05-10-2008 09:24 AM
hi
i just trying get some certifications from cisco like CCNP and some exposure to firewalls and vpn
i just wanted to know is a pix 501 good for my home lab practice
can learn good on it as i already have four routers and a couple of switches in my home lab
the pix 501 i am trying to buy has this output
'sh ver' output:
pixfirewall> sh ver
Cisco PIX Firewall Version 6.3(1)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 19-Mar-03 11:49 by morlee
pixfirewall up 19 secs
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 000e.8325.3952, irq 9
1: ethernet1: address is 000e.8325.3953, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10
Is it good for my practice or i need a different one
please help
Thank you
Gursaran Abott
05-10-2008 09:38 AM
Gursaran,
This is fine for homelab firewall or even production firewall for very small network,I would boost the memory to 32,these model can go up to 32 MB of RAM, you may want to upgrade the code to the latest code 6.x train which is 6.3.5 code, with the current code you cannot do 802.1q trunking, with 6.3.5 your maximun interfaces will be 4, two physical and two virtual interfaces.
The 501 are EOSales but still used and good for learning.
Now If you have money you can get the asa5505 with Sec plus license to learn the 7.x,8.0 code, PIX501 cdoes not support any other codes beyond 6.3.5, but again pix501 is t
here is a link with some geting stared with pix code 6.3
http://cisco.com/en/US/docs/security/pix/pix63/configuration/guide/overvw.html#wp1045414
HTH
-Jorge
05-10-2008 12:36 PM
Hi
I appreciate your valuable information
how can upgrade to the latest 6.3.5 code as compared to the code i have on this firewall
and how many interfaces does the current code
support
05-10-2008 02:17 PM
The current code will provide you with the basics firewall functionality, inside interface for your private LAN and outside interface for the public network, to upgrade the code you will need access to the cisco software download library but this is only for folks that have some type of service contract which will give you access to code upgrades and Cisco TAC support as well, now you may say " I don't need service contract" but this is the way it works, you may contact TAC directly to see if you can get other options to obtain that code.
You can still work with 6.3.1 code and practice with this code, you still have the two inside/outside interfaces. Just that the benefit of 6.3.5 code will give you the extra two virtual or VLAN interfaces to practice with if you want to have two different private networks.
Also , here is a good interactive link learn about the newer firewall models and its components , you may be able to access the link with your guess account.
http://www.cisco.com/en/US/products/ps6120/tsd_products_support_online_learning_modules_list.html
I also see you are pursuing ccnp, would like to share some very good simulators it may be of good resources for you to learn
cisco 7200 simulators
http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator
PIX Emulator with GNS3, and router simulators
these are freeware
Other PIX/ASA Emulators (non freeware )
http://www.dcs.napier.ac.uk/~bill/emulators.html
You may also visit the Certification forum section in the main netpro page, there is a lots of information that netpro participans share with one another.
HTH
-Jorge
05-10-2008 07:16 PM
Hi
Thanks again
can i use this pix firewall to configure a dmz interface or no
and how can configure vpn on it
please advice
Thanks
05-10-2008 07:35 PM
You can configure either MS PPTP Remote access or Cisco VPN remote access.
PIX Config for seting up MS PPTP using for clients using built MS vpn Client
Cisco VPN Remote access config for Cisco VPN client.
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html
DMZ cannot be configured because PIX only have one inside interface, you would need code 6.3.5 to allow for another Virtual interface to configure a DMZ network off the firewall.
HTH
-Jorge
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: