+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 27

Thread: Cisco PIX 506

  1. Member
    Join Date
    Apr 2006
    Location
    Queens NY
    Posts
    94

    Certifications
    A+, Net +, CCNA
    #1

    Default Cisco PIX 506

    Hello, I am thinking of purchasing a Pix 506, Will this be enough to get through the CCSP with? or will there be more hardware? I already have a large amount of routers and switches.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Jan 2003
    Location
    Milwaukee, WI
    Posts
    75

    Certifications
    CISSP, CISM, CCSP, HISP
    #2
    Don't bother. Get the ASA5505. It's only $600 and it runs v7 of the OS.
    Reply With Quote Quote  

  4. Member
    Join Date
    Apr 2006
    Location
    Queens NY
    Posts
    94

    Certifications
    A+, Net +, CCNA
    #3
    Thanks for the reply, I'll look into this ASA505 on Ebay.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2005
    Location
    Denmark
    Posts
    148

    Certifications
    CCSA, CCSP, GCFW, BS7799/ISO27001 Lead Auditor, ITIL Foundation, LPIC-1, MCSE:Security 2003, NSA, OPST
    #4
    With PIX 506, you're stuck with OS 6.x, so it can't be used for the CCSP
    Reply With Quote Quote  

  6. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #5
    If you can't stretch to the newer models you can still get some mileage from the 500 series. While some of the commands have changed, and 7.0 does add a fair bit extra, you can get to grips with translations, routing, access-lists, multiple zone theory etc. Many of the 7.0 command changes are to bring it more into IOS'ese so router experience can help bridge more of the gap.
    I'm sitting the PIX exam this Friday so I'll let you know if my theory actually holds true (using a 515 with 6.3 at work and borrowed a 501 with the same for home study....).
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jul 2004
    Posts
    236

    Certifications
    A bunch, and I still suck
    #6
    I personally do not like IOS 7 on pix. They should have left it the way it was. I know they are trying to make it easier for network admins, but it's making it harder on small businesses with 501s or 506e's that can't run the new IOS

    Bad move IMHO
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Jul 2004
    Posts
    236

    Certifications
    A bunch, and I still suck
    #7
    Quote Originally Posted by HHHTheGame
    Don't bother. Get the ASA5505. It's only $600 and it runs v7 of the OS.
    I've never seen this before, link?
    Reply With Quote Quote  

  9. Cisco Moderator mikej412's Avatar
    Join Date
    May 2005
    Location
    Chicago
    Posts
    10,190

    Certifications
    CCNP CCIP CCSP CCVP CCDP CCDA CCNA CS-CIPSS CS-CIPTDS CS-CIPTOS CS-CIPCSS CS-CFWS CS-CVPNS CS-CISecS ISSP 4013 4011
    #8
    Not listed as in stock at CDW yet.... "Call for availability"

    The Security Plus Bundle will ship within 13 days if ordered today (for $1,159.99).

    They do have a 5510 in stock.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jul 2004
    Posts
    236

    Certifications
    A bunch, and I still suck
    #9
    thanks Mike, good to know. I'll be checking ebay for this. And this runs the new IOS 7? I'll be forced to play with it since I'm taking the pix exam soon.

    From my understanding, there is some 6.3 IOS on the test too right?
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Feb 2007
    Posts
    3
    #10
    PIX 506 can run pix 7.x an asa 7.x whit a ram upgrade, just open, put 32 or 64 dimm and practice
    Reply With Quote Quote  

  12. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #11
    Unsupported and apparently only possible by stripping out the GUI components.
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Feb 2007
    Posts
    3
    #12
    r0ckwell on December 20th, 2006 wrote:

    Before proceeding, keep in mind that Cisco will no longer support your hardware or software after doing this, so don’t bother trying to get support for it. I’ve decided to share this knowledge to assist those who are less fortunate to have access to a 515 model or ASA. Considering we pay enough money for books, classes, and equipment, this will help tremendously with studying for the CCIE-Security exam.

    I’ve collected information from various forums and have concluded that none of the methods explained really work. Maybe because people don’t really want to share the information or maybe it’s because they are worried that Cisco will find out.

    FYI, I’ve condensed the ’show’ outputs to allow for easier reading.

    Here is what I’ve done to get the code to run.

    You can’t do the upgrade with only 32MB of RAM, you will need 64MB. Lucky for me I had 2 506E models to use. I took the RAM from one unit and placed in the slot of the PIX I wanted to upgrade.

    When you run a ’show version’, you should see the following output:

    pixfirewall(config)# sh ver

    Cisco PIX Firewall Version 6.3(5)

    Compiled on Thu 04-Aug-05 21:40 by morlee

    pixfirewall up 5 mins 45 secs

    Hardware: PIX-506E, 64 MB RAM, CPU Pentium II 300 MHz
    Flash E28F640J3 @ 0×300, 8MB

    Notice the 64MB of RAM. This is important if you want to continue.

    Next, I downloaded the pdm-304.bin file from Cisco’s website and renamed it to fakepdm.bin.

