All Cisco-Network Study Notes: Installing, Configuring, and Launching PDM-Preparing for Installation-Installing or Advance PDM-Configuring the PIX Firewall For Network Connectivi

Rewritten Article

Installing, Configuring,

and Launching PDM

This area of the affiliate provides acumen into the analytic accomplish and procedures

required to install, configure, and barrage PDM. As abundant in antecedent sections,

PDM and DES activation keys are preloaded on accessories alien with PIX firewall

software adaptation 6.0 and later. Additionally, some arranged versions of the

PIX firewall, such as the PIX 501 3DES model, board a preinstalled 3DES key

for added security. If your PIX firewall was not alien with software version

6.0 or afterwards or you would like to advancement your firewall to PDM adaptation 2.1,

follow the accomplish abundant in this area to install or advancement the PIX firewall software

to adaptation 6.2 and PDM 2.1.

Preparing for Installation

Before attempting to use PDM 2.1 or configure a PIX accessory application PDM, verify

that the PIX firewall software adaptation of the accessory is 6.2 or later. If it is not, the

software adaptation charge be upgraded and DES charge be activated afore PDM will

function.

To verify the PIX firewall version, log into the CLI and blazon appearance version.

The aboriginal two curve of the acknowledgment should affectation the accepted PIX firewall version

and announce whether PDM is installed on the device.The afterward shows a PIX

firewall with software adaptation 6.2(2) and PDM adaptation 2.1(1) installed:

PIX1# appearance version

Cisco PIX Firewall Adaptation 6.2(2)

Cisco PIX Accessory Manager Adaptation 2.1(1)

If the PIX firewall adaptation is 6.2 or afterwards and PDM 2.1(1) is installed, proceed

to the area “Configuring the PIX Firewall Application PDM.” If these are not

installed, accredit to the afterward accomplish to advancement the PIX firewall, install the DES

activation key, and install/upgrade PDM.

Installing or Advance PDM

As with all advancement and accession procedures, activate by abetment up all configuration

data on the absolute PIX firewall accessory that you plan to upgrade. If the

PIX firewall is a assembly device, agenda the advancement action during offhours

and acquaint the aggregation users of the abeyant account outage. Accomplishing so will

help ensure a bland advancement action and will anticipate complaints from the user

community.

456 Affiliate 9 • PIX Accessory Manager

Verify that the PIX firewall meets all requirements listed ahead in this

chapter afore starting with the advancement and installation. Read all absolution notes

carefully to actuate whether any specific functionality has been removed or

changed in the new release. Finally, be abiding to accept the software angel of the

PIX firewall adaptation currently active on the PIX accessory backed up in the event

that the new adaptation advancement fails and you charge cycle back.The accession procedure

is about agitation free, but best convenance consistently dictates alertness for

version acknowledgment in the accident of a failure.

NOTE

Administrators with a accurate CCO login can acquisition Cisco PIX firewall software

and PDM images on the Cisco Web armpit at www.cisco.com/cgi-bin/

tablebuild.pl/pix.

The basal accomplish for installing or advance PDM are:

1. Access a DES activation key.

2. Configure the PIX firewall for basal arrangement connectivity.

3. Install a TFTP server and accomplish it accessible to the PIX firewall.

4. Advancement to the adaptation of PIX firewall software and configure the DES

activation key on the PIX device.

5. Install or advancement PDM on the PIX device.

Let’s booty a afterpiece attending at anniversary of these steps.

Obtaining a DES Activation Key

The aboriginal footfall in configuring PDM on a PIX firewall is accepting a new activation

key to accredit DES encryption (if you do not already accept one).A DES

activation key is chargeless from Cisco and appropriate for PDM functionality. Because it

could booty some time for Cisco to affair the new key, it is best to alpha the request

process afore advance software on the PIX firewall. Use the appearance adaptation command

to access the PIX consecutive number.This cardinal is appropriate to appeal a new

activation key. From a Web browser, go to www.cisco.com/cgi-bin/Software/

FormManager/formgenerator.pl?pid=221&fid=324 and ample out the key request

form.A Cisco adumbrative will e-mail you the DES activation key shortly

thereafter.

