Page 1 Contact Name Job Title Mailing Address City State/Province ZIP/Postal Code Country Phone ( Extension Fax ( E-mail Can we contact you further concerning our documentation? You can also send us your comments by e-mail to bug-doc@cisco.com, or by fax to 408-527-8089.
Page 2 P E R M I T N O . 4 6 3 1 S A N J O S E C A POSTAGE WILL BE PAID BY ADDRESSEE ATTN DOCUMENT RESOURCE CONNECTION CISCO SYSTEMS INC 170 WEST TASMAN DRIVE SAN JOSE CA 95134-9883...
Page 3 Cisco PIX Firewall Hardware Installation Guide Version 6.3 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7813880= Text Part Number: 78-15170-01...
Page 4 You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures: •...
Page 5: Table Of Contents
Configuring Equipment Racks PIX 501 C H A P T E R PIX 501 Product Overview Installing the PIX 501 Connecting a Power Supply Module to the PIX 501 PIX 501 Cable Lock Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 6 PIX 520 Feature Licenses Installing Failover Installing LAN-Based Failover Removing and Replacing the PIX 520 Chassis Cover 5-10 Removing the Chassis Cover 5-10 Replacing the Chassis Cover 5-11 Replacing a Lithium Battery 5-12 Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 7 PIX 535 Network Interface Description Installing the PIX 535 Before Installing the PIX 535 Mounting the PIX 535 PIX 535 Network Interface Installation PIX 535 Feature Licenses PIX Firewall VPN Accelerator Card PIX Firewall VPN Accelerator Card+ Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 8 Installing the PIX 535 DC Model 7-20 Cable Pinouts A P P E N D I X 10BaseT and 100BaseTX Connectors Console Port (RJ-45) RJ-45 to DB-9 or DB-25 Serial Cable Failover Cable Pinouts N D E X Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 9: About This Guide
Obtaining Technical Assistance, page xii Obtaining Additional Publications and Information, page xiii • Document Objectives This guide describes how to install the Cisco PIX Firewall hardware components. Audience This guide is for network administrators who perform any of the following tasks: Managing network security •...
Page 10 Selecting a menu item (or screen) is indicated by the following convention: • Click Start>Settings>Control Panel. Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Cisco PIX Firewall Hardware Installation Guide viii 78-15170-01...
Page 11 La traduzione delle avvertenze riportate in questa pubblicazione si trova nel documento Regulatory Compliance and Safety Information (Conformità alle norme e informazioni sulla sicurezza) che accompagna questo dispositivo. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 12 Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems. Cisco.com You can access the most current Cisco documentation on the World Wide Web at this URL: http://www.cisco.com/univercd/home/home.htm You can access the Cisco website at this URL: http://www.cisco.com...
Page 13: Documentation Feedback
Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387). Documentation Feedback You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page. You can e-mail your comments to bug-doc@cisco.com.
Page 14 No workaround is available. Cisco TAC Website You can use the Cisco TAC website to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC website, go to this URL: http://www.cisco.com/tac...
Page 15 Cisco TAC website. Some services on the Cisco TAC website require a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register: http://tools.cisco.com/RPF/register/register.do...
Page 16 Obtaining Additional Publications and Information • Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in the design, development, and operation of public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html...
Page 17: Installation Overview
This chapter describes how to install and add PIX Firewall hardware upgrades that accompany the unit. The information in this guide applies to the PIX 501, PIX 506E, PIX 515/515E, PIX 520, PIX 525, and PIX 535. In this guide, the term “PIX Firewall” refers to all models unless specifically noted otherwise.
Page 18: Chapter 1 Preparing For Installation
If you need to open the PIX Firewall case to install a hardware component such as additional memory or an interface card, doing so does not affect your Cisco warranty. Upgrading the PIX Firewall does not require any special tools and does not create any radio frequency leaks.
Page 19: Preventing Electrostatic Discharge Damage
• Install the PIX Firewall in compliance with local and national electrical codes as listed in the Regulatory Compliance and Safety Information for the Cisco PIX Firewall document. • PIX Firewall models equipped with AC-input power supplies are shipped with a 3-wire electrical cord with a grounding-type plug that fits only a grounding-type power outlet.
Page 20: General Site Requirements
Site Environment The PIX Firewall can be placed on a desktop. Except for the PIX 501 and the PIX 506E, all other PIX Firewall models can be mounted in a rack. The location of the PIX Firewall and the layout of your equipment rack or wiring room are extremely important for proper system operation.
