1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. PIX 520 - PIX Firewall 520
  6. Installation manual

Cisco PIX 520 - PIX Firewall 520 Installation Manual

Installation guide
Hide thumbs Also See for PIX 520 - PIX Firewall 520:
Table of Contents

Advertisement

Quick Links

See also: User Manual
Cisco PIX Device Manager
Installation Guide
Version 3.0
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: 78-15483-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco PIX 520 - PIX Firewall 520

Summary of Contents for Cisco PIX 520 - PIX Firewall 520

  • Page 1 Cisco PIX Device Manager Installation Guide Version 3.0 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: 78-15483-01...
  • Page 2 CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, In Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CC...

  • Page 3: Table Of Contents

    Upgrading to a New Software Release 1 - 6 PC/Workstation Requirements 1 - 6 Supported Platforms 1 - 8 Windows 1 - 8 Sun Solaris 1 - 9 Red Hat Linux 1 - 9 Cisco PIX Device Manager Installation Guide, Version 3.0 78-15483-01...
  • Page 4 Using a TFTP Server A - 1 Obtaining a Windows TFTP Server A - 1 Enabling UNIX TFTP Support A - 2 Enabling TFTP Access on a Sun Solaris System A - 2 Cisco PIX Device Manager Installation Guide, Version 3.0 78-15483-01...
  • Page 5 Contents Enabling TFTP Access on a Linux System A - 2 TFTP Download Error Codes A - 3 N D E X Cisco PIX Device Manager Installation Guide, Version 3.0 78-15483-01...
  • Page 6 Contents Cisco PIX Device Manager Installation Guide, Version 3.0 78-15483-01...
  • Page 7 Obtaining Technical Assistance, page xvi Obtaining Additional Publications and Information, page xvii • Document Objectives This guide describes how to install and access the Cisco PIX Device Manager (PDM) software. Audience This guide is for network administrators who perform the following: Manage network security •...

  • Page 8: Preface

    Apenas pessoal treinado e qualificado deve ser autorizado a instalar, substituir ou fazer a revisão deste equipamento. ¡Advertencia! Solamente el personal calificado debe instalar, reemplazar o utilizar este equipo. Varning! Endast utbildad och kvalificerad personal bör få tillåtelse att installera, byta ut eller reparera denna utrustning. Cisco PIX Device Manager Installation Guide viii 78-15483-01...

  • Page 9: Safety Warning Description

    Tässä asiakirjassa esitettyjen varoitusten käännökset löydät laitteen mukana toimitetuista ohjeista. Huomautus SÄILYTÄ NÄMÄ OHJEET Huomautus Tämä asiakirja on tarkoitettu käytettäväksi yhdessä tuotteen mukana tulleen asennusoppaan kanssa. Katso lisätietoja asennusoppaasta, kokoonpano-oppaasta ja muista mukana toimitetuista asiakirjoista. Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 10 Nota CONSERVARE QUESTE ISTRUZIONI Nota La presente documentazione va usata congiuntamente alla guida di installazione specifica spedita con il prodotto. Per maggiori informazioni, consultare la Guida all'installazione, la Guida alla configurazione o altra documentazione acclusa. Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 11 översatta säkerhetsvarningarna som medföljer denna anordning. OBS! SPARA DESSA ANVISNINGAR OBS! Denna dokumentation ska användas i samband med den specifika produktinstallationshandbok som medföljde produkten. Se installationshandboken, konfigurationshandboken eller annan bifogad ytterligare dokumentation för närmare detaljer. Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 12 Preface Safety Warning Description Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 13: Document Organization

    The major sections of this guide are as follows: Chapter Title Description Overview Physical properties and functional overview of the Cisco PIX Device Manager (PDM) Version 3.0 Preparing to Install PDM Preparations and other requirements before installing the PIX Firewall Installing PDM...