PIX Accessory Manager • Affiliate 9 457

Configuring the PIX Firewall For

Network Connectivity

To advancement a PIX firewall and install PDM, the PIX firewall charge aboriginal be capable

of basal arrangement connectivity. If the PIX firewall accessory is already on the network

and able of abutting to added devices, advance to the abutting area and

install a TFTP server:

1. Establish a affiliation to the animate anchorage of the PIX accessory and log

into the CLI.

2. Access Accredit approach by accounting accredit at the animate prompt.

3. Blazon configure terminal to access Agreement approach on the PIX

firewall.

4. Access the bureaucracy chat box by accounting bureaucracy afterwards entering Configuration

mode.

5. Chase the bureaucracy chat prompts and access advice for the following

variables:

Accredit password

Clock variables

IP abode information

Hostname

Domain name

6. When prompted, save the advice to abode the agreement to

memory.

When you’re finished, physically attach the PIX firewall to the arrangement and

test for arrangement connectivity application the ping command on the PIX firewall.

Installing a TFTP Server

After the PIX firewall is auspiciously configured on the network, a TFTP server

must be installed to board the new PIX firewall software and PDM software

upload. Chase the instructions provided in Affiliate 2 to install a TFTP

server. If a TFTP server already exists, advance to the abutting area and upgrade

the PIX firewall software.

www.syngress.com

458 Affiliate 9 • PIX Accessory Manager

Upgrading the PIX Firewall and Configuring

the DES Activation Key

Because PDM 2.1 alone functions on PIX 6.2 and later, PIX accessories with versions

before 6.2 charge be upgraded. Furthermore, the use of PDM requires the activation

of DES or 3DES to facilitate a secure, encrypted administration session.To

enable DES, the new key requested in antecedent accomplish charge be activated either

during a new PIX angel amount application the Monitor approach adjustment on the PIX firewall

or application the activation-key command.The key on the PIX firewall cannot be

changed application the archetypal archetype tftp beam command.

To advancement the PIX firewall software, chase the accomplish categorical in Affiliate 2.

If the PIX accessory is already active software adaptation 6.2 and you artlessly charge to

install the new DES or 3DES authorization key, use the activation-key command from

the CLI.Type activation-key in Agreement mode, followed by the appropriate

activation key hexadecimal cipher provided by Cisco.To verify the key, use

the appearance activation-key command.

Installing or Advance PDM on the PIX device

After the PIX firewall software is auspiciously upgraded to 6.2 and the DES or

3DES key is installed, PDM charge be loaded into flash. As with the PIX firewall

software upgrade, the accession of PDM is a potentially difficult operation.

Always accomplish backups of agreement files and software images afore proceeding

with the installation. Consistently verify that the PIX firewall meets the

requirements defined for PDM.To install PDM, chase these steps:

1. From the TFTP server, log into CCO and download the PDM image.

PDM can be begin at www.cisco.com/cgi-bin/tablebuild.pl/pix.

2. Save the software in a area that can be accessed via TFTP. Note the

name of the software angel for afterwards reference.

3. Log into the PIX CLI via SSH,Telnet, or the console.

4. Access Accredit approach by accounting accredit at the command prompt.

5. Blazon archetype tftp flash:pdm.

NOTE

Use the archetype tftp flash:pdm command to install the PDM image. Do not

use the archetype tftp beam command, because accomplishing so will overwrite your

PIX firewall operating system.

www.syngress.com

PIX Accessory Manager • Affiliate 9 459

6. When prompted for the alien abode of the host, blazon the IP address

of the TFTP server.

7. When prompted for the antecedent filename, blazon the name of the PDM

software angel on the TFTP server.

8. When prompted, blazon yes to advance with the PDM installation.

9. Afterwards the accession is complete, blazon appearance adaptation to verify that

PDM is installed and that DES or 3DES is enabled. Achievement agnate to

the afterward should appear:

PIX1# appearance version

Cisco PIX Firewall Adaptation 6.2(2)

Cisco PIX Accessory Manager Adaptation 2.1(1)

<<>>

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES: Disabled

<<>>

Serial Number: 480501351 (0x1ca20729)

Activation Key: 12345678 12345678 12345678 12345678