Page 21: Configuring Equipment Racks
Baffles can help to isolate exhaust air from intake air, which also helps to draw cooling air through the chassis. The best placement of the baffles depends on the airflow patterns in the rack. Experiment with different arrangements to position the baffles effectively. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 22 Chapter 1 Preparing for Installation General Site Requirements Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 23: Pix 501 Product Overview
This section describes the PIX 501 front and rear panels and the panel LEDs. Note The PIX 501 chassis cover should not be removed as it does not contain user-serviceable components. Figure 2-1 shows the front view of the PIX 501.
Page 24 Figure 2-3 PIX 501 Front Panel LEDs POWER LINK/ACT VPN TUNNEL 100 MBPS Table 2-1 lists the state of the PIX 501 front panel LEDs. Table 2-1 PIX 501 Front Panel LEDs State Description POWER Green The device is powered on.
Page 25: Installing The Pix 501
Connecting a Power Supply Module to the PIX 501 This section describes how to connect the power supply module to a PIX 501. Use this information in conjunction with the appropriate version of the Regulatory Compliance and Safety Information for the Cisco PIX Firewall document.
Page 26: Pix 501 Cable Lock
PIX 501 Connecting a Power Supply Module to the PIX 501 PIX 501 Cable Lock The PIX 501 includes a slot that accepts standard desktop cable locks to provide physical security for small portable equipment, such as laptop computers. (See Figure 2-5.)
Page 27: Pix 506E
The PIX 506/506E chassis cover should not be removed as it does not contain user-serviceable Note components. Figure 3-1 shows the front view of the PIX 506. Figure 3-1 PIX 506 Front Panel Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 28 ETHER NET 0 CONS OLE Figure 3-4 shows the rear view of the PIX 506/506E . Figure 3-4 PIX 506/506E Rear Panel POWER INPUT LINK LINK ETHER NET 1 ETHER NET 0 CONS OLE Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 29 Figure 3-6 PIX 506 Rear Panel LEDs ACT(ivity) ACT(ivity) LINK LINK Power switch POWE R INPUT LINK LINK ETHE RNET 1 ETHE RNET 0 CON SOLE 10BaseT 10BaseT (RJ-45) (RJ-45) port Console port (RJ-45) Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 30 PIX 506 Serial Console Cable POWE R INPUT LINK LINK ETHE RNET 1 ETHE RNET 0 CON SOLE Computer serial port Console DB-9 or DB-25 port (RJ-45) RJ-45 to DB-9 or DB-25 serial cable (null-modem) Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 31: Connecting A Power Supply Module To The Pix 506E
Regulatory Compliance and Safety Information for the Cisco PIX Firewall document, that shipped with your unit. The PIX 506/506E uses an external AC to DC power supply. Power is supplied to the PIX 506/506E by connecting the power supply to the back of the PIX 506/506E and connecting a separate AC power cord to the power supply.
Page 32 PIX 506 and Figure 3-9 for the PIX 506E . Step 3 When you are ready to start the PIX 506/506E, power on the unit from the switch at the rear of the unit. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 33: Pix 515/515E Product Overview
PIX 515/515E Product Overview This section describes the PIX 515/515E front and rear panels and the panel LEDs. Figure 4-1 shows the front view of the PIX 515/515E. Figure 4-1 PIX 515/515E Front Panel Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 34: Chapter 4 Pix 515/515E
Off when the unit is in standby mode. If failover is not enabled, this light is off. NETWORK On when at least one network interface is passing traffic. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 35: Installing The Pix 515/515E
Surface Mounting the PIX 515/515E, page 4-4 • Rack Mounting the PIX 515/515E, page 4-4 • Vertical Mounting the PIX 515/515E, page 4-5 • • Installing a Circuit Board in the PIX 515/515E, page 4-17 Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 36: Surface Mounting The Pix 515/515E
Attach the bracket to the unit using the supplied screws. You can attach the brackets to the holes near the front of the unit. Step 2 Attach the unit to the equipment rack. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 37: Vertical Mounting The Pix 515/515E
RJ-45 connectors, and one DB-9 connector and a DB-25 connector. Connect the RJ-45 connector to the PIX 515/515E Console port and connect the other end to the serial Step 2 port connector on your computer. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 38 Ethernet 2, Ethernet 3, Ethernet 4, and Ethernet 5. The maximum number of allowed interfaces is 6. Note Do not add a single-port circuit board in the extra slot below the four-port circuit board. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 39: Pix 515/515E Feature Licenses
