No announcement yet.

Problem Naming PIX Firewall Interface

  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem Naming PIX Firewall Interface

    I need help naming the Ethernet ports on my 501 PIX Firewall. The PIX has 5 Ethernet ports. Ent 0 outside, ent 1 inside, and the remaining ent 2 thru 4. I trying to name ent 2 DMZ int for my Web server.

    I tried several times without success. Below are the command results that I’m receiving, and the PIX IOS Version:

    pixfirewall# config t
    pixfirewall(config)# nameif ethernet2 dmz security60
    Usage: nameif <hardware_id> <if_name> <security_lvl>
    nameif <vlan_id> <if_name> <security_lvl>
    no nameif
    pixfirewall(config)# nameif ethernet3 dmz security60
    Usage: nameif <hardware_id> <if_name> <security_lvl>
    nameif <vlan_id> <if_name> <security_lvl>
    no nameif

    pixfirewall# sh ver

    Cisco PIX Firewall Version 6.3(5)
    Cisco PIX Device Manager Version 3.0(4)

    Compiled on Thu 04-Aug-05 21:40 by morlee

    pixfirewall up 9 hours 11 mins

    Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
    Flash E28F640J3 @ 0x3000000, 8MB
    BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

    0: ethernet0: address is 000b.5fa1.ac13, irq 9
    1: ethernet1: address is 000b.5fa1.ac14, irq 10
    Licensed Features:
    Failover: Disabled
    VPN-DES: Enabled
    VPN-3DES-AES: Enabled
    Maximum Physical Interfaces: 2
    Maximum Interfaces: 2
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: 10
    Throughput: Unlimited
    IKE peers: 10

    This PIX has a Restricted (R) license.

    Serial Number: 806470709 (0x3011c435)
    Running Activation Key: 0x6bd8e154 0x70b793d7 0x0a73e835 0xb9240a57
    Configuration last modified by enable_15 at 19:53:22.075 UTC Thu Apr 3 2008
    pixfirewall# sh ru
    : Saved
    PIX Version 6.3(5)
    interface ethernet0 100full
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password pGpYPZJxUjuCnyxs encrypted
    passwd pGpYPZJxUjuCnyxs encrypted
    hostname pixfirewall
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    no ip address outside
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
    banner exec bannner exec
    banner exec bannner exec Unauthorized Access Will Be Terminated By Unforeseen Even
    : end

  • #2
    Re: Problem Naming PIX Firewall Interface

    It has 2 interfaces. The 501 has a switch on the back but they are all the same internal interface I'm afraid.

    Please read this before you post:

    Quis custodiet ipsos custodes?


    • #3
      Re: Problem Naming PIX Firewall Interface

      Moved to Cisco Security.
      Technical Consultant

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"


      • #4
        Re: Problem Naming PIX Firewall Interface


        Thanks - For the quick response. Look like I'm going to have to upgrade my PIX to setup my DMZ.



        • #5
          Re: Problem Naming PIX Firewall Interface

          No probs4.
          Have a look at the ASA as the PIX has been superceded now (although it is still really good!).


          Please read this before you post:

          Quis custodiet ipsos custodes?