Cisco PIX 506

routingbyrumorroutingbyrumor Posts: 93Member ■■□□□□□□□□
Hello, I am thinking of purchasing a Pix 506, Will this be enough to get through the CCSP with? or will there be more hardware? I already have a large amount of routers and switches.

Comments

  • HHHTheGameHHHTheGame Posts: 75Member ■■□□□□□□□□
    Don't bother. Get the ASA5505. It's only $600 and it runs v7 of the OS.
  • routingbyrumorroutingbyrumor Posts: 93Member ■■□□□□□□□□
    Thanks for the reply, I'll look into this ASA505 on Ebay.
  • MunckMunck Posts: 150Member
    With PIX 506, you're stuck with OS 6.x, so it can't be used for the CCSP
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member ■■■■■■■■□□
    If you can't stretch to the newer models you can still get some mileage from the 500 series. While some of the commands have changed, and 7.0 does add a fair bit extra, you can get to grips with translations, routing, access-lists, multiple zone theory etc. Many of the 7.0 command changes are to bring it more into IOS'ese so router experience can help bridge more of the gap.
    I'm sitting the PIX exam this Friday so I'll let you know if my theory actually holds true (using a 515 with 6.3 at work and borrowed a 501 with the same for home study....).
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • dissolveddissolved Posts: 228Inactive Imported Users
    I personally do not like IOS 7 on pix. They should have left it the way it was. I know they are trying to make it easier for network admins, but it's making it harder on small businesses with 501s or 506e's that can't run the new IOS

    Bad move IMHO
  • dissolveddissolved Posts: 228Inactive Imported Users
    HHHTheGame wrote:
    Don't bother. Get the ASA5505. It's only $600 and it runs v7 of the OS.

    I've never seen this before, link?
  • mikej412mikej412 Posts: 10,090Member
    Not listed as in stock at CDW yet.... "Call for availability"

    The Security Plus Bundle will ship within 13 days if ordered today (for $1,159.99).

    They do have a 5510 in stock.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • dissolveddissolved Posts: 228Inactive Imported Users
    thanks Mike, good to know. I'll be checking ebay for this. And this runs the new IOS 7? I'll be forced to play with it since I'm taking the pix exam soon.

    From my understanding, there is some 6.3 IOS on the test too right?
  • defxdefx Posts: 3Member ■□□□□□□□□□
    PIX 506 can run pix 7.x an asa 7.x whit a ram upgrade, just open, put 32 or 64 dimm and practice :D
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member ■■■■■■■■□□
    Unsupported and apparently only possible by stripping out the GUI components.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • defxdefx Posts: 3Member ■□□□□□□□□□
    r0ckwell on December 20th, 2006 wrote:

    Before proceeding, keep in mind that Cisco will no longer support your hardware or software after doing this, so don’t bother trying to get support for it. I’ve decided to share this knowledge to assist those who are less fortunate to have access to a 515 model or ASA. Considering we pay enough money for books, classes, and equipment, this will help tremendously with studying for the CCIE-Security exam.

    I’ve collected information from various forums and have concluded that none of the methods explained really work. Maybe because people don’t really want to share the information or maybe it’s because they are worried that Cisco will find out.

    FYI, I’ve condensed the ’show’ outputs to allow for easier reading.

    Here is what I’ve done to get the code to run.

    You can’t do the upgrade with only 32MB of RAM, you will need 64MB. Lucky for me I had 2 506E models to use. I took the RAM from one unit and placed in the slot of the PIX I wanted to upgrade.

    When you run a ’show version’, you should see the following output:

    pixfirewall(config)# sh ver

    Cisco PIX Firewall Version 6.3(5)

    Compiled on Thu 04-Aug-05 21:40 by morlee

    pixfirewall up 5 mins 45 secs

    Hardware: PIX-506E, 64 MB RAM, CPU Pentium II 300 MHz
    Flash E28F640J3 @ 0×300, 8MB

    Notice the 64MB of RAM. This is important if you want to continue.

    Next, I downloaded the pdm-304.bin file from Cisco’s website and renamed it to fakepdm.bin.