If, for any reason, you may choose to downgrade to any software version, note that you must use the clear flashfs command before doing so. A new section is added to Flash memory that must be cleared before downgrading. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 40: Pix Firewall Vpn Accelerator Card
• PIX Firewall VPN Accelerator Card The VPN Accelerator Card (VAC) for the Cisco PIX Firewall series is a card that provides high-performance, tunneling and encryption services suitable for site-to-site and remote access applications. The VAC is integrated with PIX 515 unrestricted (UR) and failover (FO) bundles. You can also purchase the VAC as a spare for use with PIX 515 units that have a restricted (R) license.
Page 41: Installing Failover
Connect the Secondary end of the failover cable to the standby unit. Step 4 Connect a power cord to the power connector on the rear panel of each unit, and the other end of each Step 5 power cord to (preferably separate) power outlets. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 42 Use the power switch at the back of the units to power on the primary unit and then power on the standby unit. Within a few seconds, the active unit automatically downloads its configuration to the standby unit. If the primary unit fails, the secondary unit automatically becomes active. Cisco PIX Firewall Hardware Installation Guide 4-10 78-15170-01...
Page 43: Installing Lan-Based Failover
Configure the PIX Firewall units. For information on configuring the PIX Firewall, refer to “Configuring Step 2 LAN-Based Failover,” section in Chapter 10 “Using PIX Firewall Failover” in the Cisco PIX Firewall and VPN Configuration Guide. Step 3 Power off both the units.
Page 44: Removing And Replacing The Pix 515/515E Chassis Cover
Complete the following to remove the chassis cover: Note Removing the PIX Firewall case does not affect your Cisco warranty. Upgrading the PIX Firewall does not require any special tools and does not create any radio frequency leaks. Read the Regulatory Compliance and Safety Information for the Cisco PIX Firewall document.
Page 45: Replacing The Chassis Cover
Fasten the top panel with the screws you set aside earlier. Step 5 Reinstall the chassis on a rack, wall, desktop, or table. Step 6 Cisco PIX Firewall Hardware Installation Guide 4-13 78-15170-01...
Page 46: Replacing A Lithium Battery
The PIX Firewall has a lithium battery on its main circuit board. This battery has an operating life of about 10 years. When the battery loses its charge, the PIX Firewall cannot function. The lithium battery is not a field replacable unit (FRU). Contact Cisco TAC to replace the battery. Do not attempt to replace this battery yourself.
Page 47: Memory Installation Steps
Do not install a 64 MB DIMM in the PIX 515. You will not be able to properly replace the top Note panel because of the height of a 64 MB DIMM. Operating the PIX Firewall chassis without a top panel installed may cause damage to the unit. Cisco PIX Firewall Hardware Installation Guide 4-15 78-15170-01...
Page 48 You cannot install a 64 MB DIMM in the PIX 515 due to height restraints. You will not be able Note to properly replace the top panel if you use a 64 MB DIMM. Operating the PIX Firewall chassis without a top panel may cause damage to the unit. Cisco PIX Firewall Hardware Installation Guide 4-16 78-15170-01...
Page 49: Installing A Circuit Board In The Pix 515/515E
Locate the grounding strap from the accessory kit. Fasten the grounding strap to your wrist so that it Step 1 contacts your bare skin. Attach the other end to bare metal inside the PIX 515/515E chassis as shown in Figure 4-20. Cisco PIX Firewall Hardware Installation Guide 4-17 78-15170-01...
Page 50 When you insert a four-port Ethernet circuit board in the slot, the end of the circuit board’s Note connector extends past the end of the slot. This does not affect the use or operation of the circuit board. Cisco PIX Firewall Hardware Installation Guide 4-18 78-15170-01...
Page 51 Attach the screw to hold the circuit board’s connecting flange to the cover plate, and install the screws Step 5 to attach the cover plate to the PIX 515/515E unit. Reattach the top panel. Step 6 Figure 4-23 4-Port Circuit Board Overlap Overlap Cisco PIX Firewall Hardware Installation Guide 4-19 78-15170-01...
Page 52: Pix Firewall Vpn Accelerator Circuit Board
Complete the following to install the PIX 515/515E DC power model: Step 1 Read the Regulatory Compliance and Safety Information for the Cisco PIX Firewall document. Step 2 Terminate the DC input wiring on a DC source capable of supplying at least 15 amps. A 15-amp circuit breaker is required at the 48 VDC facility power source.
Page 53 Power on the unit from the switch at the rear of the unit. Step 10 Note If you need to power cycle the DC PIX 515/515E, wait at least 5 seconds between powering off the unit and powering it back on. Cisco PIX Firewall Hardware Installation Guide 4-21 78-15170-01...
Page 54 Chapter 4 PIX 515/515E Installing the PIX 515/515E DC Model Cisco PIX Firewall Hardware Installation Guide 4-22 78-15170-01...
