|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Guest
|
 Posted: Sun Apr 16, 2006 1:02 pm Post subject: Newbie PIX questions |
 |
|
I recently bought my first Cisco product (not counting Linksys
products), a PIX 506e, off of eBay. My ASP did the initial
configuration, but I need to make some changes for my own purposes
while learning how to manage it. It would help me greatly if I could
get the following questions answered:
(1) The 506e came with PIX Version 6.3(3). If I'm not mistaken 6.3(5)
is the latest version (installing 7.0 on the 506e can be done but is
not recommended). I've heard I can find the bin files online for free.
Does anybody know where?
(2) Anybody know where I can find some good (and free) tutorials for
the 506e online?
(3) Are there any websites with decent forums regarding PIX firewalls
(someplace more Cisco-specific than posting here)? |
|
| Back to top |
|
 |
|
|
Tirenque
Guest
|
| Posted: Sun Apr 16, 2006 2:07 pm Post subject: Re: Newbie PIX questions |
|
|
You can download the images off of Ciscos website, but you will need a
Login so register with Cisco.
I just purchased an excelllent book called Cisco ASA and PIX Firewall
Handbook by David Hucaby that will answer EVERYTHING you will need to
get started. It is published by Cisco Press.
Later,
Tina |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted: Sun Apr 16, 2006 7:12 pm Post subject: Re: Newbie PIX questions |
|
|
In article <1145178122.354889.247700@g10g2000cwb.googlegroups.com>,
<voidxor@gmail.com> wrote:
| Quote: | (3) Are there any websites with decent forums regarding PIX firewalls
(someplace more Cisco-specific than posting here)?
|
This newsgroup, comp.dcom.sys.cisco, is specific to Cisco. Postings
not related to Cisco do show up, but that's because people post here
under the theory that people who know a lot about networking with
Cisco equipment probably know a lot about networking, and there
isn't really any generalized networking newsgroup ('ethernet' and
'tcp-ip' newsgroups, yes, but not generalized networking.)
There is a Cisco NSP (Network Service Provider) mailing list (available
via various websites too), but that's quite technical and aimed at high
end networkers; there are relatively few PIX messages there.
I would also add that if you are deep into one of the PIX's
ISAKMP Phase 2 error messages, you probably wouldn't want to be told,
"Only Cisco could come up with such an inscrutable message, but
the root cause is not Cisco-specific so we won't help you here!" |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted: Sun Apr 16, 2006 7:30 pm Post subject: Re: Newbie PIX questions |
|
|
In article <1145178122.354889.247700@g10g2000cwb.googlegroups.com>,
<voidxor@gmail.com> wrote:
| Quote: | (1) The 506e came with PIX Version 6.3(3). If I'm not mistaken 6.3(5)
is the latest version (installing 7.0 on the 506e can be done but is
not recommended).
|
I've never seen anyone say that installing 7.0 on the 506e was
even possible.
| Quote: | I've heard I can find the bin files online for free.
Does anybody know where?
|
You cannot get 6.3(5) -legally- for free. You can get 6.3(4) legally
for free: your authorized PIX vendor can supply 6.3(4) to you
as it is a security fix [whereas 6.3(5) is only bug fixes.]
Oh wait, you used eBay, so you probably didn't go through an authorized
PIX vendor. In that case unless you are in one of a small number
of countries (Germany, Denmark, possibly a couple of others), the PIX
software license did not transfer to you and you aren't entitled to
run even the 6.3(3) you already have, and there would be no way for
you to legally get any other PIX version for free. If you did not
happen to buy from one of the very few authorized vendors of used
Cisco equipment, you would need to "relicense" the software by paying
Cisco a fee; the Cisco part number is LL-PIX-506-3DES and the price
is on the order of $US200 - $US250.