  • Page 14: Terms And Acronyms

    SCEP—Simple Certificate Enrollment Protocol • SDRAM—Synchronous Dynamic Random-Access Memory • SHA—Secure Hash Algorithm SNMP—Simple Network Management Protocol • SSL—Secure Sockets Layer • TFTP—Trivial File Transfer Protocol • • VAM—Virtual Private Network (VPN) Acceleration Module (VAM) Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 15: Related Documentation

    Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems. Cisco.com You can access the most current Cisco documentation on the World Wide Web at this URL: http://www.cisco.com/univercd/home/home.htm You can access the Cisco website at this URL: http://www.cisco.com...

  • Page 16: Documentation Feedback

    24 hours a day, 365 days a year. Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL: http://tools.cisco.com/RPF/register/register.do...

  • Page 17: Tac Case Priority Definitions

    TAC Case Priority Definitions To ensure that all cases are reported in a standard format, Cisco has established case priority definitions. Priority 1 (P1)—Your network is “down” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
  • Page 18 Obtaining Additional Publications and Information • Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html...

  • Page 19: Overview

    • Introduction Cisco PIX Device Manager (PDM) is a graphical user interface (GUI) that manages Cisco PIX Firewalls. PDM, a signed Java applet, uses certificates and HTTPS (HTTP over SSL) to securely transmit information between PDM and the PIX Firewall. (Enter “https” in your browser to use HTTPS.) PDM provides the following: GUI—Lets you configure, manage, and monitor security policies across a network.

  • Page 20: Data Encryption Overview

    • • Embedded Architecture—Lets you manage the Cisco PIX Firewall from almost any computer, regardless of the operating system, and works with most browsers, including Microsoft Internet Explorer and Netscape Navigator. There is no application to install and no plug-in required.
  • Page 21 DES and Triple DES—The Data Encryption Standard (DES) and Triple DES (3DES) encryption packet data. Cisco IOS software implements the 3-key Triple DES and DES-CBC with Explicit IV. Cipher Block Chaining (CBC) requires an initialization vector (IV) to start encryption. The IV is explicitly given in the IPSec packet.

  • Page 22: Pix Firewall System Requirements

    DES activation key. If your PIX Firewall is not enabled for DES, 3DES, or AES, and you are a registered Cisco user, you can receive a DES, 3DES, or AES activation key by completing the form at the following URL: http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=324.

  • Page 23: Flash Memory Requirements

    For example: pixfirewall# show flashfs flash file system: version:3 magic:0x12345679 file 0:origin: 0 length:1925176 file 1:origin:2883584 length:2944 file 2:origin:3014656 length:32 file 3:origin: 0 length:0 file 4:origin:3145728 length:131072 file 5:origin:8257536 length:308 Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 24: Software Requirements

    The PIX Firewall image no longer fits on a diskette. If you are using a PIX Firewall unit with a • diskette drive, download the Boothelper file from cisco.com http://www.cisco.com/cgi-bin/tablebuild.pl/pix) to get the PIX Firewall image. Before upgrading from a previous PIX Firewall version, save your configuration and write down •...
  • Page 25 To check which Java Virtual Machine (JVM) version you have, launch PDM. In the main PDM menu, click Help>About Cisco PIX Device Manager. When the About PDM information window appears, it displays your browser specifications in a table. You can download the latest JVM version for Internet Explorer from Microsoft, and you can download the latest Java Plug-in from Sun Microsystems (www.java.sun.com).

  • Page 26: Supported Platforms

    Microsoft Windows XP Java Plug-in 1.4.1_02 Netscape 7.0x Java Plug-in 1.4.1_02 1. Native refers to the built-in JVM that ships with the browser. PDM Version 3.0 does not support Windows 3.1 or Windows 95. Note Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 27: Sun Solaris

    Pentium III or equivalent running at 450 Mhz or higher Random Access Memory At least 128 MB Display Resolution and Colors At least 1024 x 768 pixels and 256 colors Network Connection Connection speed 56 Kbps; 384 Kbps (DSL or cable) recommended Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 28 Mozilla 1.0.1 on Red Hat 8.0 Java Plug-in 1.4.1 Recommended Red Hat Linux Platforms Red Hat Linux 8.0 Mozilla 1.0.1 Java Plug-in 1.4.1_02 1. Native refers to the built-in JVM that ships with the browser. Cisco PIX Device Manager Installation Guide 1-10 78-15483-01...