Page 55: Chapter 5 Pix
This section describes the PIX 520 front and rear panels and the panel LEDs. Figure 5-1 shows the front view of the PIX 520. Figure 5-1 PIX 520 Front Panel PIX Fir ew all RESET SERI ES Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 56 With the four-port Ethernet circuit board, having a circuit board in slot 3 makes the number of interfaces greater than six; while the circuit board in slot 3 cannot be accessed, its presence does not cause problems with the PIX Firewall. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 57 Figure 5-5 Single-Port Ethernet Circuit Board Installed in Slot 0 and 1 and Four-Port Ethernet Circuit Board Installed in Slot 2 Interface 2 Interface 3 Interface 4 Interface 5 Interface 0 Interface 1 Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 58: Installing The Pix 520
(if rackmounting holes is desired) Right side Connect network cables to each of the PIX Firewall’s network interfaces. On the PIX 520, connect the Step 2 cables at the front of the unit. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 59 If you are installing an AC voltage PIX Firewall, connect the PIX Firewall unit’s power cord to the power Step 5 connector on the rear panel of the unit, and to a power outlet. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 60: Pix 520 Feature Licenses
Upgrade”. Step 7 If you are ready to start configuring the PIX Firewall, power on the unit. Refer to the Cisco PIX Firewall and VPN Configuration Guide for configuration information. Always check the release notes first before configuring the PIX Firewall for the latest release details.
Page 61: Installing Failover
All enabled interfaces must be connected between the active and standby units. Only configure Note the active unit. On the PIX 520, you can access the console and determine which unit is active with the show failover command. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 62: Installing Lan-Based Failover
Configure the PIX Firewall units. For information on configuring the PIX Firewall, refer to “ Configuring the LAN-Based Failover,” section in Chapter 10 “Using PIX Firewall Failover” in the Cisco PIX Firewall and VPN Configuration Guide. Step 3 Power off both the units.
Page 63 Power the primary unit on first, then power on the secondary unit. Within a few seconds, the active unit Step 6 automatically downloads its configuration to the standby unit. If the primary unit fails, the secondary unit automatically becomes active. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 64: Removing And Replacing The Pix 520 Chassis Cover
Removing the Chassis Cover Complete these steps to remove the chassis cover: Removing the PIX Firewall case does not affect your Cisco warranty. Upgrading the PIX Firewall does Note not require any special tools and does not create any radio frequency leaks.
Page 65: Replacing The Chassis Cover
Replace the top panel, as shown in Figure 5-13. Step 2 Secure the three screws. Step 3 Reinstall all interface cables. Figure 5-13 Replacing the Top Panel PIX Fir ew all RESET SERI ES Cisco PIX Firewall Hardware Installation Guide 5-11 78-15170-01...
Page 66: Replacing A Lithium Battery
The PIX Firewall has a lithium battery on its main circuit board. This battery has an operating life of about 10 years. When the battery loses its charge, the PIX Firewall cannot function. The lithium battery is not a field replacable unit (FRU). Contact Cisco TAC to replace the battery. Note Do not attempt to replace this battery yourself.
Page 67: Memory Installation Steps
When installing the memory strip in the PIX 520, install the new strip in Bank 0 as shown in Figure 5-15 Figure 5-16, by opening the two plastic wing connectors, inserting the strip, and closing the wing connectors. Cisco PIX Firewall Hardware Installation Guide 5-13 78-15170-01...
Page 68 Reattach the screws. If desired, rack mount the PIX Firewall and attach all cables and cords as discussed in previous sections. After the PIX Firewall is installed, you can view the amount of RAM memory in the system startup messages or with the show version command. Cisco PIX Firewall Hardware Installation Guide 5-14 78-15170-01...
Page 69: Installing A Circuit Board In The Pix 520
PI X Fir ew all RESET POWE R SERI ES Insert the new circuit board, as shown in Figure 5-18, and secure it using the screw provided with the Step 2 circuit board. Cisco PIX Firewall Hardware Installation Guide 5-15 78-15170-01...
Page 70 If you are installing a 4-port circuit board, note that the circuit board will overlap the slot connector on Step 4 the motherboard. This does not affect the use or operation of the circuit board. Figure 5-20 illustrates how this appears. Cisco PIX Firewall Hardware Installation Guide 5-16 78-15170-01...
Page 71 Chapter 5 PIX 520 Installing a Circuit Board in the PIX 520 Figure 5-20 4-Port Circuit Board Overlap Overlap Cisco PIX Firewall Hardware Installation Guide 5-17 78-15170-01...
