Installing, Configuring,
and Launching PDM
This area of the affiliate provides acumen into the analytic accomplish and procedures
required to install, configure, and barrage PDM. As abundant in antecedent sections,
PDM and DES activation keys are preloaded on accessories alien with PIX firewall
software adaptation 6.0 and later. Additionally, some arranged versions of the
PIX firewall, such as the PIX 501 3DES model, board a preinstalled 3DES key
for added security. If your PIX firewall was not alien with software version
6.0 or afterwards or you would like to advancement your firewall to PDM adaptation 2.1,
follow the accomplish abundant in this area to install or advancement the PIX firewall software
to adaptation 6.2 and PDM 2.1.
Preparing for Installation
Before attempting to use PDM 2.1 or configure a PIX accessory application PDM, verify
that the PIX firewall software adaptation of the accessory is 6.2 or later. If it is not, the
software adaptation charge be upgraded and DES charge be activated afore PDM will
function.
To verify the PIX firewall version, log into the CLI and blazon appearance version.
The aboriginal two curve of the acknowledgment should affectation the accepted PIX firewall version
and announce whether PDM is installed on the device.The afterward shows a PIX
firewall with software adaptation 6.2(2) and PDM adaptation 2.1(1) installed:
PIX1# appearance version
Cisco PIX Firewall Adaptation 6.2(2)
Cisco PIX Accessory Manager Adaptation 2.1(1)
If the PIX firewall adaptation is 6.2 or afterwards and PDM 2.1(1) is installed, proceed
to the area “Configuring the PIX Firewall Application PDM.” If these are not
installed, accredit to the afterward accomplish to advancement the PIX firewall, install the DES
activation key, and install/upgrade PDM.
Installing or Advance PDM
As with all advancement and accession procedures, activate by abetment up all configuration
data on the absolute PIX firewall accessory that you plan to upgrade. If the
PIX firewall is a assembly device, agenda the advancement action during offhours
and acquaint the aggregation users of the abeyant account outage. Accomplishing so will
help ensure a bland advancement action and will anticipate complaints from the user
community.
456 Affiliate 9 • PIX Accessory Manager
Verify that the PIX firewall meets all requirements listed ahead in this
chapter afore starting with the advancement and installation. Read all absolution notes
carefully to actuate whether any specific functionality has been removed or
changed in the new release. Finally, be abiding to accept the software angel of the
PIX firewall adaptation currently active on the PIX accessory backed up in the event
that the new adaptation advancement fails and you charge cycle back.The accession procedure
is about agitation free, but best convenance consistently dictates alertness for
version acknowledgment in the accident of a failure.
NOTE
Administrators with a accurate CCO login can acquisition Cisco PIX firewall software
and PDM images on the Cisco Web armpit at www.cisco.com/cgi-bin/
tablebuild.pl/pix.
The basal accomplish for installing or advance PDM are:
1. Access a DES activation key.
2. Configure the PIX firewall for basal arrangement connectivity.
3. Install a TFTP server and accomplish it accessible to the PIX firewall.
4. Advancement to the adaptation of PIX firewall software and configure the DES
activation key on the PIX device.
5. Install or advancement PDM on the PIX device.
Let’s booty a afterpiece attending at anniversary of these steps.
Obtaining a DES Activation Key
The aboriginal footfall in configuring PDM on a PIX firewall is accepting a new activation
key to accredit DES encryption (if you do not already accept one).A DES
activation key is chargeless from Cisco and appropriate for PDM functionality. Because it
could booty some time for Cisco to affair the new key, it is best to alpha the request
process afore advance software on the PIX firewall. Use the appearance adaptation command
to access the PIX consecutive number.This cardinal is appropriate to appeal a new
activation key. From a Web browser, go to www.cisco.com/cgi-bin/Software/
FormManager/formgenerator.pl?pid=221&fid=324 and ample out the key request
form.A Cisco adumbrative will e-mail you the DES activation key shortly
thereafter.