  • Page 29: Preparing To Install Pdm

    CLI Command Support—PDM Version 3.0 uses the PIX Firewall CLI command syntax, which is very similar to Cisco IOS software, but not identical. Most PIX Firewall CLI commands are fully supported by PDM. If you are using PDM with an existing firewall configuration, refer to PDM Support for PIX Firewall CLI Commands for more information.

  • Page 30: Caution

    Verify that you have a TFTP or FTP server installed. See Appendix A, “Using a TFTP Server.” install a TFTP server. Confirm that you are a registered Cisco user. If you are not a registered user, go to • http://tools.cisco.com/RPF/register/register.do, and complete the form to register.

  • Page 31: Preparing To Install Pdm

    Registered Cisco.com users can request a DES (free), 3DES/AES activation key from the following URL: http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl?pid=221&fid=324 – New Cisco.com users can complete the form at this URL before requesting a DES (free), 3DES/AES activation key: http://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl 3DES/AES activation keys are available as part of a feature license upgrade and are not free.

  • Page 32: Determining The Ip Address Of Your Server

    “tftp server” on the Web. We do not specifically recommend any particular TFTP implementation. Note that recent versions of Cisco IOS software support the use of FTP instead of TFTP for loading of images or configuration files. Use of FTP overcomes a number of inherent limitations of TFTP, including a lack of security and a 16 MB file size limitation.

  • Page 33: Sun Solaris

    In this example, the IP address of the computer is 209.165.200.225 with a netmask of 255.255.255.224. The remainder of the display provides information on the status of data transmission through the server. Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 34 Chapter 2 Preparing to Install PDM Determining the IP Address of Your Server Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 35: Installing Pdm

    Cisco.com username and password.) Step 5 On the Cisco Secure PIX Firewall Software page, find the section titled “Select a File to Download”, click pdm-nnn.bin (where nnn represents the PDM software image version that you want to install) and follow the instructions presented.

  • Page 36: Downloading Pdm Using Ftp

    Set your FTP client to passive mode by selecting the Properties button on the Connect to FTP Site screen, Step 1 selecting the Connection tab, checking Use Passive Mode, and clicking Apply. Start your FTP client and connect to ftp.cisco.com. Enter your Cisco.com username and password when Step 2 prompted.
  • Page 37 The HyperTerminal window is now ready to receive information from the PIX Firewall console. Wait 30 seconds for the PIX Firewall startup messages to display. These messages should appear similar to the following example: Rebooting..Cisco Secure PIX Firewall BIOS (4.0) #0: Thu Mar 2 22:59:20 PST 2000 Platform PIX-515 Flash=i28F640J5 @ 0x300 Use BREAK or ESC to interrupt flash boot.

  • Page 38: Loading The Pdm Image

    To enter setup, use the setup command as shown in the following example: pixfirewall (config)# setup Step 4 Load the PDM image by following the steps in Table 3-1: Press Enter to accept the default values. Note Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 39 Enter n to edit the values, or enter y to save the information to the PIX Firewall Flash memory. Use this configuration and write to flash? y Or, enter at the prompt to save the information to the PIX Firewall Flash memory. Click Save to save your settings. Step 6 Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 40 Chapter 3 Installing PDM Loading the PDM Image Step 7 Click Exit. Step 8 Click Yes to exit HyperTerminal. Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 41 Accept the security certificate. (You must accept the certificate to use PDM.) Step 2 To avoid the certificate from appearing in Windows Internet Explorer when the certificate dialog (titled “Security Alert”) is shown, perform the following steps: Click View Certificate. Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 42: Configuring Pdm

    Enter your password. If no password has been set, choose and enter one at this time. Click OK to Step 3 continue. Answer ‘Yes’ to the Security Warning asking “Do you want to install and run ‘Cisco PIX Device Step 4 Manager’”? If you do not want this question to be asked next time you load PDM, check the box with the label ‘Always trust content from Cisco Systems.’...

