Version 7/8 doesn't run on PIX 506/501

javasteve · July 2007

My company buys lots of PIX 506Es/501s. 6.3(5) is the latest software for the 506/501, and it has been out for over a year. They don't run version 7/8. They have been running the same IOS for 1 year, and it doesn't look like there is any upgrade on the way.

Why is Cisco still selling 506E/501 if it can't run version 7/8. I realize they don't have enough flash or memory, but Cisco needs to figure out a way around that.

How can you sell a product, and not provide updates for it! Maybe it is time for the company to swtich to checkpoint.

dtlokee · July 2007

I thought it had to do with the 501 and 506 only supporting 32MB of RAM and 7.x requires 64MB minimum.

As far as Cisco updating the software, they have, it's called an ASA 5505, that's the current product Cisco offers and if you want to run 7.x I would look into them.

javasteve · July 2007

dtlokee wrote:

I thought it had to do with the 501 and 506 only supporting 32MB of RAM and 7.x requires 64MB minimum.

As far as Cisco updating the software, they have, it's called an ASA 5505, that's the current product Cisco offers and if you want to run 7.x I would look into them.

That's the problem. They are still selling 506Es and 501s. If they are not going to support them with upgraded firmware, then why sell them? If they take them off the market, companies have no choice but to buy the 5505s.

My only gripe with Cisco is that they are selling this product and not supporting it.

dtlokee · July 2007

Yeah I agree, it would seem they could make some sort of upgrade that can be run on the 506. But at the same time the ASA is far more capable than the PIX so Cisco most likely wants people to have a reason to upgrade to the ASA. It's just a matter of time before the EOL the PIX products.

Ahriakin · July 2007

You can get the 506 working with 7.x but without the ASDM, there are some posts on the CCSP forum I believe about it. I think the main reasons they still sell the older models is so many companies use them as branch office VPN clients and they need spares/replacements. It's a lot faster/cheaper to just load your backed up config for that office to a new clone and ship it down. Not that configuring a 5505 vs. a 501 is that big a deal but again for larger companies it may be an issue for a while.

javasteve · July 2007

Ahriakin wrote:

You can get the 506 working with 7.x but without the ASDM, there are some posts on the CCSP forum I believe about it. I think the main reasons they still sell the older models is so many companies use them as branch office VPN clients and they need spares/replacements. It's a lot faster/cheaper to just load your backed up config for that office to a new clone and ship it down. Not that configuring a 5505 vs. a 501 is that big a deal but again for larger companies it may be an issue for a while.

I just saw the post on how to make the 506 run 7.x. I need one to practice for my CCIE:Security so I will try to create one of these "franken-pix" frewalls. Thanks for the tip.

ITdude · July 2007

From what I have heard from fairly reliable sources the PIX series is essentially EOL and will be phased out in favor of the ASA products. It is not likely they will be doing much with the PIX line anymore.

Ahriakin · July 2007

javasteve wrote:

I just saw the post on how to make the 506 run 7.x. I need one to practice for my CCIE:Security so I will try to create one of these "franken-pix" frewalls. Thanks for the tip.

For study you should check out PEMU (Full PIX emulator), again there are a few posts about it over on the CCSP side too. It's a full blown PIX 525/128mb of ram, you need to get your own 7.x and ASDM images and serial/activation key though but it works brilliantly.

Version 7/8 doesn't run on PIX 506/501

Comments