| CODE |
| pixfirewall# sh ver Cisco PIX Firewall Version 6.3(4) Cisco PIX Device Manager Version 3.0(1) Compiled on Fri 02-Jul-04 00:07 by morlee pixfirewall up 8 days 0 hours Hardware: PIX-535, 1024 MB RAM, CPU Pentium III 1000 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash DA28F320J5 @ 0xfffd8000, 128KB Encryption hardware device : VAC+ (Crypto5823 revision 0x1) 0: gb-ethernet0: address is 000e.0c6b.96d0, irq 255 1: gb-ethernet1: address is 000e.0c6b.96cf, irq 255 2: ethernet0: address is 000e.0c5f.a3f0, irq 255 3: ethernet1: address is 000e.0c5f.a349, irq 255 Licensed Features: Failover: Enabled VPN-DES: Enabled VPN-3DES-AES: Enabled Maximum Physical Interfaces: 10 Maximum Interfaces: 24 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited This PIX has an Unrestricted (UR) license. Serial Number: XXXXXXXXX Running Activation Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Configuration last modified by enable_15 at 00:55:28.017 UTC Tue Jun 7 2005 |
| CODE |
| pixfirewall# sh flash flash file system: version:3 magic:0x12345679 file 0: origin: 0 length:1966136 file 1: origin: 2097152 length:1975 file 2: origin: 0 length:0 file 3: origin: 2228224 length:3126944 file 4: origin: 0 length:0 file 5: origin: 8257536 length:308 |
| CODE |
| pixfirewall# sh ru pixfirewall# wr |
| CODE |
| pixfirewall# sh int interface gb-ethernet0 "outside" is up, line protocol is up ………… interface gb-ethernet1 "inside" is up, line protocol is up ………… interface ethernet0 "inf3" is administratively down, line protocol is up ………… interface ethernet1 "inf4" is administratively down, line protocol is down ………… |
| CODE |
| pixfirewall(config)# ip address inf3 10.32.2.79 255.255.255.0 pixfirewall(config)# exit pixfirewall# pixfirewall# ping 10.32.2.78 10.32.2.78 response received -- 0ms 10.32.2.78 response received -- 0ms 10.32.2.78 response received -- 0ms |
| CODE |
Wait..... PCI Device Table. Bus Dev Func VendID DevID Class Irq 00 00 00 1166 0008 Host Bridge 00 00 01 1166 0008 Host Bridge 00 00 02 1166 0006 Host Bridge 00 00 03 1166 0006 Host Bridge 00 01 00 8086 1229 Ethernet 255 00 02 00 8086 1229 Ethernet 255 00 0F 00 1166 0200 ISA Bridge 00 0F 01 1166 0211 IDE Controller 00 0F 02 1166 0220 Serial Bus 71 01 0B 00 14E4 5823 Co-Processor 255 02 06 00 8086 1001 Ethernet 255 02 07 00 8086 1001 Ethernet 255 Cisco Secure PIX Firewall Embedded BIOS Version 4.3 Cisco PIX-535 +------------------------------------------------------------------------------+ | System BIOS Configuration, (C) 2000 General Software, Inc. | +---------------------------------------+--------------------------------------+ | System CPU : Pentium III | Low Memory : 637KB | | Coprocessor : Enabled | Extended Memory : 1023MB | | Embedded BIOS Date : 11/28/00 | Serial Ports 1-2 : 03F8 02F8 | +---------------------------------------+--------------------------------------+ Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:34 PST 2001 Platform PIX-535 Flash=i28F640J5 @ 0x300 Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot interrupted. 0: i8255X @ PCI(bus:0 dev:2 irq:255) 1: i8255X @ PCI(bus:0 dev:1 irq:255) Ethernet auto negotiation timed out. Ethernet port 1 could not be initialized. Use ? for help. monitor> Invalid or incorrect command. Use 'help' for help. |
| CODE |
| monitor> interface 0: i8255X @ PCI(bus:0 dev:2 irq:255) 1: i8255X @ PCI(bus:0 dev:1 irq:255) |
| CODE |
| monitor> interface 0 0: i8255X @ PCI(bus:0 dev:2 irq:255) 1: i8255X @ PCI(bus:0 dev:1 irq:255) Using 0: i82559 @ PCI(bus:0 dev:2 irq:255), MAC: 000e.0c5f.a3f0 |
| CODE |
| monitor> address 10.32.2.79 address 10.32.2.79 monitor> server 10.32.2.78 server 10.32.2.78 monitor> ping 10.32.2.78 Sending 5, 100-byte 0x7970 ICMP Echoes to 10.32.2.78, timeout is 4 seconds: !!!!! Success rate is 100 percent (5/5) monitor> file pix701.bin file pix701.bin monitor> tftp tftp pix701.bin@10.32.2.78........................... ………… Received 5124096 bytes Cisco PIX Security Appliance admin loader (3.0) #0: Thu Mar 31 14:03:05 PST 2005 #################################################### …… 1024MB RAM |
| CODE |
