ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
User avatar
sysctl
Senior Member
Posts:
407
Joined:
Thu Apr 01, 2010 10:01 pm
Certs:
CCNA

PIX 515 - gimme the short and sweet

Wed Aug 04, 2010 10:17 am

I got a PIX 515 (not 515e) off of ebay yesterday for fairly cheap ($30). I have a grand total of zero experience with a PIX or an ASA. But, just glancing at the PIX wikipedia page, it seems to me the main difference in the two versions is 1) processor speed 2) amount of RAM. It shows that they can both run the latest version of the PIX software, and both have two fixed fa interfaces. The speed doesn't bother me, since I'll only be using it at home to learn it. Any secret tips/tricks I should know about, other than to go buy a PIX book?

Thank you kind sirs in advance.
A flute with no holes is not a flute. And, a doughnut with no hole is a Danish.

User avatar
kerpap
Ultimate Member
Posts:
761
Joined:
Sun Jan 04, 2009 6:28 pm
Certs:
CCNA, CCDA, CCNA-SECURITY

Re: PIX 515 - gimme the short and sweet

Wed Aug 04, 2010 7:56 pm

I would say the short and sweet, get a book. you should also have a basic understanding of how these devices work and of network security (Protocols, practices etc.) a PIX can be pretty much useless if configured incorrectly


P.S. check if it has a VAC in it and if 3DES is installed. this is a bonus for the learning end. you can play around with secure VPN
CCNA, CCDA, CCNA-SECURITY

User avatar
Vito_Corleone
Moderator
Posts:
9847
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: PIX 515 - gimme the short and sweet

Wed Aug 04, 2010 7:58 pm

It's old.
http://blog.alwaysthenetwork.com

User avatar
sysctl
Senior Member
Posts:
407
Joined:
Thu Apr 01, 2010 10:01 pm
Certs:
CCNA

Re: PIX 515 - gimme the short and sweet

Wed Aug 04, 2010 8:11 pm

yeah, I know it's old. Buy me an ASA 5505 if you want me to keep up :) But with the last PIX version, I should be able to learn what I would like to learn from it. I'm definitely going to buy a book. I'll check and see when it arrives if it has a VAC. I guess these are similar to the VPN modules in routers where they process all of the VPN cryptography rather than the main processor? Is 3DES not installed by default with the PIX OS? thanks for the info. you are both scholars and gentlemen.
A flute with no holes is not a flute. And, a doughnut with no hole is a Danish.

MonkeyBallz
New Member
Posts:
48
Joined:
Thu Jun 24, 2010 4:04 am
Certs:
CCNA

Re: PIX 515 - gimme the short and sweet

Thu Aug 05, 2010 5:59 am

i think it would be wise to study the basics first before trying to take short cuts as such... you'll only end up putting more time in your config.. on the flipside.. messing up and spending 2 days extra on the same config can also help you gain skills.. so it depends on how you look at things..

the glas is half full or half empty ;)

User avatar
sysctl
Senior Member
Posts:
407
Joined:
Thu Apr 01, 2010 10:01 pm
Certs:
CCNA

Re: PIX 515 - gimme the short and sweet

Thu Aug 05, 2010 1:59 pm

I wasn't necessarily looking for shortcuts. I just wanted the down and dirty on the device I guess. I have to go into town today to pick up my iPhone 4 (finally), so I'll check the bookstores. I find that I learn best by just logging in and plugging away, along with a good reference book beside me. If I hadn't have started building my home lab before I finished the CCNA curriculum, I never would have learned the things I did that were not in the textbooks.
A flute with no holes is not a flute. And, a doughnut with no hole is a Danish.

