Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

cisco pix 501


i just trying get some certifications from cisco like CCNP and some exposure to firewalls and vpn

i just wanted to know is a pix 501 good for my home lab practice

can learn good on it as i already have four routers and a couple of switches in my home lab

the pix 501 i am trying to buy has this output

'sh ver' output:

pixfirewall> sh ver

Cisco PIX Firewall Version 6.3(1)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 19-Mar-03 11:49 by morlee

pixfirewall up 19 secs

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 000e.8325.3952, irq 9

1: ethernet1: address is 000e.8325.3953, irq 10

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 2

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: 10

Throughput: Unlimited

IKE peers: 10

Is it good for my practice or i need a different one

please help

Thank you

Gursaran Abott


Re: cisco pix 501


This is fine for homelab firewall or even production firewall for very small network,I would boost the memory to 32,these model can go up to 32 MB of RAM, you may want to upgrade the code to the latest code 6.x train which is 6.3.5 code, with the current code you cannot do 802.1q trunking, with 6.3.5 your maximun interfaces will be 4, two physical and two virtual interfaces.

The 501 are EOSales but still used and good for learning.

Now If you have money you can get the asa5505 with Sec plus license to learn the 7.x,8.0 code, PIX501 cdoes not support any other codes beyond 6.3.5, but again pix501 is t

here is a link with some geting stared with pix code 6.3



New Member

Re: cisco pix 501


I appreciate your valuable information

how can upgrade to the latest 6.3.5 code as compared to the code i have on this firewall

and how many interfaces does the current code


Re: cisco pix 501

The current code will provide you with the basics firewall functionality, inside interface for your private LAN and outside interface for the public network, to upgrade the code you will need access to the cisco software download library but this is only for folks that have some type of service contract which will give you access to code upgrades and Cisco TAC support as well, now you may say " I don't need service contract" but this is the way it works, you may contact TAC directly to see if you can get other options to obtain that code.

You can still work with 6.3.1 code and practice with this code, you still have the two inside/outside interfaces. Just that the benefit of 6.3.5 code will give you the extra two virtual or VLAN interfaces to practice with if you want to have two different private networks.

Also , here is a good interactive link learn about the newer firewall models and its components , you may be able to access the link with your guess account.

I also see you are pursuing ccnp, would like to share some very good simulators it may be of good resources for you to learn

cisco 7200 simulators

PIX Emulator with GNS3, and router simulators

these are freeware

Other PIX/ASA Emulators (non freeware )

You may also visit the Certification forum section in the main netpro page, there is a lots of information that netpro participans share with one another.



New Member

Re: cisco pix 501


Thanks again

can i use this pix firewall to configure a dmz interface or no

and how can configure vpn on it

please advice


Re: cisco pix 501

You can configure either MS PPTP Remote access or Cisco VPN remote access.

PIX Config for seting up MS PPTP using for clients using built MS vpn Client

Cisco VPN Remote access config for Cisco VPN client.

DMZ cannot be configured because PIX only have one inside interface, you would need code 6.3.5 to allow for another Virtual interface to configure a DMZ network off the firewall.