Total NICs found: 4 mcwa i82559 Ethernet at irq 255 MAC: 000e.0c5f.a349 mcwa i82559 Ethernet at irq 255 MAC: 000e.0c5f.a3f0 BIOS Flash=DA28F320J5 @ 0xD8000 i82543 rev02 Gigabit Ethernet @ irq255 dev 6 index 01 MAC: 000e.0c6b.96cf i82543 rev02 Gigabit Ethernet @ irq255 dev 7 index 00 MAC: 000e.0c6b.96d0 Old file system detected. Attempting to save data in flash |
| CODE |
| Initializing flashfs... flashfs[7]: Checking block 0...block number was (-10627) ………… flashfs[7]: erasing block 0...done. flashfs[7]: Checking block 125...block number was (-1) flashfs[7]: erasing block 125...done. flashfs[7]: 0 files, 1 directories flashfs[7]: 0 orphaned files, 0 orphaned directories flashfs[7]: Total bytes: 16128000 flashfs[7]: Bytes used: 1024 flashfs[7]: Bytes available: 16126976 flashfs[7]: flashfs fsck took 161 seconds. flashfs[7]: Initialization complete. Saving the configuration ! Saving a copy of old configuration as downgrade.cfg ! Saved the activation key from the flash image Saved the default firewall mode (single) to flash The version of image file in flash is not bootable in the current version of software. Use the downgrade command first to boot older version of software. The file is being saved as image_old.bin anyway. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! …… Upgrade process complete Need to burn loader.... Erasing sector 0...[OK] Burning sector 0...[OK] Licensed features for this platform: Maximum Physical Interfaces : 14 Maximum VLANs : 200 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Cut-through Proxy : Enabled Guards : Enabled URL Filtering : Enabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : Unlimited This platform has an Unrestricted (UR) license. |
| CODE |
| Encryption hardware device : VAC+ (Crypto5823 revision 0x1) -------------------------------------------------------------------------- . . | | ||| ||| .|| ||. .|| ||. .:||| | |||:..:||| | |||:. C i s c o S y s t e m s -------------------------------------------------------------------------- Cisco PIX Security Appliance Software Version 7.0(1) ****************************** Warning ******************************* This product contains cryptographic features and is subject to United States and local country laws governing, import, export, transfer, and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute, or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return the enclosed items immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. ******************************* Warning ******************************* Copyright (c) 1996-2005 by Cisco Systems, Inc. Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 ERROR: This command is no longer needed. The LOCAL user database is always enabled. *** Output from config line 59, "aaa-server LOCAL protoco..." ERROR: This command is no longer needed. The 'floodguard' feature is always enabled. *** Output from config line 64, "floodguard enable" |
| CODE |
| Cryptochecksum(unchanged): a24fcf17 7e777a56 ca8e0420 377bb244 INFO: converting 'fixup protocol dns maximum-length 512' to MPF commands INFO: converting 'fixup protocol ftp 21' to MPF commands INFO: converting 'fixup protocol h323_h225 1720' to MPF commands INFO: converting 'fixup protocol h323_ras 1718-1719' to MPF commands INFO: converting 'fixup protocol http 80' to MPF commands INFO: converting 'fixup protocol netbios 137-138' to MPF commands INFO: converting 'fixup protocol rsh 514' to MPF commands INFO: converting 'fixup protocol rtsp 554' to MPF commands INFO: converting 'fixup protocol sip 5060' to MPF commands INFO: converting 'fixup protocol skinny 2000' to MPF commands INFO: converting 'fixup protocol smtp 25' to MPF commands INFO: converting 'fixup protocol sqlnet 1521' to MPF commands INFO: converting 'fixup protocol sunrpc_udp 111' to MPF commands INFO: converting 'fixup protocol tftp 69' to MPF commands INFO: converting 'fixup protocol sip udp 5060' to MPF commands INFO: converting 'fixup protocol xdmcp 177' to MPF commands |
| CODE |
