Cisco PIX ASDM Guide Day Four: Sample output

Simplify the process of configuring the PIX firewall for your customers with the help of Cisco's Adaptive Security Device Manager (ASDM). Get installation and troubleshooting tips with this Step-by-Step Guide today

 PIX Version 7.0(2) <- PIX Software version names ! interface Ethernet0 #Ignore this interface. shutdown nameif outside security-level 0 no ip address ! interface Ethernet1 nameif inside security-level 100 ip address 192.168.0.1 255.255.255.0 ! enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall boot system flash:/image.bin <- PIX Software image location ftp mode passive pager lines 24 mtu inside 1500 mtu outside 1500 no failover monitor-interface inside monitor-interface outside -> asdm image flash:/asdm-502.bin <- ASDM image location asdm history enable arp timeout 14400 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute -> http server enable <- HTTP Server is enabled. -> http 0.0.0.0 0.0.0.0 inside <- We allow all hosts from all subnets connected to the interface "inside" no snmp-server location no snmp-server contact snmp-server enable traps snmp telnet timeout 5 ssh timeout 5 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global Cryptochecksum:e60c275dedddfde831eb68c72656d46c : end Flash Contents: pix(config)# show flash: Directory of flash:/ 4 -rw- 1483 14:35:45 Oct 05 2005 downgrade.cfg 7 -rw- 5107768 14:36:49 Oct 05 2005 image.bin 11 -rw- 5967052 14:39:06 Oct 05 2005 asdm-502.bin <- ASDM as it appears in flash. This should match the ASDM location in running config. 16128000 bytes total (5044224 bytes free) Interface States: pix(config)# show int Interface Ethernet0 "outside", is administratively down, line protocol is down #Ignore this interface Hardware is i82559, BW 100 Mbps Auto-Duplex, Auto-Speed MAC address 0004.dd7c.17f8, MTU 1500 IP address unassigned 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/0) output queue (curr/max blocks): hardware (0/0) software (0/0) Received 0 VLAN untagged packets, 0 bytes Transmitted 0 VLAN untagged packets, 0 bytes Dropped 0 VLAN untagged packets Interface Ethernet1 "inside", is up, line protocol is up #Interface is up and configured properly. Hardware is i82559, BW 100 Mbps Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) MAC address 0004.dd7c.17f9, MTU 1500 IP address 192.168.0.1, subnet mask 255.255.255.0 557 packets input, 59130 bytes, 0 no buffer Received 421 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 79 packets output, 5096 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/128) software (0/1) output queue (curr/max blocks): hardware (0/1) software (0/1) Received 557 VLAN untagged packets, 50900 bytes Transmitted 79 VLAN untagged packets, 3348 bytes Dropped 434 VLAN untagged packets Zeroize the CA: pix(config)# ca zeroise piX(config)# crypto key gen rsa modulus 1024 WARNING: You already have RSA keys defined named . Do you really want to replace them? [yes/no]: yes #After this I had the same result with ASDM. HTTP Server & Server Access List: pix(config)# show run http http server enable #HTTP Server is Enabled http 0.0.0.0 0.0.0.0 inside #Basic access list allowing any IP from any subnet to the 'inside' interface Ethernet 1.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Network monitoring and analysis

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close