I would like to use the PIX 501 firewall for the following purposes, but not so sure if it can handle them:
1) support 3 interfaces: inside, outside, and a DMZ?
2) Remotely configure/maintain the firewall using command-line interface (CLI) via VPN?
3) What is the difference of Telnet over IPSec Versus VPN? Is this Telnet safe?
4) What is the console port for? and what is "out of band through a console port"?
5) If this firewall is connected via a ADSL modem to the internet (supported by a ISP)and its IP address is dynamic. Now I want to connect two computers to the firewall, one to the DMZ, and another to the inside interface (both of these two computers' IP are private IP). When this LAN configuration is done, can both the computers access the internet?
(I know I can have one computer connected to the ADSL's modem and access the internet. I wonder with this firewall, if I can have two computers access the internet, without using a router?)
1. pix501 has two int only. i'm not too sure how you can use pix501 to cope with the requirements. i guess you may use two pix501 to create a dmz. e.g.
internet <--> pix501 <--> dmz >--> pix501 <--> inside
2. you can maintain it, but not configure it without the basic settings. otherwise how do you connect remotely in the first place.
3. telnet from the outside is not allowed regardless the configuration. you can either ssh to the outside int or telnet over ipsec to the inside int. with ssh, you need a ssh client; whereas for telnet over ipsec, you would need the cisco vpn client. i guess if you are going to configure remote vpn access for road warrior, then you may as well configure the telnet over ipsec; otherwise use ssh. both of them are secured as traffic is encrypted.
4. console is used when configuring a fresh device, as well as the last resort if the device fails to respond other int.
5. both inside and dmz will have no drama accessing the internet at the same time. but again pix501 has two int only.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :