Solved

PIX 525 ver 6.3 need to upgraded to version 7

Posted on 2006-10-31
2
431 Views
Last Modified: 2007-12-19
Dear Experts

I have two questions

Question 1

I have a pix 525 with IOS ver 6.3. I need to upgrade the IOS with the latest one i.e 7.1 I believe. I just want to know what will happen to my current configuration after IOS upgradation, shall I need to reconfigure firewall. Below is my current configuration. If i need to reconfigure the firewall what will be the new commands

VPN# sho run
: Saved
:
PIX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 100full
interface gb-ethernet0 1000auto
interface gb-ethernet1 1000auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif gb-ethernet0 dmz security10
nameif gb-ethernet1 intf3 security6
enable password UNbpkCo92r/eQuc/ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname KFSHVPN
domain-name KFSHVPN
clock timezone AST 3
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 102 permit ip 10.0.0.0 255.255.248.0 10.1.2.0 255.255.255.0
access-list 101 permit ip 10.0.0.0 255.255.248.0 10.1.2.0 255.255.255.0
access-list outside permit tcp any host 212.12.181.156 eq smtp
access-list dmz permit tcp host 193.168.0.5 eq smtp any
access-list outside_in permit icmp any any echo-reply
access-list outside_in permit icmp any any time-exceeded
access-list outside_in permit icmp any any unreachable
pager lines 24
logging timestamp
logging trap warnings
logging host inside 10.0.0.2
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu intf3 1500
ip address outside 212.x.x.x 255.255.255.240
ip address inside 10.0.0.3 255.255.248.0
ip address dmz 193.168.0.1 255.255.255.0
no ip address intf3
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool 10.1.2.0-10.1.2.25
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address dmz
no failover ip address intf3
pdm location 10.0.0.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 2 212.x.x.x netmask 255.255.255.240
nat (inside) 0 access-list 101
nat (inside) 2 10.0.0.0 255.255.255.240 0 0
nat (inside) 1 10.0.0.0 255.0.0.0 0 0
static (inside,outside) 212.x.x.151 10.0.0.2 netmask 255.255.255.255 0 0
static (dmz,outside) 212.x.x.156 193.168.0.5 netmask 255.255.255.255 0 0
access-group outside_in in interface outside
access-group dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 212.x.x.145 1
route inside 10.0.0.0 255.0.0.0 10.0.0.10 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 10.0.0.2 255.255.255.255 inside
http 10.0.0.4 255.255.255.255 inside
snmp-server host inside 10.0.0.2

no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup khaleej3000 address-pool ippool
vpngroup khaleej3000 dns-server 10.0.0.26
vpngroup khaleej3000 default-domain
vpngroup khaleej3000 split-tunnel 102
vpngroup khaleej3000 idle-time 1800
vpngroup khaleej3000 password
vpngroup kfsh3000 address-pool ippool
vpngroup kfsh3000 default-domain
vpngroup kfsh3000 split-tunnel 102
vpngroup kfsh3000 idle-time 1800
vpngroup kfsh3000 password
telnet 10.0.0.2 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 20
terminal width 80
banner exec Unauthorized access is probhited
banner exec Violators will be prosecuted
banner login Violators will be prosecuted
banner motd Violators will be prosecuted
Cryptochecksum:fd21e28ee9374a135f6c921f9a908fd8
: end
VPN#



Question 2

I need to know is there any free RADIUS server available which can replace Cisco ACS. As i need to configure AAA for Cisco 6513,3550 Switches. If yes please let me know the details.


cheers

alkhaleej
0
Comment
Question by:alkhaleej
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Expert Comment

by:Caoilte
ID: 17853672
Q1 ) The upgrade process will look after altering the config so it works with PixOS7.

The thing to check is that you have enough memory for PixOS7.... After that it is a 2 step - Upgrade the OS and Upgrade teh PDM to ASDM.

Q2 ) there are a few - google is your friend as they all offer different things, so you should be able to find one that will do AAA for you.
0
 
LVL 8

Accepted Solution

by:
yasirirfan earned 500 total points
ID: 17937464
Dear Khaleej

I agree with Caoilte

Here are the steps to upgrade the pix 525 from 6.3 to 7
http://www.cisco.com/warp/public/110/cspix-adsm-swupgrade.pdf

Question 2 its better u google

Cheers


Yasir
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month7 days, 8 hours left to enroll

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question