    I started up the TFTP server and ran ‘copy tftp flash:pdm’ on the PIX.

    pixfirewall(config)# copy tftp flash:pdm
    Address or name of remote host [0.0.0.0]? 192.168.1.35
    Source file name [cdisk]? fakepdm.bin
    copying tftp://192.168.1.35/fakepdm.bin to flash:pdm
    [yes|no|again]? yes
    Erasing current PDM file
    Writing new PDM file
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!tftp: Timed out during transfer
    Erasing partial PDM file
    PDM file not installed.
    pixfirewall(config)#

    After this message appears “Erasing current PDM file”, unplug the ethernet cable from the PIX. As you can see by my output above, the writing new PDM portion times out. Then you will see that the PIX is ‘Erasing partial PDM file’ and ‘PDM file not installed’.

    You’ve basically cleared enough space in flash memory to run any upgrade.

    I’ve decided to upgrade to version 7.01 only. It’s your choice if you want to go higher. I’m only doing this to prove that it CAN be done.

    Next, I ran the upgrade as normal by issuing ‘copy tftp flash:image’ and used the pix701.bin file.

    pixfirewall(config)# copy tftp flash:image
    Address or name of remote host [0.0.0.0]? 192.168.1.35
    Source file name [cdisk]? pix701.bin
    copying tftp://192.168.1.35/pix701.bin to flash:image
    [yes|no|again]? yes
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Received 5124096 bytes
    Erasing current image
    Writing 5066808 bytes of image
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Image installed
    pixfirewall(config)#

    Once you reload the PIX, you will see several messages. Do not abort the reload/reboot sequence. It’s normal what you are about to see. The 7.x code is what’s causing the following output to appear that way. Just sit back and wait for the prompt.

    pixfirewall(config)# reload
    Proceed with reload? [confirm]

    Rebooting..\uffff

    Old file system detected. Attempting to save data in flash

    Initializing flashfs…
    flashfs[7]: Checking block 0…block number was (2423)
    flashfs[7]: erasing block 0…done.
    flashfs[7]: Checking block 1…block number was (24879)
    flashfs[7]: erasing block 1…done.
    flashfs[7]: Checking block 2…block number was (-16063)
    flashfs[7]: erasing block 2…done.

    flashfs[7]: erasing block 60…done.
    flashfs[7]: Checking block 61…block number was (0)
    flashfs[7]: erasing block 61…done.
    flashfs[7]: 0 files, 1 directories
    flashfs[7]: 0 orphaned files, 0 orphaned directories
    flashfs[7]: Total bytes: 7870464
    flashfs[7]: Bytes used: 1024
    flashfs[7]: Bytes available: 7869440
    flashfs[7]: flashfs fsck took 90 seconds.
    flashfs[7]: Initialization complete.

    Saving the datafile
    !
    Saving a copy of old datafile for downgrade
    !
    Saved the activation key from the flash image
    Saved the default firewall mode (single) to flash
    Saving image file as image.bin
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Upgrade process complete
    Need to burn loader….
    Erasing sector 0…[OK]
    Burning sector 0…[OK]

    Once the checking and erasing is complete, you will notice that your 506E is now running 7.0(1) code.

    Cisco PIX Security Appliance Software Version 7.0(1)

    I guess now after knowing this, the sales prices for the 506Es on eBay will start to come down.
  • johnwest43johnwest43 Posts: 294Member
    Works great except for VLans are disabled.
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
  • NobylspoonNobylspoon Posts: 620Member ■■■□□□□□□□
    Check Craigslist and Ebay for a 5505. I was planning on a 506E myself but I am really glad I decided to go with the ASA instead. I picked mine up for $250 with a 10 user base license. Came loaded up with v7.2 and 8.0 along with ASDM 6.3.

    It is definatly worth the extra money to go for the ASA 5505. You might not be able to find it quite as cheap as I did but keep shopping and you can probably pick it up in the low $300 range for sure. However, if you need more than a 10 user license then you will be paying more. I am using mine for my home network and I never have more than 10 devices connecting to the outside interface at one time.
    WGU PROGRESS

    MS: Information Security & Assurance
    Start Date: December 2013
  • johnwest43johnwest43 Posts: 294Member
    7.0.5 allows vlans.
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    johnwest43 wrote: »
    7.0.5 allows vlans.

    Can the PIX 506 support 7? I thought that was only for ASAs. I thought the Pix 501 and 506 only support 6.3 or something.
  • tierstentiersten Posts: 4,505Member
    knwminus wrote: »
    Can the PIX 506 support 7? I thought that was only for ASAs. I thought the Pix 501 and 506 only support 6.3 or something.
    v7 is supported for the larger PIX boxes and all ASAs.

    The very early versions of v7 could be wedged into a PIX506E (The old 506 won't do it) by following the procedure to erase PDM so you have enough space on the flash to store the image.

