Network Management Learning: detailed configuration process of PIX525 transparent mode

I won't say much about how to connect to the computer. It is everywhere on the Internet. But it seems to be worth noting that, first power up the firewall after the Super Terminal is opened, otherwise nothing can be seen on the Super Terminal.

The configuration is as follows:

Because the pre-installed IOS version of the PIX series firewall is 6.x and only version 7.0 or above supports transparent mode, the first step is to upgrade IOS

Preparations:

Find a computer with a firewall and install the ciscotftp software on the switch. go to www.skycn.com. very simple Chinese version. then download a 7.0 bind file (pix701.bin I downloaded) on the cisco website and put it in the root directory of the tftp server.

Official start:

When the firewall is powered on, Press ESC to go to the monitor> status.

Monitor> address 192.1.1.1 -- set the firewall IP address
Address 192.1.1.1
Monitor> server 192.1.1.2 -- set the IP address of the tftp server
Server 192.1.1.2
Monitor> ping 192.1.1.2 -- check whether ping is successful
Sending 5, 100-byte 0x7970 ICMP Echoes to 10.32.2.78, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
Monitor> file pix701.bin -- declare the full name of the binfile you downloaded
File pix704.bin
Monitor> tftp -- start filling
Tftp pix704.bin@192.168.1.80 ...........................

Wait patiently. Wait until the ">" symbol in the non-Permission mode appears. Enter the binfile in flash. The binfile can be used normally later.

Pixfirewall> en

Password:

Pixfirewall # con t

Pixfirewall (config) # interface ethernet1 -- enter port Mode

Pixfirewall (config-if) # ip address 192.1.11 255.255.255.0 -- configure the IP address of the e1 Port

Pixfirewall (config-if) # nameif inside -- configure the e1 port as the inside port of the firewall

INFO: Security level for "inside" set to 100 by default.

Pixfirewall (config-if) # no shutdown -- activate the inside Port

Pixfirewall (config-if) # ping 192.1.1.2 -- Test

Sending 5, 100-byte ICMP Echos to 192.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 MS

Pixfirewall (config-if) # exit -- exit port Mode

Pixfirewall (config) # copy tftp flash: -- copybin File

Address or name of remote host []? 192.1.1.2 -- IP address of the tftp Server

Source filename []? Pix701.bin -- file name

Destination filename [pix701.bin]? Pix701.bin -- confirm

Accessing tftp: // 192.1.1.2/pix701.bin ...!! -- Start copy and wait patiently

Writing file flash: pix701.bin ...!!!!!!!!!!!!!

5124096 bytes copied in 82.80 secs (62488 bytes/sec)

Pixfirewall (config) # reload -- upgrade complete. Restart !!!!!!! Ps. The first start time will take a little longer. Don't worry.

The following is the configuration. it is also very easy. It is similar to configuring and activating the outside Port and the inside port just now, but be careful not to configure the IP address. this is a transparent mode. who has seen an IP address on both ends of a network cable?

Pixfirewall> en

Password:

Pixfirewall # con t

Pixfirewall (config) # interface ethernet0

Pixfirewall (config-if) # nameif outside

INFO: Security level for "outside" set to 0 by default.

Pixfirewall (config-if) # no shutdown

Pixfirewall (config-if) # exit

Pixfirewall (config) # interface ethernet1

Pixfirewall (config-if) # nameif inside

INFO: Security level for "inside" set to 100 by default.

Pixfirewall (config-if) # no shutdown

Pixfirewall (config-if) # exit

Remember ~~~~~~~~ Here is the most important sentence:

Pixfirewall (config) # firewall transparent -- set the firewall to transparent mode

Pixfirewall (config) # access-list out-list extended permit icmp any -- set to allow all protocols

Pixfirewall (config) # access-list out-list extended permit ip any -- set to allow all IP addresses

Pixfirewall (config) # access-group out-list in interface outside -- bind the access list to the outside interface

Pixfirewall (config) # access-group out-list out interface outside -- bind the access list to the outside interface

Pixfirewall (config) # ip address 192.1.1.1 255.255.255.0 -- set an IP address for configuring the firewall later