Reconfiguring a Cisco PIX 515E

    We have just taken over support of a company's infrastructure and part of this is a CISCO PIX 515E Firewall, but we have no real knowledge of the device

    The previous company has left us with the configuration documented in both spreadsheet and notepad format, but the device has no CISCO support or the Windows GUI client installed anywhere.

    We need to reconfigure the CISCO as they are swapping ISP and therefore IP addresses.

    I believe I can just edit the configuration file and replace the old IP address with the new, but how do I apply it to the PIX.

    Is there a 'cut and paste' option, once I am logged in via the console port ??

    Simple step by step idiot instructions would be fantastic

    Hope somebody can assist


    I'm inclined to tell you to hire a subcontractor. It's not fair at all to your customer that you're managing their infrastrcuture and have no idea how to manage a critical component of it.

    That said you need to connect to it via console/ssh, take a look at the config and see which interface is facing the ISP. You can then change the IP ... something like this if the new IP was and e0 faced the outside:

    conf t
    int e0
    ip addr
    wr mem
    Brian Desmond
    Microsoft MVP - Directory Services


      Hi John
      Here is a link I can offer on how to configure a PIX firewall from scratch. It offers some basics on configuring the interfaces.
      Hope it helps
        Thanks for the link David !. Most Helpful and should get me and my co-worker out of a potential 'hole' on Friday.

        To bdesmond-mvp,
        We are in no position currently to either hire a sub contractor or back out of the deal. It was agreed on a basis that we did not know a lot about CISCO kit, so unfortunatly, I am stuck with attempting to support it.

        We are currently trying to arrange SmartNet cover for the device, but in the meantime, I am having to appeal to the users of the forum for assistance.


          For simple Pix configurations the "PDM" should be fine (which is a GUI). Unfortunately any odd-ball configuration stuff will break the PDM and limit you to using the Command Line Interface (CLI) for configuration. Soooo, the best bet in my opinion is to learn the CLI from the jump and save yourself the heart-ache of configuring using the PDM, breaking something and then being stuck in a rut trying to learn CLI overnight.

          The pix may seem a little temperamental at first but it's actually not too difficult to pickup. As someone else stated there are plenty of tutorials online and probably many people here who can assist you.

          A good starting point would be to provide a copy of your current configuration. You can do this the ugly way by using a console and copying/pasting into a notepad. If TFTP is configured on the device you can do "write net" and you will have a config copied to the server. Some older PIX firewalls have a floppy and support the "write floppy".

          In any case, get a copy of the config, cleanse it of any public IP addresses for your clients safety. Post it here along with whatever questions you may have about modifying it and I would be happy to assist you in any way possible.