Cisco PIX 501 Quick Setup

I inherited a Cisco Pix 501 firewall recently and have to say I’m not near as educated on Cisco equipment yet as I feel I should be.  After a good amount of searching along the way I started getting the hang of things.  I had worked in Cisco’s Pix Device Manager (PDM) and found it to be more of a pain trying to navigate than to setup through command line.  So, for this tutorial I will focus only on the CLI for setup of the device.

pix501

Here is how I was able to get things setup.  Note that this is just a basic setup using the CLI with the following:

WAN: DHCP

LAN: Enable NAT, and enable DHCP

After configuration the firewall will be accessible at 192.168.3.1 (and netmask 255.255.255.0) and DHCP leases available will be 192.168.3.50 – 192.168.3.80.  You can change these accordingly while going through the commands.

First of all, you need to connect to the device using your Cisco console cable which is an RJ45 to DB9.  Connect the RJ45 end to the 501, and the DB9 end to a machine with the connector.  In my case this was a Linux machine running Ubuntu.  If you are on a Windows machine you can simply use HyperTerminal to connect. I issued the following commands to get connected to the 501:

Sudo apt-get install cu
cu -l  /dev/ttyS0 -s 9600

ttyS0 was what worked for me, but yours may need to be changed to ttyS1, etc. depending on your setup.

Once things are connected I issued the following commands:

First press no to the guided install (if you plan to follow the tutorial below).

enable

You will be prompted here for a password.  The Enter key is the default password.

config t

This will allow access to the configuration menu.  Press “?” to find all commands available.

username  USER password ***** privilege 15

enable  password ******

passwd  ******

Replace USER with the username you wish to create.  This allows you to create an administrator account for the system.

interface  ethernet0 auto

interface  ethernet1 100full

ip address  outside dhcp

Make sure your WAN connection is live when issuing the command above.  It will try to assign a DHCP address when it’s issued.

ip address  inside 192.168.3.1 255.255.255.0

show ip  address

The above command just shows the current setup.  I used it to double check I entered everything properly.

ip address  outside dhcp setroute

nat  (inside) 1 192.168.3.1 255.255.255.0

global  (outside) 1 interface

telnet  192.168.3.50

This was an optional command.  This allowed telnet access to the client at 192.168.3.50.  This was added so I didn’t need the console cable connected after the initial setup, and could merely telnet in from the client as needed.

no banner  exec

no banner  login

no banner  motd

The banner commands are also optional.  I wanted to cut out any extra information at logins.  You can leave these, or change them as you desire.

hostname  YOURHOST

Replace YOURHOST with the hostname you wish to give the 501.

domain  local

dhcpd  address 192.168.3.50-192.168.3.80 inside

dhcpd dns  4.2.2.1 4.2.2.2

These were test DNS servers I used during setup.  I believe they are Level3’s, and they are rather stable.  You can change to your local ISP’s DNS servers or others as desired.

dhcpd  lease 3600

dhcpd  ping_timeout 750

dhcpd  enable inside

The above command assigns the 501 as the DHCP server for the inside interface (LAN).  If you wish to use a different DHCP server or don’t care to enable DHCP, simply disregard this command.

access-list  ping_acl permit icmp any any

access-group  ping_acl in interface outside

These two commands are added to allow ping requests.  Ping is disabled by default on the 501 and annoyed me when trying to run diagnostics.  These are optional.

wr mem

This finalizes your setup by writing all changes to memory.
These are the commands I found to work for me – and don’t have this in production.  I don’t claim for this method of setup to be secure for your environment and highly recommend you study up on the device more before placing it in a production environment.  If anyone has some modifications or additions to this guide please feel free to contact me.  Hopefully this tutorial can serve as a first step in becoming familiar with setup for the Pix 501, thanks for reading.

Source Image: cisco.com

About MadHatter

Still working on this... should be up soon

Leave a Reply

Post Navigation