If indeed you do not have what Cisco considers a valid PIX license,
you would need to relicense before Cisco would allow you to purchase
a support contract on the device. |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted: Sun Apr 16, 2006 7:49 pm Post subject: Re: Newbie PIX questions |
|
|
In article <1145178122.354889.247700@g10g2000cwb.googlegroups.com>,
<voidxor@gmail.com> wrote:
| Quote: | (2) Anybody know where I can find some good (and free) tutorials for
the 506e online?
|
The 506E has only one "feature" that is unique to it (and the 506):
namely that they are the only Cisco PIX models for which there is only
one software license. Early PIX (e.g., the Cisco PIX 10000) were
licensed by the number of connections; Cisco switched from that to
licensing by "Restricted" or "Unrestricted" license, with the
Unrestricted license able to do Failover (and a few other minor
differences.) The PIX 501 is licensed according to the number of
simultaneous internal hosts supported but does not have Restricted vs
Unrestricted. The 506/506E does not have Restricted vs Unrestricted
by also does not limit by the number of internal hosts (or the
number of connections.)
Other than that, the PIX 506/506E shares some features with the
501, and supports all the features found in the "Restricted"
versions of the other PIX 5xx models [running 6.x software],
with the exception of not supporting a floppy drive and not being
able to install a VPN accelerator card (or any expansion interface)
into it.
Thus, there are few tutorials for the PIX 506E, because there isn't
anything particularily different about it.
If you wanted a detailed list of differences between the 506E and
other models... the list is available, but I posted it to this
newsgroup, and as this newsgroup isn't Cisco-specific enough...
You might want to check out
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/index.htm |
|
| Back to top |
|
|
none
Guest
|
| Posted: Mon Apr 17, 2006 3:29 am Post subject: Re: Newbie PIX questions |
|
|
On Sun, 16 Apr 2006 15:30:17 +0000, Walter Roberson wrote:
| Quote: | If you did not
happen to buy from one of the very few authorized vendors of used
Cisco equipment, you would need to "relicense" the software by paying
Cisco a fee; the Cisco part number is LL-PIX-506-3DES and the price
is on the order of $US200 - $US250.
If indeed you do not have what Cisco considers a valid PIX license,
you would need to relicense before Cisco would allow you to purchase
a support contract on the device.
|
Is this new? - I bought a PIX 501 off of eBay a few years back and was
able to purchase a Smartnet for it from CDW with no problems.
None |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted: Mon Apr 17, 2006 4:04 am Post subject: Re: Newbie PIX questions |
|
|
In article <pan.2006.04.16.23.29.56.452704@none.com>,
none <none@none.com> wrote:
| Quote: | On Sun, 16 Apr 2006 15:30:17 +0000, Walter Roberson wrote:
If you did not
happen to buy from one of the very few authorized vendors of used
Cisco equipment, you would need to "relicense" the software by paying
Is this new? - I bought a PIX 501 off of eBay a few years back and was
able to purchase a Smartnet for it from CDW with no problems.
|
I think it's roughly 2 years now. |
|
| Back to top |
|
|
|
|
Martin Bilgrav
Guest
|
| Posted: Mon Apr 17, 2006 11:11 am Post subject: Re: Newbie PIX questions |
|
|
"none" <none@none.com> wrote in message
news:pan.2006.04.16.23.29.56.452704@none.com...
| Quote: | On Sun, 16 Apr 2006 15:30:17 +0000, Walter Roberson wrote:
If indeed you do not have what Cisco considers a valid PIX license,
you would need to relicense before Cisco would allow you to purchase
a support contract on the device.
|
Firstly Cisco do not track serial numbers at all, hence it makes it
difficult to say if a device is ok or need re-license.
Though a good resellar can tell for whom the device was sold the first time,
and them should be able to tell if you are from this company etc.
