[rescue] Cisco PIX 506 questions

Chad McAuley chizad at gmail.com
Tue Jul 3 17:34:42 CDT 2007

On 7/3/07, Bill Bradford <mrbill at mrbill.net> wrote:
> Ask the network guys at your $WORK, or just ask around for a friend who
> has a CCO login.  That's just about the only way to do it - Cisco proper
> will want money.
> Bill

Unfortunately, among many other tasks, I am the "network guy" here at
$WORK.  AFAIK we never had any SmartNets on any of our Cisco equipment
before our recent WAN upgrade.[0] And now with our new MPLS WAN setup
we're letting SBC manage all our WAN endpoints including router
configs and equipment maintenance/service and such.  (Two reasons: a)
it makes one less thing for us to worry about[1] b) since none of us
has much Cisco experience any time we needed to make config changes
we'd have to call the engineer assigned to our account anyway)  So
there's no one here I can get CCO access from, and being relatively
fresh out of college and the "alpha geek" of my circle of friends I
know none of them will have a CCO login.  I'm sure my boss knows
someone who does though, so I'll have to ask him after the holiday.

On 7/3/07, Phil Brutsche <phil at tux.obix.com> wrote:
> Good luck, there are only 2 ways to get a firmware upgrade;

That's what I thought, i just wanted to make sure there wasn't some
other option I was overlooking.

> To say PIXes are non-intuitive is putting it lightly.
> A good place to start is this (link may be line wrapped):
> http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html

Thanks, I'll have to bookmark that in the event I do end up using this 506.

> Based on my limited experience with Finesse 7.x (Finesse is the official
> name of the PIX software, most people call it IOS which is very
> different) it is a lot easier than it used to be. Not that 7.x would run
> on a 506 ;)
> Personally I think a 26[11|21] w/ the firewall feature set is a lot
> easier to set up. It won't have the performance levels of a PIX though.

It'd be going behind a 3.0/512 residential DSL line, so I wouldn't
expect performance to be an issue.  Especially since between myself
and my two roommates I make the most use of our internet connection,
and (right now) my needs are pretty simple; just a handful of port
forwarding rules.  Probably the trickiest part is going to be making
sure the PIX is set up to allow us to initiate VPN connections from
behind it, since all three of us work from home from time to time.

> Finesse is generally pretty well debugged and extremely reliable; that
> goes doubly for something as old as 6.3. You have a better chance of
> hitting not-yet resolved issues with 7.x.

Good to know.

[0]: All of our routers were purchased through SBC, before I started
here, so I don't know if SBC held the smartnet contracts on them on
our behalf as part of our contract with them or something.  So the
devices may have had SmartNets, but we sure don't have any
documentation on them or the CCO access that they came with.  :(

[1]: $WORK is a company that handles sales/service/rentals/parts for
construction equipment, forklifts, underground/quarry supply
equipment, as well as owns a sister company that manufacturers
conveyors for quarries. Needless to say, I'm in proprietary
hardware/software hell.  Plus, the IT dept here consists of myself and
my boss; between the two of us we handle everything rechnology related
for 300+ users spread across 14 locations. And I'm the low man on the
totem pole, so I handle most of the helpdesk and systems/desktop
technician stuff, in addition to occasionally having to don my
sysadmin or network admin hats.

More information about the rescue mailing list