Solved: Ethernet ports on PIX-4FE-66

greg-bnets · ‎10-26-2007

Hi,

I just inserted a PIX-4FE-66 ethernet card in my pix 515 firewall. in additon to eth0 en eth1 i now see another interface inf2. Wasn't i supposed to see 4 extra ethernet ports? ho do i confire the card. also i dont know which port is

either E2, E3 etc. can someone shed some light in this for me please.

Thanks.

JORGE RODRIGUEZ · ‎10-27-2007

Greg, you will need license part# PIX-515-SW-R-UR= , to convert (R)Restricted to UR .

Please rate helpfull posts

Rgds

Jorge

Jorge Rodriguez

View solution in original post

JORGE RODRIGUEZ · ‎10-26-2007

Greg,

you should see a total of six physical interfaces like bellow :

e.g issue " show version "

0: ethernet0: address is 000c.8549.881f, irq 10

1: ethernet1: address is 000c.8549.8820, irq 11

2: ethernet2: address is 00e0.b606.d2a3, irq 11

3: ethernet3: address is 00e0.b606.d2a2, irq 10

4: ethernet4: address is 00e0.b606.d2a1, irq 9

5: ethernet5: address is 00e0.b606.d2a0, irq 5

name the inerface with name of your choice , we'll use DMZ and give security level of 50

nameif ethernet2 DMZ security50

interface ethernet2 100full

ip address DMZ 10.10.10.200 255.255.255.0

In the back of firewall facing the PIX-4FE-66 card I believe the 1st port from left to right is FE2 but to verify connect that interface into a switch, shutdown the switchport , then connnect to firewall and issue " show interface " it should say "interface ethernet2 DMZ is down, line protocol is down " bring up the switchport and look again.

HTH

Jorge

Jorge Rodriguez

greg-bnets · ‎10-27-2007

Jorge,

I did a sho version command and got the following:

User Access Verification

Password:

Type help or '?' for a list of available commands.

venus> ena

Password: ******

venus# sho ver

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(2)

Compiled on Fri 02-Jul-04 00:07 by morlee

venus up 10 hours 23 mins

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 000f.9001.52d1, irq 10

1: ethernet1: address is 000f.9001.52d2, irq 11

2: ethernet2: address is 000f.a3e9.c48c, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Physical Interfaces: 3

Maximum Interfaces: 5

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license.

is it because of the Maximum Physical Interfaces: 3 ? if so what must i do to increase this?

Thanks so much for your advise

Greg

JORGE RODRIGUEZ · ‎10-27-2007

You have a (R) restricted license, this is why you are limited to physical interfaces.

You would nee to upgrade license to UR at least to enable the 6 maximun physical interfaces.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html

Jorge Rodriguez

JORGE RODRIGUEZ · ‎10-27-2007

Greg, you will need license part# PIX-515-SW-R-UR= , to convert (R)Restricted to UR .

Please rate helpfull posts

Rgds

Jorge

Jorge Rodriguez

greg-bnets · ‎10-29-2007

Jorge,

Thansk a lot. I stil lhave a quick question:

Is it possible to have 2 outside interface for a pix? i want to have to connections to the internet on the pix.

JORGE RODRIGUEZ · ‎10-29-2007

Yes you can as a redundant or backup ISP link, you cannot do policy base routing as PIX/ASA does not support it, you would have to go different way by placing router in front of pix/ASA and do some kind of BGP multihoming with multiple ISPs.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

[edit]

Thanks for the rating.

Rgds

Jorge

Jorge Rodriguez