Page 72: Pix Firewall 16 Mb Flash Circuit Board
Record the new serial number from the 16 MB Flash circuit board. After installation, the serial number of the PIX Firewall will be the serial number supplied with the 16 MB Flash circuit board. Cisco PIX Firewall Hardware Installation Guide 5-18 78-15170-01...
Page 73: Pix Firewall Vpn Accelerator Circuit Board
The PIX Firewall IPSec accelerator was also known as the Private Link card. An illustration of the VPN Accelerator is shown in Figure 5-22. Figure 5-22 PIX Firewall VPN Accelerator Circuit Board Cisco PIX Firewall Hardware Installation Guide 5-19 78-15170-01...
Page 74: Gigabit Ethernet Circuit Board
Figure 5-23 Gigabit Ethernet Circuit Board LIN K The Gigabit Ethernet circuit board has three LEDs: TX—Transmitting data • RX—Receiving data • LINK—The Gigabit Ethernet circuit board has established a network connection • Cisco PIX Firewall Hardware Installation Guide 5-20 78-15170-01...
Page 75: Installing The Pix 520 Dc Model
Complete these steps to install the PIX 520 DC power model: Step 1 Read the Regulatory Compliance and Safety Information for the Cisco PIX Firewall document. Step 2 Terminate the DC input wiring on a DC source capable of supplying at least 15 amps. A 15-amp circuit breaker is required at the 48 VDC facility power source.
Page 76 Power on the unit from the switch at the rear of the unit. If you need to power cycle the DC PIX Firewall, wait at least 5 seconds between powering off the unit Note and powering it back on. Cisco PIX Firewall Hardware Installation Guide 5-22 78-15170-01...
Page 77: Chapter 6 Pix
Figure 6-1 show the front view of the PIX 525. Figure 6-1 PIX 525 Front Panel CISC O SECU RITY PIX SERIES F I R E W A L L POWE R ACTIV E Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 78 There are three LEDs for the each RJ-45 interface port and three types of fixed interface connectors on the back of the PIX 525. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 79: Installing The Pix 525
Attach the brackets to the holes near the front of the unit on each side of the PIX 525 using the supplied screws. Attach the unit to the equipment rack. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 80 “Installing a Memory Upgrade” for more information. It is not necessary to remove the chassis cover of the PIX 525 to access the circuit boards or Note memory. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 81: Pix 525 Feature Licenses
For information on upgrading feature licenses or downloading the latest software versions, go to the following website: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/upgrade.htm This section includes the following topics: PIX Firewall VPN Accelerator Card, page 6-6 • • PIX Firewall VPN Accelerator Card+, page 6-6 Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 82: Pix Firewall Vpn Accelerator Card
Installing Failover PIX Firewall VPN Accelerator Card The VPN Accelerator Card (VAC) for the Cisco PIX Firewall series is a card that provides high-performance, tunneling and encryption services suitable for site-to-site and remote access applications. The VAC is integrated with PIX 525 unrestricted (UR) and failover (FO) bundles. You can also purchase the VAC as a spare for use with PIX 525 units that have a restricted (R) license.
Page 83 Power on the primary unit first, then power on the secondary unit. Within a few seconds, the active unit Step 7 automatically downloads its configuration to the standby unit. If the primary unit fails, the secondary unit automatically becomes active. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 84: Installing Lan-Based Failover
Configure the PIX Firewall units. For information on configuring the PIX Firewall, refer to “ Configuring Step 2 the LAN-Based Failover,” section in Chapter 10 “Using PIX Firewall Failover” in the Cisco PIX Firewall and VPN Configuration Guide. Step 3 Power off both the units.
Page 85: Removing And Replacing The Pix 525 Chassis Cover
Removing the Chassis Cover This section describes how to remove the PIX 525 chassis cover. Removing the PIX Firewall case does not affect your Cisco warranty. Upgrading the PIX Firewall does Note not require any special tools and does not create any radio frequency leak.
Page 86 6-9.) Figure 6-9 Removing the Chassis Cover Chassis cover T IV C I S S E C I T Y P I X 5 2 5 R IE Chassis bottom Front panel Cisco PIX Firewall Hardware Installation Guide 6-10 78-15170-01...
Page 87: Replacing The Chassis Cover
P I X 5 2 5 R IE Chassis bottom Front panel Step 6 Connect the power to the site power and power on the PIX 525. The internal power supply fan should go Cisco PIX Firewall Hardware Installation Guide 6-11 78-15170-01...
Page 88: Replacing A Lithium Battery
The PIX Firewall has a lithium battery on its main circuit board. This battery has an operating life of about 10 years. When the battery loses its charge, the PIX Firewall cannot function. The lithium battery is not a field replacable unit (FRU). Contact Cisco TAC to replace the battery. Note Do not attempt to replace this battery yourself.