    I started up the TFTP server and ran ‘copy tftp flashdm’ on the PIX.

    pixfirewall(config)# copy tftp flashdm
    Address or name of remote host [0.0.0.0]? 192.168.1.35
    Source file name [cdisk]? fakepdm.bin
    copying tftp://192.168.1.35/fakepdm.bin to flashdm
    [yes|no|again]? yes
    Erasing current PDM file
    Writing new PDM file
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!tftp: Timed out during transfer
    Erasing partial PDM file
    PDM file not installed.
    pixfirewall(config)#

    After this message appears “Erasing current PDM file”, unplug the ethernet cable from the PIX. As you can see by my output above, the writing new PDM portion times out. Then you will see that the PIX is ‘Erasing partial PDM file’ and ‘PDM file not installed’.

    You’ve basically cleared enough space in flash memory to run any upgrade.

    I’ve decided to upgrade to version 7.01 only. It’s your choice if you want to go higher. I’m only doing this to prove that it CAN be done.

    Next, I ran the upgrade as normal by issuing ‘copy tftp flash:image’ and used the pix701.bin file.

    pixfirewall(config)# copy tftp flash:image
    Address or name of remote host [0.0.0.0]? 192.168.1.35
    Source file name [cdisk]? pix701.bin
    copying tftp://192.168.1.35/pix701.bin to flash:image
    [yes|no|again]? yes
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Received 5124096 bytes
    Erasing current image
    Writing 5066808 bytes of image
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Image installed
    pixfirewall(config)#

    Once you reload the PIX, you will see several messages. Do not abort the reload/reboot sequence. It’s normal what you are about to see. The 7.x code is what’s causing the following output to appear that way. Just sit back and wait for the prompt.

    pixfirewall(config)# reload
    Proceed with reload? [confirm]

    Rebooting..\uffff

    Old file system detected. Attempting to save data in flash

    Initializing flashfs…
    flashfs[7]: Checking block 0…block number was (2423)
    flashfs[7]: erasing block 0…done.
    flashfs[7]: Checking block 1…block number was (24879)
    flashfs[7]: erasing block 1…done.
    flashfs[7]: Checking block 2…block number was (-16063)
    flashfs[7]: erasing block 2…done.

    flashfs[7]: erasing block 60…done.
    flashfs[7]: Checking block 61…block number was (0)
    flashfs[7]: erasing block 61…done.
    flashfs[7]: 0 files, 1 directories
    flashfs[7]: 0 orphaned files, 0 orphaned directories
    flashfs[7]: Total bytes: 7870464
    flashfs[7]: Bytes used: 1024
    flashfs[7]: Bytes available: 7869440
    flashfs[7]: flashfs fsck took 90 seconds.
    flashfs[7]: Initialization complete.

    Saving the datafile
    !
    Saving a copy of old datafile for downgrade
    !
    Saved the activation key from the flash image
    Saved the default firewall mode (single) to flash
    Saving image file as image.bin
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Upgrade process complete
    Need to burn loader….
    Erasing sector 0…[OK]
    Burning sector 0…[OK]

    Once the checking and erasing is complete, you will notice that your 506E is now running 7.0(1) code.

    Cisco PIX Security Appliance Software Version 7.0(1)

    I guess now after knowing this, the sales prices for the 506Es on eBay will start to come down.
    Reply With Quote Quote  

  14. I'd rather be fly fishing johnwest43's Avatar
    Join Date
    Dec 2009
    Location
    Grand Blanc, MI
    Posts
    295

    Certifications
    CCNP, CCNA: Voice, Network+, A+
    #13
    Works great except for VLans are disabled.
    Reply With Quote Quote  

  15. Senior Member Nobylspoon's Avatar
    Join Date
    Sep 2008
    Location
    Ashburn, VA
    Posts
    609

    Certifications
    WGU BS:IT, MCITP:EA, MCSA:2008, Security+, Project+, JavaScript Specialist, Web Foundations
    #14
    Check Craigslist and Ebay for a 5505. I was planning on a 506E myself but I am really glad I decided to go with the ASA instead. I picked mine up for $250 with a 10 user base license. Came loaded up with v7.2 and 8.0 along with ASDM 6.3.

    It is definatly worth the extra money to go for the ASA 5505. You might not be able to find it quite as cheap as I did but keep shopping and you can probably pick it up in the low $300 range for sure. However, if you need more than a 10 user license then you will be paying more. I am using mine for my home network and I never have more than 10 devices connecting to the outside interface at one time.
    Reply With Quote Quote  

  16. I'd rather be fly fishing johnwest43's Avatar
    Join Date
    Dec 2009
    Location
    Grand Blanc, MI
    Posts
    295

    Certifications
    CCNP, CCNA: Voice, Network+, A+
    #15
    7.0.5 allows vlans.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #16
    Quote Originally Posted by johnwest43 View Post
    7.0.5 allows vlans.
    Can the PIX 506 support 7? I thought that was only for ASAs. I thought the Pix 501 and 506 only support 6.3 or something.
    Reply With Quote Quote  

  18. was here.
    Join Date
    Apr 2008
    Posts
    4,504
    #17
    Quote Originally Posted by knwminus View Post
    Can the PIX 506 support 7? I thought that was only for ASAs. I thought the Pix 501 and 506 only support 6.3 or something.
    v7 is supported for the larger PIX boxes and all ASAs.

