I recently bought my first Cisco product (not counting Linksys products), a PIX 506e, off of eBay. My ASP did the initial configuration, but I need to make some changes for my own purposes while learning how to manage it. It would help me greatly if I could get the following questions answered:
(1) The 506e came with PIX Version 6.3(3). If I'm not mistaken 6.3(5) is the latest version (installing 7.0 on the 506e can be done but is not recommended). I've heard I can find the bin files online for free. Does anybody know where?
(2) Anybody know where I can find some good (and free) tutorials for the 506e online?
(3) Are there any websites with decent forums regarding PIX firewalls (someplace more Cisco-specific than posting here)?
You can download the images off of Ciscos website, but you will need a Login so register with Cisco.
I just purchased an excelllent book called Cisco ASA and PIX Firewall Handbook by David Hucaby that will answer EVERYTHING you will need to get started. It is published by Cisco Press.
This newsgroup, comp.dcom.sys.cisco, is specific to Cisco. Postings not related to Cisco do show up, but that's because people post here under the theory that people who know a lot about networking with Cisco equipment probably know a lot about networking, and there isn't really any generalized networking newsgroup ('ethernet' and 'tcp-ip' newsgroups, yes, but not generalized networking.)
There is a Cisco NSP (Network Service Provider) mailing list (available via various websites too), but that's quite technical and aimed at high end networkers; there are relatively few PIX messages there.
I would also add that if you are deep into one of the PIX's ISAKMP Phase 2 error messages, you probably wouldn't want to be told, "Only Cisco could come up with such an inscrutable message, but the root cause is not Cisco-specific so we won't help you here!"
I've never seen anyone say that installing 7.0 on the 506e was even possible.
You cannot get 6.3(5) -legally- for free. You can get 6.3(4) legally for free: your authorized PIX vendor can supply 6.3(4) to you as it is a security fix [whereas 6.3(5) is only bug fixes.]
Oh wait, you used eBay, so you probably didn't go through an authorized PIX vendor. In that case unless you are in one of a small number of countries (Germany, Denmark, possibly a couple of others), the PIX software license did not transfer to you and you aren't entitled to run even the 6.3(3) you already have, and there would be no way for you to legally get any other PIX version for free. If you did not happen to buy from one of the very few authorized vendors of used Cisco equipment, you would need to "relicense" the software by paying Cisco a fee; the Cisco part number is LL-PIX-506-3DES and the price is on the order of $US200 - $US250.
If indeed you do not have what Cisco considers a valid PIX license, you would need to relicense before Cisco would allow you to purchase a support contract on the device.
The 506E has only one "feature" that is unique to it (and the 506): namely that they are the only Cisco PIX models for which there is only one software license. Early PIX (e.g., the Cisco PIX 10000) were licensed by the number of connections; Cisco switched from that to licensing by "Restricted" or "Unrestricted" license, with the Unrestricted license able to do Failover (and a few other minor differences.) The PIX 501 is licensed according to the number of simultaneous internal hosts supported but does not have Restricted vs Unrestricted. The 506/506E does not have Restricted vs Unrestricted by also does not limit by the number of internal hosts (or the number of connections.)
Other than that, the PIX 506/506E shares some features with the
501, and supports all the features found in the "Restricted" versions of the other PIX 5xx models [running 6.x software], with the exception of not supporting a floppy drive and not being able to install a VPN accelerator card (or any expansion interface) into it.
Thus, there are few tutorials for the PIX 506E, because there isn't anything particularily different about it.
If you wanted a detailed list of differences between the 506E and other models... the list is available, but I posted it to this newsgroup, and as this newsgroup isn't Cisco-specific enough...
Firstly Cisco do not track serial numbers at all, hence it makes it difficult to say if a device is ok or need re-license. Though a good resellar can tell for whom the device was sold the first time, and them should be able to tell if you are from this company etc.
The Global listprice is as follows:
Cisco PIX Security Appliance Relicensing for Used Equipment LL-PIX-501-3DES PIX 501 168-bit 3DES IPSec Software License C $100 LL-PIX-501-SW-10 PIX 501 10 User Platform License C $195 LL-PIX-501-SW-50 PIX 501 50 User Platform License C $295 LL-PIX-515-SW-FO PIX 515/515E Failover Platform License C $495 LL-PIX-515-SW-R PIX 515/515E Restricted Platform License C $995 LL-PIX-515-SW-UR PIX 515/515E Unrestricted Platform License C $4,995 LL-PIX-520-FO PIX Classic, 10K, 510, 520 Failover License C $795 LL-PIX-520-SW-128 PIX Classic, 10K, 510, 520 Entry Level License C $1,995 LL-PIX-520-SW-1K PIX Classic, 10K, 510, 520 Midrange License C $3,295 LL-PIX-520-SW-UR PIX Classic, 10K, 510, 520 Unrestricted License C $7,395 LL-PIX-525-SW-FO PIX 525 Failover Platform License C $995 LL-PIX-525-SW-R PIX 525 Restricted Platform License C $5,495 LL-PIX-535-SW-FO PIX 535 Failover Platform License C $595 LL-PIX-535-SW-R PIX 535 Restricted Platform License C $11,995 LL-PIX-535-SW-UR PIX 535 Unrestricted Platform License C $19,595 LL-PIX-VPN-DES PIX 56-bit DES IPSec Software License C $0
Your Cisco service partner/reseller should be able to verify this. (otherwise replace him!)
I have a Cisco login, but no service contract. I had been told you have to pay for a service contract to download the images directly from Cisco. If not, please provide a link or instructions for finding it for the 506e on Cisco's website. I find their website a pain to navigate.
I was hoping to find some free online tutorials; I'm aware there are many books on PIX.
If I recall correctly, PIX 6.3(3)(121) [only] could be downloaded from cisco.com with a CCO login but no support contract. I can't recall the URL, though. Possibly it was one of the things at
Those countries have laws which override the Cisco license policy.
In a small number of countries (I never did manage to pin down exactly which), the law specifies that when software is resold along with hardware, that the license is considered to transfer. Or possibly it is phrased in terms of copyright rather than in terms of license, that in such cases there is no copyright violation to use the software even if the license would otherwise imply there would be.
With some digging into past threads, I could possibly locate a link to the German laws (in German), but I don't recall ever having seen a link to the laws in Denmark.
See also (e.g.) the Wikipedia entry for First-sale_doctrine (which indicates that the roughly the same thing applies in some jurisdictions in the USA, but that the situation is in legal flux.)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.