Page 89 When installing the memory strip in a PIX 525, install the new strip in Bank 0 as shown in • Figure 6-12 Figure 6-13, by opening the two plastic wing connectors, inserting the strip, and closing the wing connectors. Cisco PIX Firewall Hardware Installation Guide 6-13 78-15170-01...
Page 90: Installing A Circuit Board In The Pix 525
PIX 525. This section includes the following topics: • PIX Firewall VPN Accelerator Circuit Board, page 6-17 • Gigabit Ethernet Circuit Board, page 6-18 Cisco PIX Firewall Hardware Installation Guide 6-14 78-15170-01...
Page 91 Remove the screw and cover plate from the circuit board slot. Step 3 Figure 6-15 as a guide to install a circuit board into a PCI slot on the component tray. Step 4 Cisco PIX Firewall Hardware Installation Guide 6-15 78-15170-01...
Page 92 PCI slots on the component tray. Figure 6-16 Expansion Boards in PCI Slots on the PIX 525 Component Tray Reinstall the component tray into the PIX 525 chassis. Step 7 Cisco PIX Firewall Hardware Installation Guide 6-16 78-15170-01...
Page 93: Pix Firewall Vpn Accelerator Circuit Board
The new VPN Accelerator cannot be used with the former PIX Firewall IPSec accelerator in the same Note chassis. The PIX Firewall IPSec accelerator was also known as the Private Link card. An illustration of the VPN Accelerator is shown in Figure 6-18. Cisco PIX Firewall Hardware Installation Guide 6-17 78-15170-01...
Page 94: Gigabit Ethernet Circuit Board
1000SXfull—Forces full-duplex operation • 1000BaseSX—Forces half-duplex operation • 1000auto—Auto negotiates full or half duplex • Note We highly recommend that you use a GE failover link when connecting the PIX 525 with GE interfaces. Cisco PIX Firewall Hardware Installation Guide 6-18 78-15170-01...
Page 95: Installing A Dc Power Supply
Reinstall the three screws that secure the power supply on the back panel of the chassis. Step 2 Cisco PIX Firewall Hardware Installation Guide 6-19 78-15170-01...
Page 96 The connectors to these two fans will fit into the space between the second and third fans. Step 5 Reconnect the power connector. Cisco PIX Firewall Hardware Installation Guide 6-20 78-15170-01...
Page 97 6-21, making sure that the fan cable feeds to your left. Position the cables to the two installed fans so that they will fit over the first and second fans. Press the fan into place between the four sheet metal tabs. Cisco PIX Firewall Hardware Installation Guide 6-21 78-15170-01...
Page 98 PIX 525 Installing a DC Power Supply Step 7 Reconnect the two-pin fan cables to the remaining fan, as shown in Figure 6-22. Figure 6-22 Reconnecting the Fan Cables Fan connector Front panel Cisco PIX Firewall Hardware Installation Guide 6-22 78-15170-01...
Page 99 Starting with the fan farthest away from the power supply, bend the cable clamps over wires and into the gap between chassis and fan housing. Figure 6-23 Correct Fan Cable Routing Sheet metal tabs Base tabs Front panel Cisco PIX Firewall Hardware Installation Guide 6-23 78-15170-01...
Page 100: Rerouting The Fan Wiring
9. The two longer cables go to the two remaining fans you will remove in Step 10 Step 11. The remaining cable goes to the power connector on the backplane. These cables are color-coded. Cisco PIX Firewall Hardware Installation Guide 6-24 78-15170-01...
Page 101 Do not attempt to remove the fan cables without first depressing the tab as shown in Figure 6-27. You can damage the fan cables by applying stress if the connector is not removed properly. Cisco PIX Firewall Hardware Installation Guide 6-25 78-15170-01...
Page 102 Make sure that the label on the fan faces the chassis wall to ensure proper airflow direction. Step 8 Install cable clamps onto the fans by aligning cable clamp holes over fan mounting holes and pressing rivets through both. (See Figure 6-28.) Cisco PIX Firewall Hardware Installation Guide 6-26 78-15170-01...
Page 103 PIX 525 to connect a copper standard barrel grounding lug to the studs. The PIX 525 requires a lug where the distance between the center of each hole is 0.56 inches. A lug is not supplied with the PIX 525. Cisco PIX Firewall Hardware Installation Guide 6-27...
Page 104 Using the same method as for the ground wire, connect the negative wire and then the positive wire. Figure 6-30 Attaching DC Power Cables – Cisco PIX Firewall Hardware Installation Guide 6-28 78-15170-01...
Page 105 Power on the unit from the switch at the rear of the unit. Step 20 If you need to power cycle the DC PIX Firewall, wait at least 5 seconds between powering off the unit and powering it back on. Cisco PIX Firewall Hardware Installation Guide 6-29 78-15170-01...
Page 106 Chapter 6 PIX 525 Installing a DC Power Supply Cisco PIX Firewall Hardware Installation Guide 6-30 78-15170-01...
Page 107: Chapter 7 Pix
