I am hoping that someone here has had some experience with automating the configuration of the Cisco PIX 506/506e series. I work for an event planning company and we travel all around the world setting up networks onsite that will run for about a week and then break down and move to another location. Most of the time someone in tech travels to the show and configures the PIX for that venue. In the past we would give out a VPN hardware concentrator if there were no tech people going to the show. Most of the time we could set it to DHCP on the external interface and we would be fine. After using those devices for about a year and having to listen to all the complaints about them rebooting by themselves, we have decided to start deploying the PIX devices onsite to all events.
The problem that I have is giving out configuration instructions to people that have no technical skills. Is anyone aware of a way to automate the configuration either through a .bat file or some other way I have not thought of yet? All it would need to do is take input for the IP address, subnet, and gateway and then program that in to the PIX and then issue the following commands :
I don't believe the PIX offers any scripting engine support, though it would be trivial to write a DOS batch file or PERL script to take some input and produce a text configuration file that could then be pasted in to the device.
This might be blasphemy, but here's one way to do it. Since the PIX is at the remote site, send a laptop with it preconfigured to console into the PIX. Install a HTTP tunneling type remote control client on the laptop, such as GotoMyPc so that you can remotely control the laptop and configure the PIX. As long as the laptop can get the Web, you're good to go.
If remote control gives you heartburn, you could use a scripting language of a telnet client like reflections to query for the needed info from the person at the site and automatically console into the PIX and paste in a config.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...