How do i configure an old Cisco PIX FW
I need to replace our, ADSL connection with an IS fiber line
We have a LAN then Cisco Firewall - Then ADSL Dlink FW then internet.
So i need to replace the ADSL with a gateway, and i have an old PIX firewall.
so i would like to change the internal PORT to the same IP as the ADSL Dlink router and set the external IP
of the PIX to the IS Static IP, and have the PIX to "ALLOW ALL".
the PIX also have a password on it how can i reset it ?
Hi SBSP
There is a manual on the device here that may help you reset the password.
This equipmnet is 5 years old though so would not a new device be a good idea?
Regards
Tim
RESET PIX PASSWORDOriginally Posted by SBSP
If that is all you are going to do with it, im not sure why you are bothering?
But anyways, here is your config.
This is if the firewall has been WR Erased
int xxxx (where xxx is the outside interface)
ip address x.x.x.x y.y.y.y (x = ip, y = subnet)
nameif outside
no shut
int xxxxx (x = inside interface)
ip address x.x.x.x y.y.y.y (same as above)
nameif inside
no shut
!
access-list inside_nat extended permit ip any any
nat (inside) 1 access-list inside_nat
global (outside) 1 interface
!
route outside 0.0.0.0 0.0.0.0 xxxx (where x = next hop on outside interface)
And you are done
You dont require an inside access list, but if you want to
!
access-list inside_in ext per ip any any (you can change this to match your inside IP range if you like)
EG access-list inside_in ext per ip 10.0.0.0 255.255.255.0 any
!
access-group inside_in in interface inside
!
Last edited by syntax; 24-09-2012 at 05:47 PM.
He gets the ball, he takes the piss
He wears the shirt of Matt Le Tiss
Rickie Lambert Southampton goal machine
thanks i'm going to try this, In the meanwhile i have set up a soft firewall "endian Firewall community"
Its just a temporary solution till the guys in europe one day help me they normally take like 2 months.
If i reset thier firewall i'm dead! lol
Rather stick with dedicated firewalls like endian, smoothwall, ipcop which you can update/modificate. If not, then something which get updated on a regular basis. This is very important, especially when it comes to vulnerabilities.
I'm not sure whether you can update the Cisco PIX's firmware to the latest and newest. Remember, security vulnerabilities do exist in older firewalls, that's probably why they discontinued/removed it.
Christ-mass is NOT for Christians. Jeremiah 10.Is the 10 Commandments for Christians?
Saturday is the Seventh day, Sunday is the first day.
Shmiert Shpammer
Rather stick with dedicated firewalls like endian, smoothwall, ipcop which you can update/modificate. If not, then something which get updated on a regular basis. This is very important, especially when it comes to vulnerabilities.
I'm not sure whether you can update the Cisco PIX's firmware to the latest and newest. Remember, security vulnerabilities do exist in older firewalls, that's probably why they discontinued/removed it.
Christ-mass is NOT for Christians. Jeremiah 10.Is the 10 Commandments for Christians?
Saturday is the Seventh day, Sunday is the first day.
Shmiert Shpammer
The pix is a dedicated firewall, even if it is quite old. The firmware can be updated, although not to any of the latest versions. Most of the vulnerabilities are actually bugs, which can affect certain things, but not usually compromise security.
the Pix was discontinued in favour of the ASA, however it is still in support until mid 2013. We still have clients with a pix or two, and the VA scans dont show anything compromising that is hardware related.
The only reason for changing i would say at the moment would be to get a more feature rich firewall / UTM device. However, once you reach end of support, it would definitely be time to upgrade.
He gets the ball, he takes the piss
He wears the shirt of Matt Le Tiss
Rickie Lambert Southampton goal machine
well what ever the case is, security is not an issue here as i'm merly using this as a Dlink Router place holder its not used to block traffic at all that is why i want it to allow everything.
Our network is like this.
[LAN] -> [Cisco ASA 5510 FW two of them for Redundancy] it splits a speciffic IP range to a WAN inTRAnet and the rest to InTERnet.
Since i dont have login access to the ASA 5510 FW to tell it that it now has to pass the traffic to the internet via the IS router which has a different IP , I created an Endian Firewall with the exact same IP configuration as the ADSL Dlink router/FW/Switch.
with 2 network cards, the one card is set to the same IP as what the ADSL was and the other IP is the "External" IS Router IP or Red Zone IP as they call it in Endian,
So instead of using the endian FW and having an extra server, I would have preferred if i could use the Old Cisco PIX that i had laying in the cupboard.
So even if someone had to break through the Endian or PIX there will be a ASA 5510 to get past, if some gets past the ASA 5510 then , either the person who set it up made a mistake in the rules or Cisco should not sell Firewalls,
And everyone knows Cisco is king in what they do.
Last edited by SBSP; 25-09-2012 at 03:15 PM.
if im following correctly, i dont know why you just didnt add a route on the dlink to the new IS link.
anyways, sounds like you have it sorted
He gets the ball, he takes the piss
He wears the shirt of Matt Le Tiss
Rickie Lambert Southampton goal machine
cus the Dlink is junk, You can access the web front end of it from the outside even though the setting i set to disabled.
Posting Permissions
Reply With Quote
Bookmarks