If you need to remove the PIX 535 top chassis cover for any reason, use the related information in “Removing and Replacing the PIX 515/515E Chassis Cover” as a guideline. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 108 PIX 535 front panel LEDs. Figure 7-3 PIX 535 Front Panel LEDs PO W ER AC TIV E CISC O SECU RITY PIX SERIES F I R E W A L L POWE R ACTIV E Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 109 Shows that data is passing through that interface. Shows that the connection uses full-duplex data exchange where data can be transmitted and received simultaneously. If this light is off, half duplex is in effect. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 110: Pix 535 Network Interface Description
Gigabit Ethernet combinations. Table 7-3 Relative Throughput of Gigabit Ehternet Combinations Gigabit Ethernet Card Bus Type Shared with 33 MHz Device Speed PIX-1GE-66 64/66 100% PIX-1GE-66 64/66 PIX-1GE-66 32/33 Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 111: Installing The Pix 535
Connect the cable so that you have either a DB-9 or DB-25 connector on one end as required by the serial Step 1 port for your computer, and the other end is the RJ-45 connector. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 112: Pix 535 Feature Licenses
For information on upgrading feature licenses or downloading the latest software versions, go to the following website: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/upgrade.htm This section includes the following topics: PIX Firewall VPN Accelerator Card, page 7-7 PIX Firewall VPN Accelerator Card+, page 7-7 Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 113: Pix Firewall Vpn Accelerator Card
Installing Failover PIX Firewall VPN Accelerator Card The VPN Accelerator Card (VAC) for the Cisco PIX Firewall series is a card that provides high-performance, tunneling and encryption services suitable for site-to-site and remote access applications. The VAC is integrated with PIX 535 unrestricted (UR) and failover (FO) bundles. You can also purchase the VAC as a spare for use with PIX 535 units that have a restricted (R) license.
Page 114 All enabled interfaces must be connected between the active and standby units. Only configure Note the active unit. On the PIX 535, the active unit is indicated by the ACT LED on the front of the unit. Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 115 Configure the PIX Firewall units. For information on configuring the PIX Firewall, refer to “ Configuring Step 2 the LAN-Based Failover,” section in Chapter 10 “Using PIX Firewall Failover” in the Cisco PIX Firewall and VPN Configuration Guide. Step 3 Power off both the units.
Page 116 The PIX Firewall has a lithium battery on its main circuit board. This battery has an operating life of about 10 years. When the battery loses its charge, the PIX Firewall cannot function. The lithium battery is not a field replacable unit (FRU). Contact Cisco TAC to replace the battery. Note Do not attempt to replace this battery yourself.
Page 117: Memory Installation Steps
Make sure that memory from the same vendor is placed together in the same bank (J40 & J43 - Bank 0) or (J41 & J44 - Bank 1). Figure 7-7 System Memory Location on the PIX 535 Component Tray Cisco PIX Firewall Hardware Installation Guide 7-11 78-15170-01...
Page 118 PIX Firewall and attach all cables and cords as discussed in previous sections. After the PIX Firewall is installed, you can view the amount of RAM memory in the system startup messages or with the show version command. Cisco PIX Firewall Hardware Installation Guide 7-12 78-15170-01...
Page 119: Installing A Circuit Board In The Pix 535
2 GE + 6 FE 4 GE + 4 FE + 1 VPN Accelerator 2 GE + 6 FE + 1 VPN Accelerator 4 GE + 2 FE + 1 4-port FE Cisco PIX Firewall Hardware Installation Guide 7-13 78-15170-01...
Page 120 2 4-port FE + 2 FE 2 4-port FE + 2 FE + 1 VPN Accelerator 1 4-port FE card + 6 FE 1 4-port FE card + 6 FE + 1 VPN Accelerator Cisco PIX Firewall Hardware Installation Guide 7-14 78-15170-01...
Page 121: Circuit Board Slot Description
64-bit/66 MHz bus (Bus 0 or Bus 1). The overall speed of the bus will be reduced by the lower speed circuit board. • The VPN Accelerator circuit board should only be installed in the 32-bit/33 MHz Bus. Cisco PIX Firewall Hardware Installation Guide 7-15 78-15170-01...
Page 122: Installing A Circuit Board
Use the screw that was removed in Step 3 to attach the circuit board front plate to the component tray Step 5 rear panel. Reinstall the component tray and tighten the attachment screws. Step 6 Cisco PIX Firewall Hardware Installation Guide 7-16 78-15170-01...
Page 123: Pix Firewall 16 Mb Flash Circuit Board
Along with upgrading your Flash memory to 16 MB, the PIX Firewall 16 MB Flash circuit board includes pre-installed PIX Firewall software and a UR (unrestricted) 56-bit DES encryption license. The 16 MB Flash circuit board installs into the PIX Firewall ISA slot. Cisco PIX Firewall Hardware Installation Guide 7-17 78-15170-01...