PIX Accessory Manager • Affiliate 9 457
Configuring the PIX Firewall For
Network Connectivity
To advancement a PIX firewall and install PDM, the PIX firewall charge aboriginal be capable
of basal arrangement connectivity. If the PIX firewall accessory is already on the network
and able of abutting to added devices, advance to the abutting area and
install a TFTP server:
1. Establish a affiliation to the animate anchorage of the PIX accessory and log
into the CLI.
2. Access Accredit approach by accounting accredit at the animate prompt.
3. Blazon configure terminal to access Agreement approach on the PIX
firewall.
4. Access the bureaucracy chat box by accounting bureaucracy afterwards entering Configuration
mode.
5. Chase the bureaucracy chat prompts and access advice for the following
variables:
Accredit password
Clock variables
IP abode information
Hostname
Domain name
6. When prompted, save the advice to abode the agreement to
memory.
When you’re finished, physically attach the PIX firewall to the arrangement and
test for arrangement connectivity application the ping command on the PIX firewall.
Installing a TFTP Server
After the PIX firewall is auspiciously configured on the network, a TFTP server
must be installed to board the new PIX firewall software and PDM software
upload. Chase the instructions provided in Affiliate 2 to install a TFTP
server. If a TFTP server already exists, advance to the abutting area and upgrade
the PIX firewall software.
www.syngress.com
458 Affiliate 9 • PIX Accessory Manager
Upgrading the PIX Firewall and Configuring
the DES Activation Key
Because PDM 2.1 alone functions on PIX 6.2 and later, PIX accessories with versions
before 6.2 charge be upgraded. Furthermore, the use of PDM requires the activation
of DES or 3DES to facilitate a secure, encrypted administration session.To
enable DES, the new key requested in antecedent accomplish charge be activated either
during a new PIX angel amount application the Monitor approach adjustment on the PIX firewall
or application the activation-key command.The key on the PIX firewall cannot be
changed application the archetypal archetype tftp beam command.
To advancement the PIX firewall software, chase the accomplish categorical in Affiliate 2.
If the PIX accessory is already active software adaptation 6.2 and you artlessly charge to
install the new DES or 3DES authorization key, use the activation-key command from
the CLI.Type activation-key in Agreement mode, followed by the appropriate
activation key hexadecimal cipher provided by Cisco.To verify the key, use
the appearance activation-key command.
Installing or Advance PDM on the PIX device
After the PIX firewall software is auspiciously upgraded to 6.2 and the DES or
3DES key is installed, PDM charge be loaded into flash. As with the PIX firewall
software upgrade, the accession of PDM is a potentially difficult operation.
Always accomplish backups of agreement files and software images afore proceeding
with the installation. Consistently verify that the PIX firewall meets the
requirements defined for PDM.To install PDM, chase these steps:
1. From the TFTP server, log into CCO and download the PDM image.
PDM can be begin at www.cisco.com/cgi-bin/tablebuild.pl/pix.
2. Save the software in a area that can be accessed via TFTP. Note the
name of the software angel for afterwards reference.
3. Log into the PIX CLI via SSH,Telnet, or the console.
4. Access Accredit approach by accounting accredit at the command prompt.
5. Blazon archetype tftp flash:pdm.
NOTE
Use the archetype tftp flash:pdm command to install the PDM image. Do not
use the archetype tftp beam command, because accomplishing so will overwrite your
PIX firewall operating system.
www.syngress.com
PIX Accessory Manager • Affiliate 9 459
6. When prompted for the alien abode of the host, blazon the IP address
of the TFTP server.
7. When prompted for the antecedent filename, blazon the name of the PDM
software angel on the TFTP server.
8. When prompted, blazon yes to advance with the PDM installation.
9. Afterwards the accession is complete, blazon appearance adaptation to verify that
PDM is installed and that DES or 3DES is enabled. Achievement agnate to
the afterward should appear:
PIX1# appearance version
Cisco PIX Firewall Adaptation 6.2(2)
Cisco PIX Accessory Manager Adaptation 2.1(1)
<<>>
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES: Disabled
<<>>
Serial Number: 480501351 (0x1ca20729)
Activation Key: 12345678 12345678 12345678 12345678