One of more popular firewall products for small business market is Cisco PIX 501. Out of box it requires just a few configuration entries and you are up and running. In this guide, we will walk through steps for configuring your brand new pix at network edge.
This guide is written for user who has no knowledge of PIX firewall. As such, it is not a treatise on network security, but a quick, by-the numbers guide to configuring a PIX firewall with as little jargon as possible.
We are assuming that you have an internet connection with at least one static IP address. While PIX can easily handle a dynamic IP address (that is default configuration), you won’t be able to easily configure remote access, VPNs, Mail, or web servers without a static IP address.
Your PIX should have come with an AC adapter, a yellow CAT 5 cable, an orange CAT5 cable and a flat, (typically) baby blue cable with a 9-pin serial connector on one end and an RJ-45 plug on other.
The yellow CAT5 cable is a standard Ethernet cable and is used to connect your pc or server to 4-port Ethernet switch built into PIX.
The Orange CAT5 cable is a cross-over cable and may be required to connect outside interface of PIX to your ISP’s router (if your PC’s or workstations are plugged into a Cisco switch inside network, you will also require a cross-over cable for connecting to one of switch ports on PIX).
What we are going to use for our configuration is baby blue rollover cable. Insert serial jack into one of serial ports on back of PC or laptop you will be using to configure PIX. Then, insert RJ-45 plug into port on back of PIX labeled “console.”
Windows has a built in application that is used for (among other things) configuring serial devices. Using start menu, go to Start > Programs > Accessories > Communications > Hyper Terminal.
Choose Hyper Terminal application. You may get a dialog box asking if you’d like to make Hyper Terminal your default telnet application. Unless you have a preference, go ahead and choose yes.
Then you will be asked for area code from which you are dialing, although it isn’t applicable here, program still wants to know, so fill it in and click ‘next’ or ‘ok.’
You can call connection anything you’d like; in this example we’ll use PIX. Click ‘ok’ to move on.
Next, we’ll be asked to enter details for phone number we’d like to dial. Since we aren't dialing a phone number, use drop-down selector at bottom of box to choose COM1 or COM2 (whichever is applicable). If you have no idea which one is which, you may need to try it both ways.
Now, you will be expected to tell application some specifics about port settings so that it can effectively communicate with PIX.
Luckily, it isn’t too complex, just remember 9600, 8, none, and 1. Enter these settings into drop down selectors of box on your screen.
Now we are ready to set up PIX. Insert power cable and you will be greeted with startup monologue (it’s not a dialog in this case, it’s just informing you of what is occurring).
Then, you will be greeted with a screen that asks if you’d like to program PIX using interactive prompts. For purpose of this exercise, type no and click ‘enter’.
You will now get a prompt that looks like this: pixfirewall> Type word ‘enable’ (no quotes), when prompted for password, just click ‘enter’ as default is no password.
The prompt has changed to a hash mark: Pixfirewall# Type phrase ‘configure terminal’ (no quotes); you are telling PIX that you want to enter global configuration mode and you will be doing your configuration via terminal window.
Your prompt will now look like this: pixfirewall(config)#
The first thing we want to do is give your pix a host name. The PIX command syntax is: Variable name Thus, to set hostname we will enter: pixfirewall(config)# hostname mypix
Now, domain name; it’s alright if you don’t have a domain set up on your network, you can call it whatever you like. However, give some thought to whether a domain might be a possibility at some point and plan your naming scheme appropriately. pixfirewall(config)# domain-name mydomain.com
As you can see from configuration above, ethernet0 interface is outside interface, with a security setting of 0, while ethernet1 is inside interface with a security setting of 100. Additionally, you can see that interfaces are shutdown. All we need do to bring them up is enter speed at which they should operate. As they are Ethernet interfaces, any software version after 6.3(3) will take 100full, prior to that, use 10full.