CISCO PIX Knowledge Base

The Cisco PIX configuration notes and configuration templates found on this page are a work in progress. They have been used to configure several firewalls, and may need tweaking for specific applications. They are here to serve as a guide, and they are not a substitute for an understanding of how to program a Cisco Pix Firewall.

Default Cisco PIX 501 Configuration:

• Default PIX 501 Configuration

Base Cisco PIX Configuration:

This as a template to setup basic CISCO Pix configuration with local Authentication. The beginning lines prepare a Cisco 501 with a default configuration for configuration. This assumes that the inside and outside addresses are static. Banners are also included with this configuration template.

• Base PIX 501 Configuration

Enable SSH:

Steps needed to enable SSH

• Enable SSH to PIX Firewall

Enable Banners:

Steps needed to enable banners

• Enable banners

Access-list Example

Access List Example

• Access List Example

DHCP Relay

Steps needed to enable dhcp relay

• Enable dhcp relay

Management Access

Enables access to an internal management interface on the firewall.

• Enable management access

Nat Traversal

Nat traversal extends support for site-to-site and remote access IPSec-based VPNs to network environments that implement Network Address Translation (NAT) or Port Address Translation (PAT).

• Enable nat traversal

Local Authentiction:

These are the commands needed to add to a configuration to enable local Authentication.

• Local Authentication Configuration

VPN with Local Authentiction:

These are the commands needed to enable Remote VPN Access using local Authentication.

• VPN with Local Authentication Configuration

VPN with RADIUS Authentiction:

These are the commands needed to enable Remote VPN Access using RADIUS Authentication. You can further restrict traffic passing through the vpn tunnel by assigning filter id's to users as they connect to the vpn server. Filter id's can be assigned to users with IAS, and using windows domain groups. While the user is connecting to the vpn, an access-list with the same name as the filter id will be applied to the vpn user.

• VPN with RADIUS Authentication Configuration
• Windows RADIUS configuration
• Cisco PIX VPN & Radius Example

Site to Site VPN:

Site to Site VPN template.

• Site to Site VPN Configuration Template

Capture Network Traffice with PIX:

Packet Capturing with CISCO Pix.

• Packet Capturing

Cisco PIX Easyvpn:

This allows your Cisco PIX Firewall to act as a vpn client.

• Easyvpn Template

Cisco PIX Password Recovery:

Need access to a Cisco PIX Firewall, and don't have the appropriate password?

• Cisco PIX Password Recovery

ESMTP INSPECT

If you use TLS with Sendmail or Postfix, an PIX/ASA will drop the packets. Disable esmtp inspection to allow TLS functionality.

• Disable Inspect esmtp