    The very early versions of v7 could be wedged into a PIX506E (The old 506 won't do it) by following the procedure to erase PDM so you have enough space on the flash to store the image.

    Later versions of v7 won't work on a PIX506E because they're larger than the available space and they added or removed something which causes it to abort.
    Reply With Quote Quote  

  19. I'd rather be fly fishing johnwest43's Avatar
    Join Date
    Dec 2009
    Location
    Grand Blanc, MI
    Posts
    295

    Certifications
    CCNP, CCNA: Voice, Network+, A+
    #18
    7.05 is the newest you can wedge onto a 506e.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #19
    I'm going to snag this PIX 506E from work to help me better understand the PIX OS. I am migrating the business off of a PIX 515 to an SonicWall NSA 3500 in a few weeks and I need to have a complete understanding of what the PIX config has in it so I can migrate everything successfully and quickly.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Jul 2008
    Posts
    219

    Certifications
    Computer Science BSc, CCNA Security, CCNA, MCP, CEH, Network+
    #20
    Hey guys, I'm thinking of ordering the following "CISCO ASA5505-BUN-K9 10000 Simultaneous Sessions Firewall throughput: Up to 150 Mbps 3DES/AES VPN throughput: Up to 100 Mbps Cisco ASA 5505 10-User Bundle". Will this be adequate for the CCSP? Any input would be greatly appreciated.
    Reply With Quote Quote  

  22. was here.
    Join Date
    Apr 2008
    Posts
    4,504
    #21
    Quote Originally Posted by zen master View Post
    Hey guys, I'm thinking of ordering the following "CISCO ASA5505-BUN-K9 10000 Simultaneous Sessions Firewall throughput: Up to 150 Mbps 3DES/AES VPN throughput: Up to 100 Mbps Cisco ASA 5505 10-User Bundle". Will this be adequate for the CCSP? Any input would be greatly appreciated.
    The base license ASA5505 can't handle failover and won't do trunking. The Security Plus licensed ASA5505 is only capable of doing active/standby failover. It only takes SSCs as well so if you want to put in a module then you'll have to deal with those instead of SSMs.

    In short, you'll be able to do most of what you need but there are limitations like the failover support.
    Reply With Quote Quote  

  23. DoWork
    Join Date
    Jun 2010
    Location
    A major Illinois hospital system near you
    Posts
    1,468

    Certifications
    vExpert, VCAP5-DCA/DCD, VCP5-DCV, VCIX-NV, VCP-NV, BSTM
    #22
    Also I'm pretty sure that SNAF has security contexts on it as well. A 5505 will not have them no matter what license you buy for it. You have to upgrade to a 5510 with a Sec plus license to get those.
    Reply With Quote Quote  

  24. was here.
    Join Date
    Apr 2008
    Posts
    4,504
    #23
    Quote Originally Posted by QHalo View Post
    Also I'm pretty sure that SNAF has security contexts on it as well. A 5505 will not have them no matter what license you buy for it. You have to upgrade to a 5510 with a Sec plus license to get those.
    Good point.
    Reply With Quote Quote  

  25. DoWork
    Join Date
    Jun 2010
    Location
    A major Illinois hospital system near you
    Posts
    1,468

    Certifications
    vExpert, VCAP5-DCA/DCD, VCP5-DCV, VCIX-NV, VCP-NV, BSTM
    #24
    I've been looking over ASA's for a jump into CCSP after I'm done with CCNA Sec. It's looking like rack rental is the best choice to ensure you don't have equipment capability concerns. There's also the ASA Project which has a working VMware image of an ASA. You could look into that as well. I was planning on buying a 5505 to manage my home network and as something I could consistently use to get experience with them, supplemented with rack rentals. 5510's are just not cost justified for me. I've found a few with Sec Plus licenses on eBay around $1800-2600 but you need two for full capabilities and that's just an asinine amount of cash.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Jul 2008
    Posts
    219

    Certifications
    Computer Science BSc, CCNA Security, CCNA, MCP, CEH, Network+
    #25
    Quote Originally Posted by QHalo View Post
    Also I'm pretty sure that SNAF has security contexts on it as well. A 5505 will not have them no matter what license you buy for it. You have to upgrade to a 5510 with a Sec plus license to get those.
    How critical is this? Can I learn the concepts using a simulator, or just using the book?

    Thanks for all the assistance guys, it's greatly appreciated. One last question, will the CISCO ASA5505-BUN-K9 help me to complete my CCNA: Security as well?
    Last edited by zen master; 08-18-2010 at 05:21 PM.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks