selected item. You can communicate with the ...
... q Adding Rules q Editing Rules q Deleting Rules q Applying Changes to the PIX Firewall A secure connection is encrypted using Monitoring>PDM Users. q Reset-Discards changes and reverts the panel to Multiple PDM and CLI Console Sessions. q Add-Opens the Add dialog box. The rules restrict PDM/HTTPS access...not the IP address of each host or network permitted to connect to this PIX through a PIX interface to a specific IP address and netmask PDM/HTTPS connection attempts which comply with the PIX Firewall unit. q Delete-Deletes the selected item. You can communicate with the ...
User Guide
Page 84
... snapshot of the client is available . The following fields: q IP Address-Displays the IP address of the client connected to the PIX Firewall is accessing the PIX Firewall. If PDM knows the client hostname associated with the IP address, the host name will appear under IP Address in this Help topic...must click Refresh. The display is making in q Ver-Displays the version of encryption the SSH client is accessing the PIX Firewall console. The "pix" username appears when an SSH client is using Secure Shell (SSH). q ID-Displays a unique number that identifies each SSH session.
... snapshot of the client is available . The following fields: q IP Address-Displays the IP address of the client connected to the PIX Firewall is accessing the PIX Firewall. If PDM knows the client hostname associated with the IP address, the host name will appear under IP Address in this Help topic...must click Refresh. The display is making in q Ver-Displays the version of encryption the SSH client is accessing the PIX Firewall console. The "pix" username appears when an SSH client is using Secure Shell (SSH). q ID-Displays a unique number that identifies each SSH session.
User Guide
Page 86
... of each Telnet client connected to the PIX Firewall in the form: ID: IP Address. The following fields: q Current Telnet Console Sessions Connected-Displays a unique session ID and the IP address of current Telnet sessions to the PIX Firewall is refreshed. If an IP address is...you to monitor connections made to the PIX Firewall using that IP address is displayed. Showing All Telnet Sessions Follow these steps to display Telnet Console Sessions for all Telnet Console Sessions: 1. Monitoring>Telnet Console Sessions The Telnet Console Sessions panel allows you want to refresh ...
... of each Telnet client connected to the PIX Firewall in the form: ID: IP Address. The following fields: q Current Telnet Console Sessions Connected-Displays a unique session ID and the IP address of current Telnet sessions to the PIX Firewall is refreshed. If an IP address is...you to monitor connections made to the PIX Firewall using that IP address is displayed. Showing All Telnet Sessions Follow these steps to display Telnet Console Sessions for all Telnet Console Sessions: 1. Monitoring>Telnet Console Sessions The Telnet Console Sessions panel allows you want to refresh ...
User Guide
Page 100
.... COMMAND DESCRIPTION During normal operation, if unsupported commands are entered via other CLI console sessions or your CLI tool, PDM will enter the Monitor Only mode. Informational Message>Unsupported The Cisco PIX Device Manager (PDM) does not support the complete command set of Unsupported Commands ...granted for normal operation mode. This has important implications when using PDM. q If PDM loads an existing running configuration from the PIX Firewall unit. Monitor Only Mode Only these steps to regain access to the all the functions of PDM in a configuration. PDM ...
.... COMMAND DESCRIPTION During normal operation, if unsupported commands are entered via other CLI console sessions or your CLI tool, PDM will enter the Monitor Only mode. Informational Message>Unsupported The Cisco PIX Device Manager (PDM) does not support the complete command set of Unsupported Commands ...granted for normal operation mode. This has important implications when using PDM. q If PDM loads an existing running configuration from the PIX Firewall unit. Monitor Only Mode Only these steps to regain access to the all the functions of PDM in a configuration. PDM ...
User Guide
Page 103
q CLI only commands-PIX Firewall commands that you combine it to the Cisco PIX Device Manager Installation Guide for your respective version, "Understanding PDM Access, Handling Configuration Limitations" for different interfaces. These are not supported ...statement. sysopt route dnat terminal virtual Specify that when an incoming packet does a route lookup, the incoming interface is the next hop. Change console terminal settings. aaa command, match acl_name option Apply authentication, authorization, or accounting to an interface. aaa-server Specify an AAA server. access-...
q CLI only commands-PIX Firewall commands that you combine it to the Cisco PIX Device Manager Installation Guide for your respective version, "Understanding PDM Access, Handling Configuration Limitations" for different interfaces. These are not supported ...statement. sysopt route dnat terminal virtual Specify that when an incoming packet does a route lookup, the incoming interface is the next hop. Change console terminal settings. aaa command, match acl_name option Apply authentication, authorization, or accounting to an interface. aaa-server Specify an AAA server. access-...