Cisco PIX 515 - IP Setup

Sunday, 22 May 2011 12:18 administrator

This is a quick guide for configuring Cisco PIX 515 which is discontinued model.

Even though Cisco PIX 515 is a kind of old model, it provides GUI interface thru built-in software in the box.

That is called PDM stands for PIX Device Manager. Definitely GUI is benefits for network admin.

First of all, here is a device I am configuring:

 Here are the steps.

1. Need to console to assign IP address on Ethernet 0 port.

I am using Putty.exe which is free utility you can download from Internet. From Putty configuration mode, choose Serial and Speed 9600(default). I hope you know the login info and enable password. If you don't, you need to try password recovery procedure.

2. Check name of interfaces first. PIX-515#

PIX-515# show nameif
nameif ethernet0 outside security0
nameif ethernet1 inside security0
nameif ethernet2 intf2 security10

While you are configuring PIX 515, you will get asked ''. I thought it meant interface name such as 'Ethernet 0' or 'Ethernet 1'. Actually that is hardware-id in PIX firewall world. It means 'outside' or 'inside' as above output. Personally, I don't like the expression, but what can I do...

3. Configuring IP address on Ethernet1

As you can see the name of interface, which is 'inside'.

PIX-515(config)# ip address inside

PIX-515# sh int ethernet1
interface ethernet1 "inside" is up, line protocol is down
Hardware is i82559 ethernet, address is 0004.9ad0.d059
IP address, subnet mask
MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/0)
output queue (curr/max blocks): hardware (0/0) software (0/0)

This inside port will need to be connected to your switch on your inside network.

4. Changing interface speed It is very very important port to get proper performance.

Especially, PIX 515 is connecting different vendors.

interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown

Duplex mis-matching often causes performance issue.

Default setup is 'auto' (If line is not connected, it showed 'shutdown')

If you want to make hard coded speed and duplex, specific interface can be configured like below PIX-515(config)#interface ethernet1 100full

5. Allow your device to access PDM

PIX-515(config)#http inside

**Important: is your device which is attempting to access PDM.

              If you are put a wrong IP address. You will see below on Cisco log

%PIX-6-605001: HTTP daemon interface int_name: connection denied from x.x.x.x

6. Enable HTTP server PIX-515(config)#http server enable

This will setup HTTP access.

7. Create user and password

When you access PDM, you will get asked login prompt.

It is different from enable or login password for accessing PIX 515 box PIX-515(config)# username cisco password xxxxx

8. Access PDM from your browser

Even though we are enable http, when you browse PDM, you MUST use "HTTPS". HTTPS:// 


Extra configurations

Map address to name

name InternetPHONE
name Linux64
name ipBalance_PC



global (outside) 1 netmask
global (outside) 1 netmask
nat (inside) 0 access-list 101
nat (inside) 1 0 0
nat (management) 1 0 0


Static route

static (dmz,outside) netmask 0 0
static (inside,management) netmask 0 0

route outside 1



access-list from-management-coming-in permit tcp host host eq 9100
access-group from-inside-coming-in in interface inside



- PIX message index :


Last Updated on Sunday, 22 May 2011 12:41