************************************************************************ ** ** ** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** ** ** ** ** ----> Current image running from RAM only! <---- ** ** ** ** When the PIX was upgraded in Monitor mode the boot image was not ** ** written to Flash. Please issue "copy tftp: flash:" to load and ** ** save a bootable image to Flash. Failure to do so will result in ** ** a boot loop the next time the PIX is reloaded. ** ** ** ************************************************************************ Type help or '?' for a list of available commands. |
| CODE |
| pixfirewall> en Password: pixfirewall# sh run : Saved : PIX Version 7.0(1) names ! interface GigabitEthernet0 speed 1000 nameif intf2 security-level 4 no ip address ! interface GigabitEthernet1 speed 1000 nameif intf3 security-level 6 no ip address ! interface Ethernet0 shutdown nameif outside security-level 0 no ip address ! interface Ethernet1 shutdown nameif inside security-level 100 no ip address enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall ftp mode passive pager lines 24 mtu intf2 1500 mtu intf3 1500 mtu outside 1500 mtu inside 1500 no failover monitor-interface intf2 monitor-interface intf3 monitor-interface outside monitor-interface inside asdm history enable arp timeout 14400 nat-control timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp no sysopt connection permit-ipsec telnet timeout 5 ssh timeout 5 ssh version 1 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global Cryptochecksum:a24fcf177e777a56ca8e0420377bb244 : end |
| CODE |
| pixfirewall# sh ver Cisco PIX Security Appliance Software Version 7.0(1) Compiled on Thu 31-Mar-05 14:37 by builders System image file is "Unknown, monitor mode tftp booted image" Config file at boot was "startup-config" pixfirewall up 21 secs Hardware: PIX-535, 1024 MB RAM, CPU Pentium III 1000 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash DA28F320J5 @ 0xfffd8000, 128KB Encryption hardware device : VAC+ (Crypto5823 revision 0x1) 0: Ext: GigabitEthernet0 : media index 0: irq 255 1: Ext: GigabitEthernet1 : media index 1: irq 255 2: Ext: Ethernet0 : media index 0: irq 255 3: Ext: Ethernet1 : media index 1: irq 255 Licensed features for this platform: Maximum Physical Interfaces : 14 Maximum VLANs : 200 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Cut-through Proxy : Enabled Guards : Enabled URL Filtering : Enabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : Unlimited This platform has an Unrestricted (UR) license. |
| CODE |
| pixfirewall# sh flash Directory of flash:/ 4 -rw- 1975 01:52:34 Jun 07 2005 downgrade.cfg 7 -rw- 1966136 01:53:02 Jun 07 2005 image_old.bin 16128000 bytes total (14154752 bytes free) |
| CODE |
| pixfirewall# conf t pixfirewall(config)# int e0 pixfirewall(config-if)# ip add 10.32.2.79 255.255.255.0 pixfirewall(config-if)# no sh pixfirewall(config-if)# end pixfirewall# ping 10.32.2.78 Sending 5, 100-byte ICMP Echos to 10.32.2.78, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms pixfirewall# copy tftp flash Address or name of remote host []? 10.32.2.78 Source filename []? pix701.bin Destination filename [img]? pix701.bin Accessing tftp://10.32.2.78/pix701.bin...!!!!!!!!!! ………… Writing file flash:pix701.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! …… |
| CODE |
| pixfirewall# sh flash: Directory of flash:/ 4 -rw- 1975 01:52:34 Jun 07 2005 downgrade.cfg 7 -rw- 1966136 01:53:02 Jun 07 2005 image_old.bin 9 -rw- 5124096 01:56:59 Jun 07 2005 pix701.bin 16128000 bytes total (9030144 bytes free) pixfirewall# conf t pixfirewall(config)# boot system flash:pix701.bin INFO: Converting flash:pix701.bin to flash:/pix701.bin pixfirewall(config)# end pixfirewall# wr Building configuration... Cryptochecksum: 2b4bf78b 4f0a95ed b8ef276f 6974c7d6 1852 bytes copied in 0.540 secs [OK] pixfirewall# sh bootvar BOOT variable = flash:/pix701.bin Current BOOT variable = flash:/pix701.bin CONFIG_FILE variable = Current CONFIG_FILE variable = |
| CODE |
| pixfirewall# reload Proceed with reload? [confirm] pixfirewall# *** *** --- START GRACEFUL SHUTDOWN --- Shutting down isakmp Shutting down File system *** *** --- SHUTDOWN NOW --- Rebooting.... |
|