    Later versions of v7 won't work on a PIX506E because they're larger than the available space and they added or removed something which causes it to abort.
  • johnwest43johnwest43 Posts: 294Member
    7.05 is the newest you can wedge onto a 506e.
    CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014
  • Bl8ckr0uterBl8ckr0uter Posts: 5,031Inactive Imported Users ■■■■■■■■□□
    I'm going to snag this PIX 506E from work to help me better understand the PIX OS. I am migrating the business off of a PIX 515 to an SonicWall NSA 3500 in a few weeks and I need to have a complete understanding of what the PIX config has in it so I can migrate everything successfully and quickly.
  • zen masterzen master Posts: 222Member
    Hey guys, I'm thinking of ordering the following "CISCO ASA5505-BUN-K9 10000 Simultaneous Sessions Firewall throughput: Up to 150 Mbps 3DES/AES VPN throughput: Up to 100 Mbps Cisco ASA 5505 10-User Bundle". Will this be adequate for the CCSP? Any input would be greatly appreciated.
  • tierstentiersten Posts: 4,505Member
    zen master wrote: »
    Hey guys, I'm thinking of ordering the following "CISCO ASA5505-BUN-K9 10000 Simultaneous Sessions Firewall throughput: Up to 150 Mbps 3DES/AES VPN throughput: Up to 100 Mbps Cisco ASA 5505 10-User Bundle". Will this be adequate for the CCSP? Any input would be greatly appreciated.
    The base license ASA5505 can't handle failover and won't do trunking. The Security Plus licensed ASA5505 is only capable of doing active/standby failover. It only takes SSCs as well so if you want to put in a module then you'll have to deal with those instead of SSMs.

    In short, you'll be able to do most of what you need but there are limitations like the failover support.
  • QHaloQHalo Posts: 1,488Member
    Also I'm pretty sure that SNAF has security contexts on it as well. A 5505 will not have them no matter what license you buy for it. You have to upgrade to a 5510 with a Sec plus license to get those.
  • tierstentiersten Posts: 4,505Member
    QHalo wrote: »
    Also I'm pretty sure that SNAF has security contexts on it as well. A 5505 will not have them no matter what license you buy for it. You have to upgrade to a 5510 with a Sec plus license to get those.
    Good point.
  • QHaloQHalo Posts: 1,488Member
    I've been looking over ASA's for a jump into CCSP after I'm done with CCNA Sec. It's looking like rack rental is the best choice to ensure you don't have equipment capability concerns. There's also the ASA Project which has a working VMware image of an ASA. You could look into that as well. I was planning on buying a 5505 to manage my home network and as something I could consistently use to get experience with them, supplemented with rack rentals. 5510's are just not cost justified for me. I've found a few with Sec Plus licenses on eBay around $1800-2600 but you need two for full capabilities and that's just an asinine amount of cash.
  • zen masterzen master Posts: 222Member
    QHalo wrote: »
    Also I'm pretty sure that SNAF has security contexts on it as well. A 5505 will not have them no matter what license you buy for it. You have to upgrade to a 5510 with a Sec plus license to get those.

    How critical is this? Can I learn the concepts using a simulator, or just using the book?

    Thanks for all the assistance guys, it's greatly appreciated. One last question, will the CISCO ASA5505-BUN-K9 help me to complete my CCNA: Security as well?
  • QHaloQHalo Posts: 1,488Member
    I'm not sure how in depth the SNAF exam goes into them so I can't really speak much more intelligently on the subject. I did find this on the CLN. Perhaps this could shed some light for you. You'll obviously need an account to access but it's free to register and worth the price of admission. Tons of good info on there.

    https://learningnetwork.cisco.com/docs/DOC-3392
  • peanutnogginpeanutnoggin Posts: 1,096Member ■■■□□□□□□□
    zen master wrote: »
    One last question, will the CISCO ASA5505-BUN-K9 help me to complete my CCNA: Security as well?

    The CCNA: Security doesn't include anything on ASA firewalls. The CCNA will introduce you to Zone Based Firewalls. HTH.

    -Peanut

    EDIT: Maybe I shouldn't say anything... I believe the ASAs are mentioned in the CCNA: Security book, but you are not shown any configurations of the ASA Firewalls in your CCNA:Security studies... At least using the Authorized Self-Study Guide
    We cannot have a superior democracy with an inferior education system!

    -Mayor Cory Booker
Sign In or Register to comment.