User avatar
cjutting
Post Whore
Posts:
1065
Joined:
Wed Sep 16, 2009 3:16 pm

Re: PIX 515 - gimme the short and sweet

Thu Aug 05, 2010 2:51 pm

Down and dirty.. You need the 515e to get the ram upgrade to run the at least the 7.x asa code. (I think it has to do with the 128mb ram upgrade)
Down and dirty.. If 3des isn't enabled find someone with a cco account. It's a free upgrade
Down and dirty.. Pix 6.3(5) is the last pix code you can run

User avatar
sysctl
Senior Member
Posts:
407
Joined:
Thu Apr 01, 2010 10:01 pm
Certs:
CCNA

Re: PIX 515 - gimme the short and sweet

Thu Aug 05, 2010 4:13 pm

I went off the wikipedia page when it said the 515 could run 8.0.4. This document http://www.cisco.com/en/US/docs/security/pix/pix80/release/notes/pixrn804.html confirms that it can with max memory/flash.

Yeah, I don't know anyone with a CCO account besides some instructors that I had. I doubt they'd be willing to do that, or if they even have access to the PIX software
A flute with no holes is not a flute. And, a doughnut with no hole is a Danish.

User avatar
cjutting
Post Whore
Posts:
1065
Joined:
Wed Sep 16, 2009 3:16 pm

Re: PIX 515 - gimme the short and sweet

Thu Aug 05, 2010 4:54 pm

oops.. Sorry. I knew there was ram requirements, but thought it was only the 515e that could take that much ram.

I use to have access to cco, but that was my last job. I'm sure they've changed the password by now

User avatar
sysctl
Senior Member
Posts:
407
Joined:
Thu Apr 01, 2010 10:01 pm
Certs:
CCNA

Re: PIX 515 - gimme the short and sweet

Sat Aug 07, 2010 6:44 pm

ok, so I've got the thing in my possession. Cleared passwords, updated firmware. here is my show ver.

Code: Select all
PIX-515> show ver

Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(2)

Compiled on Thu 07-Aug-08 19:42 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

PIX-515 up 2 mins 38 secs

Hardware:   PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

 0: Ext: Ethernet0           : address is 0050.54ff.f732, irq 10
 1: Ext: Ethernet1           : address is 0050.54ff.f733, irq 7
 2: Ext: Ethernet2           : address is 0006.29ef.14f0, irq 9

Licensed features for this platform:
Maximum Physical Interfaces  : 3
Maximum VLANs                : 10
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Cut-through Proxy            : Enabled
Guards                       : Enabled
URL Filtering                : Enabled
Security Contexts            : 0
GTP/GPRS                     : Disabled
VPN Peers                    : Unlimited

This platform has a Restricted (R) license.

Serial Number: 480320119
Running Activation Key: 0x65694982 0x83f679a9 0xba70ac69 0x24f5881e
Configuration has not been modified since last system restart.


Best I can tell, there is no VAC+. But, it seems that triple DES is enabled. Hopefully one of you guys will chime in with the correctness.
A flute with no holes is not a flute. And, a doughnut with no hole is a Danish.

User avatar
cjutting
Post Whore
Posts:
1065
Joined:
Wed Sep 16, 2009 3:16 pm

Re: PIX 515 - gimme the short and sweet

Sat Aug 07, 2010 8:47 pm

All be damned.. Good catch in the hardware!

User avatar
sysctl
Senior Member
Posts:
407
Joined:
Thu Apr 01, 2010 10:01 pm
Certs:
CCNA

Re: PIX 515 - gimme the short and sweet

Sat Aug 07, 2010 8:53 pm

so yes, then, no VAC+? btw, I scored the thing for $30, best offer was immediately accepted. they have another if anyone is interested. Came max'd out on RAM/flash, which is too bad since I have another 32mb ram stick on the way. There are 3 DIMM slots, but everything I have read says 64mb is the max. I'm happy with it, but I feel like my curiosity to get it working like I want is going to detract from my CCNA V prep.
A flute with no holes is not a flute. And, a doughnut with no hole is a Danish.

'

Return to Cisco Security

Who is online

Users browsing this forum: Alexa [Bot], deapee and 18 guests