  • Page 43: Pdm Home Page

    Host Name, PIX Version, Device Type, License, PDM Version, Total Memory, and Total Flash. Licensed Features—This area displays the Encryption features your PIX Firewall is licensed to use. Failover Max Interfaces Inside Hosts IKE Peers Max Physical Interfaces Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 44: Using The Pdm Startup Wizard

    Back to go back to the previous prompts. For assistance with deciding what to enter into the Startup Wizard dialog boxes, click Help. Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 45: Vpn Wizard

    IPSec peer with which you need to establish secure connectivity. To set up your PIX Firewall as a remote access client in relation to another PIX Firewall or Cisco VPN Concentrator, select the Startup Wizard from the Wizards menu.

  • Page 46: Select Interface

    Additionally, comments (such as these) may be inserted on individual lines or following the machine name denoted by a '#' symbol. For example: 102.54.94.97 rhino.example.com # source server 38.25.63.10 x.example.com # x client host Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 47: Tips And Troubleshooting

    LAN, your computer should be configured with a route to the PIX Firewall. To set the default gateway IP address, refer to the Cisco PIX Firewall and VPN Configuration Guide. If you cannot access the PIX Firewall through PDM, follow these steps:...

  • Page 48: Tips On Using Pdm

    When prompted, you can choose not to accept these commands, but without the network topology information, PDM can only monitor your PIX Firewall. Consequently, not accepting these commands limits your access in PDM to the Monitoring tab. Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 49: Troubleshooting

    For information on PDM caveats, refer to the “Caveats” section of the Cisco PIX Device Manager Release Notes Version 3.0. Troubleshooting For information on PDM caveats, refer to the caveats section of the Cisco PIX Device Manager Release Notes Version 3.0. Table 5-1 contains basic PDM troubleshooting scenarios.
  • Page 50 Start PDM. Click Grant to launch PDM. This can happen on Windows, Sun Solaris, or Linux and is a problem in the Netscape Java Virtual Machine (JVM). Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 51 PDM Users panel on the Monitoring tab. If you know the IP address of the idle connection, select the row, and click Disconnect. Another administrator can now access PDM. Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 52 The use of certain PIX Firewall CLI For more information on these commands tab in PDM. commands, and certain command and command combinations, see the Cisco combinations, limit access in PDM to PIX Device Manager Release Notes the Monitoring tab.

  • Page 53: Using A Tftp Server

    TFTP servers. As a historical note, the Cisco TFTP server was released to customers in 1995 and at a time when no other freely available TFTP servers existed. Today, there are many TFTP servers available that can be easily found by searching for “tftp server”...

  • Page 54: Enabling Unix Tftp Support

    If you are running Linux with “xinetd,” Edit the /etc/xinetd.d/tftp file as follows: Change the line “disable = yes” to “disable = no.” Change the line “user = nobody” to “user = root.” Cisco PIX Device Manager Installation Guide 78-15483-01...

  • Page 55: Tftp Download Error Codes A

    TFTP server to access the file. In UNIX, the file needs to be world readable. A TFTP packet was received out of sequence. Error codes 9 and 10 cause the download to stop. Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 56 Appendix A Using a TFTP Server TFTP Download Error Codes Cisco PIX Device Manager Installation Guide 78-15483-01...
  • Page 57 TFTP server 2 - 4 activation key workstation 2 - 3, A - 1 2 - 4 Cisco Secure Policy Manager (Cisco Secure PM) JDK version 1 - 4 1 - 7 configuration file size 5 - 2...
  • Page 58 2 - 2, A - 1 Sun Solaris A - 2 UNIX A - 2 using A - 1 Windows 2 - 4 troubleshooting accessing PDM 5 - 4, 5 - 5 common symptoms 5 - 3 Cisco PIX Device Manager Installation Guide IN-2 78-15483-01...

This manual is also suitable for:

Pix device manager 3.0

Table of Contents