The Command-Line Interface
Like a Cisco router, the agreement of the PIX is independent in a argument file.The
job of a PIX ambassador is to actualize the argument file.There are abounding means to
achieve this goal: alive offline and uploading configurations, alive through
an agent such as the PIX Accessory Manager, or alive at the command
prompt. Because best aliment tasks are adequately simple, best of your time will
be spent at the command prompt, so it is accessible to absorb some time with that.
Factory Absence Configurations
There are two basal branch absence configurations. Because the PIX 501 and PIX
506 accept adequately specific purposes, the absence configurations for those accessories are
suited to their market. Because the PIX 515, 525, and 535 are added generalpurpose
firewalls, they accept appropriately beneath configuration.
PIX 501 and 506E
The PIX 501 and 506E are advised to be alone into a acceptable DSL
environment. Cisco makes the afterward assumptions:
1. The absence advice breeze ascendancy action will be annihilation permitted
from the central accustomed out, annihilation in.
2. The alien interface will accept its IP set via DHCP. Both interfaces are
set anchored to 10Mbps Ethernet.
3. DHCP will be provided to central users, with the absence avenue set to the
PIX.
The centralized arrangement that the PIX provides is the 192.168.1.0 network.
(Remember, this is one of the choices accustomed by RFC 1918.) The PIX will be
the absence aperture for the network, at 192.168.1.1.This is acceptable since
www.syngress.com
72 Chapter 2 • Introduction to PIX Firewalls
many added vendors (such as wireless AP vendors) additionally use the 192.168.1.0 network
and accept that the aboideau is at 192.168.1.1—so the 501 and 506E can be
transparently alone into best home nets. Limiting the interfaces to 10Mbps is
not a problem, back the alfresco interface is activity to be affiliated to a digital
subscriber band (DSL) or cable environment, which will about be functioning
at beneath that 1Mbps, and acclimation the affiliation to 10Mbps avoids some of the Fast
Ethernet bifold handshaking problems that can action on earlier switches.
For best users, this band-aid is reasonable. If this accessory is allotment of an enterprise
deployment, a little added anticipation is required; this band-aid does not support
centralized maintenance, for example, or VPN tunnels. If you are rolling out a
large cardinal of clients, you will appetite to actuate a arrangement and preconfigure
the PIX afore sending it to the end users.
PIX 515E, 525, and 535
The PIX 515E and up access with about bare branch configurations.
Interfaces are set to autoconfigure but are disabled, and agreement via the
console is required.