Page 124 After installation, the serial number of the PIX Firewall is the serial number supplied with the 16 MB Flash circuit board. Step 3 Create a backup of your present configuration (to use later to reconfigure your system). Obtain a new Activation key (if using 3DES). Step 4 Cisco PIX Firewall Hardware Installation Guide 7-18 78-15170-01...
Page 125: Pix Firewall Vpn Accelerator Circuit Board
PIX Firewall supports 1000 Mbps (Gigabit) Ethernet. The Gigabit Ethernet circuit board uses the gb-ethernet device name and only has one hardware speed and the following duplex options: 1000SXfull—Forces full-duplex operation • 1000BaseSX—Forces half-duplex operation • 1000auto—Auto negotiates full or half duplex • Cisco PIX Firewall Hardware Installation Guide 7-19 78-15170-01...
Page 126: Installing The Pix 535 Dc Model
Complete these steps to install the PIX 535 DC power model: Remove the blank cover plate, if a blank cover plate is installed on the PIX 535 unit. Step 1 Read the Regulatory Compliance and Safety Information for the Cisco PIX Firewall document for your Step 2 respective software version.
Page 127 Step 8 screw on the connector. Using the same method as for the ground wire, connect the negative wire and then the positive wire. Figure 7-17 Attaching DC power cables – Cisco PIX Firewall Hardware Installation Guide 7-21 78-15170-01...
Page 128 Note powering it back on. Your unit is now ready to configure. Refer to the Cisco PIX Firewall and VPN Configuration Guide for your respective software version for more information on how to configure the PIX Firewall. Cisco PIX Firewall Hardware Installation Guide...
Page 129: Cable Pinouts
(TD) and receive (RD) pairs internally crossed. Figure A-1 shows the 10BaseT and the 100BaseTX connector (RJ-45). Figure A-1 RJ-45 10BaseT and 100BaseTX Connector Table A-1 shows the connector pinout. Table A-1 10BaseT and 100BaseTX Connector (RJ-45) Pinouts Description Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 130: Console Port (Rj-45)
• Crossover • Rolled • Note Cisco does not provide these cables; they are widely available from other sources. Figure A-2 shows the RJ 45 cable. Figure A-2 RJ-45 Cable 8 7 6 5 4 3 2 1 RJ-45 connector...
Page 131 (see Table A-4). Table A-2 RJ-45 Straight-Through (Ethernet) Cable Pinouts Signal Pin Table A-3 RJ-45 Crossover (Ethernet) Cable Pinouts Signal Pin Table A-4 RJ-45 Rolled (Console) Cable Pinouts Signal Pin Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 132: Rj-45 To Db-9 Or Db-25 Serial Cable
Stateful Failover dedicated interface. Figure A-4 Stateful Failover Dedicated Interface Crossover Cable Pinouts Primary unit Secondary unit 3 TxD+ 3 TxD+ 6 TxD– 6 TxD– 1 RxD+ 1 RxD+ 2 RxD– 2 RxD– Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 133 11 —— Plug Driver 4 —————————————————— 6 ———————— Primary Select 12 —— —— 12 Secondary Select Ground 5 ————————————————————— 5 Loopback —— 6 ————————————————————— 4 Inside —— 11 Chassis —— 14 ———————————————————— 9 Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 134 Appendix A Cable Pinouts Failover Cable Pinouts Cisco PIX Firewall Hardware Installation Guide 78-15170-01...
Page 135 PIX 525 replacing chassis covers 6-24 amps removing required PIX 515 4-12 PIX 515 PIX 520 4-20 5-10 PIX 520 5-21 PIX 525 PIX 525 6-27 replacing PIX 535 PIX 515 7-21 4-13 Cisco PIX Firewall Hardware Installation Guide IN-1 78-15170-01...
Page 136 6-25 PIX 535 DIMM 4-16, 5-13 fans installing removing PIX 515 4-16 PIX 525 6-25 PIX 520 5-13 ventilation PIX 525 6-13 wiring DIMM strip 7-12 PIX 525 6-24 DIMM strips 6-13 Cisco PIX Firewall Hardware Installation Guide IN-2 78-15170-01...
Page 137 PIX 515 4-16 PIX 520 5-13 PIX 525 6-13 panel removing PIX 515 4-13 4-16 PIX 520 5-10 indicator lights PIX 525 see LEDs pinouts inside interfaces PIX 501 PIX 506E installing Cisco PIX Firewall Hardware Installation Guide IN-3 78-15170-01...
Page 138 6-14 installing failover connections safety memory locations/ installing DIMMs 6-13 security PIX 535 serial cables before installing PIX 515 connecting network interfaces PIX 520 installing DC-input power supplies 7-20 PIX 525 mounting Cisco PIX Firewall Hardware Installation Guide IN-4 78-15170-01...
Page 139 PIX 535 VDC power source requirements 6-27 ventilation fans VPN Accelerator circuit board PIX 515 4-20 PIX 520 5-19 PIX 525 6-17 PIX 535 7-19 VPN Accelerator Card(VAC) PIX 535 4-8, 6-6, 7-7 Cisco PIX Firewall Hardware Installation Guide IN-5 78-15170-01...
Page 140 Index Cisco PIX Firewall Hardware Installation Guide IN-6 78-15170-01...

This manual is also suitable for:

Pix 506e Pix 506 Pix 520 Pix 535 Pix 515 Pix 515e ... Show all

Cisco PIX 501 Hardware Installation Manual

About this Guide

Chapter 1 Preparing for Installation

Chapter 2 Pix 5012-1

Chapter 3 Pix 506E

Chapter 4 PIX 515/515E

Chapter 5 PIX

Chapter 6 PIX

Chapter 7 PIX

Cable Pinouts

APPENDIX A Cable Pinouts A-1

Quick Links

Related Manuals for Cisco PIX 501

Summary of Contents for Cisco PIX 501

This manual is also suitable for:

Table of Contents