The Global listprice is as follows:
Cisco PIX Security Appliance Relicensing for Used Equipment
LL-PIX-501-3DES PIX 501 168-bit 3DES IPSec Software License C $100
LL-PIX-501-SW-10 PIX 501 10 User Platform License C $195
LL-PIX-501-SW-50 PIX 501 50 User Platform License C $295
LL-PIX-515-SW-FO PIX 515/515E Failover Platform License C $495
LL-PIX-515-SW-R PIX 515/515E Restricted Platform License C $995
LL-PIX-515-SW-UR PIX 515/515E Unrestricted Platform License C $4,995
LL-PIX-520-FO PIX Classic, 10K, 510, 520 Failover License C $795
LL-PIX-520-SW-128 PIX Classic, 10K, 510, 520 Entry Level License C $1,995
LL-PIX-520-SW-1K PIX Classic, 10K, 510, 520 Midrange License C $3,295
LL-PIX-520-SW-UR PIX Classic, 10K, 510, 520 Unrestricted License C $7,395
LL-PIX-525-SW-FO PIX 525 Failover Platform License C $995
LL-PIX-525-SW-R PIX 525 Restricted Platform License C $5,495
LL-PIX-535-SW-FO PIX 535 Failover Platform License C $595
LL-PIX-535-SW-R PIX 535 Restricted Platform License C $11,995
LL-PIX-535-SW-UR PIX 535 Unrestricted Platform License C $19,595
LL-PIX-VPN-DES PIX 56-bit DES IPSec Software License C $0
Your Cisco service partner/reseller should be able to verify this.
(otherwise replace him!)
HTH
Martin Bilgrav |
|
| Back to top |
|
|
Guest
|
| Posted: Mon Apr 17, 2006 12:28 pm Post subject: Re: Newbie PIX questions |
|
|
I have a Cisco login, but no service contract. I had been told you have
to pay for a service contract to download the images directly from
Cisco. If not, please provide a link or instructions for finding it for
the 506e on Cisco's website. I find their website a pain to navigate.
I was hoping to find some free online tutorials; I'm aware there are
many books on PIX. |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted: Mon Apr 17, 2006 6:00 pm Post subject: Re: Newbie PIX questions |
|
|
In article <1145262518.779374.224480@e56g2000cwe.googlegroups.com>,
<voidxor@gmail.com> wrote:
| Quote: | I have a Cisco login, but no service contract. I had been told you have
to pay for a service contract to download the images directly from
Cisco. If not, please provide a link or instructions for finding it for
the 506e on Cisco's website.
|
If I recall correctly, PIX 6.3(3)(121) [only] could be downloaded from
cisco.com with a CCO login but no support contract. I can't recall
the URL, though. Possibly it was one of the things at
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix
but it isn't there now. |
|
| Back to top |
|
|
Jens Haase
Guest
|
| Posted: Wed Apr 19, 2006 5:53 pm Post subject: Re: Newbie PIX questions |
|
|
Walter Roberson wrote:
| Quote: | Oh wait, you used eBay, so you probably didn't go through an authorized
PIX vendor. In that case unless you are in one of a small number
of countries (Germany, Denmark, possibly a couple of others), the PIX
software license did not transfer to you and you aren't entitled to
run even the 6.3(3) you already have, and there would be no way for
you to legally get any other PIX version for free.
|
where can I read about the exeptions for these countrys? The policy on
http://www.cisco.com/warp/public/csc/refurb_equipment/swpolicy.html
does not state any exeption for the above countrys.
Jens |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted: Wed Apr 19, 2006 6:07 pm Post subject: Re: Newbie PIX questions |
|
|
In article <4amtmfFtelskU1@individual.net>, Jens Haase <jens@haase.to> wrote:
| Quote: | Walter Roberson wrote:
Oh wait, you used eBay, so you probably didn't go through an authorized
PIX vendor. In that case unless you are in one of a small number
of countries (Germany, Denmark, possibly a couple of others), the PIX
software license did not transfer to you
where can I read about the exeptions for these countrys? The policy on
http://www.cisco.com/warp/public/csc/refurb_equipment/swpolicy.html
does not state any exeption for the above countrys.
|
Those countries have laws which override the Cisco license policy.
In a small number of countries (I never did manage to pin down exactly
which), the law specifies that when software is resold along with
hardware, that the license is considered to transfer. Or possibly
it is phrased in terms of copyright rather than in terms of
license, that in such cases there is no copyright violation to use
the software even if the license would otherwise imply there would
be.
With some digging into past threads, I could possibly locate a link
to the German laws (in German), but I don't recall ever having
seen a link to the laws in Denmark.
See also (e.g.) the Wikipedia entry for First-sale_doctrine
(which indicates that the roughly the same thing applies
in some jurisdictions in the USA, but that the situation is in legal
flux.) |
|
| Back to top |
|
|
|
|
