PIX 515E - How do i reset the configuration? 2

[humanslurpee]

I'm using a Pix 515E firewall for my SR. Project and i was setting it up w/ basic configuration and suddenly it won't take a global command. I want to reset the box so i can start over fresh. How do i go about this?

 

[lgarner]

write erase
reload

 

[humanslurpee]

Next question -

I'm starting fresh with this PIX once again, i can't seem to get it to correctly let me access the web.
Here's my basic setup
(internet)----(cable modem (timewarner ip))----(pix)----(desktop pc)
basically, i need to know what my addressing needs to be and what commands to use that i may NOT be using.
Here's what i have done so far:
int e0/e1 100f
ip address inside/outside(need help on this one)
route(need help on this one)
thanks a bunch folks, (sorry i'm such a newb)

 

[dopehead]

Well, all you really need then is :

global (outside) 1 interface (uses outside ip for nat)
nat (inside) 1 <lan ip net> <lan netmask> (desides what going to be nat'ed)

If you have no filtering setup, all traffic originating from the inside will be allowed plus the response, except ping reply and no traffic originating from outside will be allowed.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[humanslurpee]

my instructor told me NOT to use NAT or DMZ for this project.

 

[sicktrick]

sorry to ride on the coattails of your thread but how many vpn tunnels can the 515E handle w/o the VPN accelerator card?

 

[humanslurpee]

lol it's all good sicktrick, i'm at a loss with this pix box anyway, it's driving me nuts and i can't even set it up to block unwanted traffic on a stupid setup:
(internet)----(cable modem)----(pix)----(pc)

 

[dopehead]

Ok, so no nat, then you need some official adresses available to you, unless of course this won't be connected to the internet.

What you need then is just nat (inside) 0 <ip net> <ip mask>
or if you wan't to control where it should nat and not, make an access-list defining just that.

access-list 101 permit ip <lan net> <mask> any (or some specific destination)

nat (inside) 0 access-list 101
And thats it, then your traffic won't be translated.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[emagenk]

I have a pix 515e which has been downgraded to OS 5.23. However, now it continually reboots when powered on and I can only get access to it via the console and Monitor. I cannot access a tftp server because the none of the nics will initialize - any help would be appreciated.

Below is part of the readout from the console.

regards,



******

Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001


Platform PIX-515E
System Flash=E28F128J3 @ 0xfff00000

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 2032128 bytes of image from flash.
64MB RAM
No system flash found.
mcwa i82559 Ethernet at irq 11 MAC: 0013.c44b.828d
mcwa i82559 Ethernet at irq 10 MAC: 0013.c44b.828c

open(ffsdev/2/read) failed

An internal error occurred. Specifically, a programming assertion was


violated. Copy the error message exactly as it appears, and get the


output of the show version command and the contents of the configuration


file. Then call your technical support representative.

assertion "fdf_init()" failed: file "pix_init.c", line 64


No thread name


*********** This is the error returned when I try to set the interface from within monitor **********

Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
monitor> interface ethernet 1
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
2: i8255X @ PCI(bus:0 dev:19 irq:5 )