Complete the following lab exercise to practice what you have learned in this chapter.
Objectives
In this lab exercise you will initialize the PIX Firewall by loading the latest software image.
■ Perform password recovery for the PIX Firewall 520.
■ Perform password recovery for PIX Firewall 515.
■ Update the image of the PIX Firewall 515.
■ Update the image of the PIX Firewall 520.
Visual Objective
The following figure displays the lab topology for your classroom environment.
You will use the IP addresses in this visual objective for the remainder of the course.
© 2002, Cisco Systems, Inc. www.cisco.com CSPFA 2.1—16-13
Lab Visual Objective Lab Visual Objective
Inside host web and FTP server Backbone server
web, FTP, and TFTP server
Pod Perimeter Router
Setup
Before starting this lab exercise, complete the following:
■ Make sure the PIX Firewall is turned on and that your PC is connected to the PIX Firewall.
■ Restore the original IP addresses to your PC.
– Primary IP address: 10.0.P.3 (where P = pod number)
– Netmask: 255.255.255.0
– Secondary IP address: 10.1.P.3 (where P = pod number)
– Netmask: 255.255.255.0
■ If you are using PIX Firewall 520 models, make sure that you have a floppy diskette created with the following files:
– pix5nn.bin
– rawrite.exe
– readme.txt
■ If you are using PIX Firewall 520 models, insert the floppy diskette with the latest version of the PIX Firewall software into the PIX Firewall.
Directions
Your task for this exercise is to load either the PIX Firewall 515 or the PIX Firewall 520—depending on which firewall you have set up for your lab
exercise—with the most recent version of the PIX Firewall software, and save it to Flash memory. This requires the following tasks.
■ Access the PIX Firewall console.
■ Enter the enable mode.
■ Erase the configuration in Flash memory.
■ Load the PIX Firewall image.
■ Write the new image to Flash memory.
■ Verify the installation of the new image.
Task 1—Perform Password Recovery for the PIX Firewall 520 To perform a password recovery for the PIX Firewall model 520 and earlier models with 3.5-inch floppy drives, complete the following steps:
Step 1 Get the correct image file and rawrite.exe file as directed by the instructor.
Step 2 After retrieving the two files, execute the rawrite.exe file from your Windows host as follows, and enter the information when prompted:
C:\> rawrite
RaWrite 1.2 – Write disk file to a floppy diskette
Enter the source file name: npXXX.bin Enter the destination drive: a:
Please insert a formatted diskette into drive A: and press –ENTER- : <Enter>
Number of sectors per track for this disk is 18 Writing image to drive A:. Press ^C to abort.
Track: 78 Head: 1 Sector: 16 Done.
C:\>
(where XXX = version number)
Reboot your PIX Firewall with the diskette you just created. When prompted, press y to erase the password.
Do you wish to erase the passwords? [yn] y Passwords have been erased
The system automatically erases the password and starts rebooting.
Task 2—Perform Password Recovery for PIX Firewall 515
The instructor will provide you with the procedures for access to the PIX Firewall console port. After you access the console port, enter privileged mode. Then, perform a password recovery for the PIX Firewall model 515 by completing the following steps. This procedure requires a TFTP sever.
Step 1 Clear the translation table:
pixP# clear xlate
Step 2 Create an enable password for entering into privileged mode:
pixP# enable password badpassword Step 3 Save your configuration
pixP# write memory
Step 4 Reboot your PIX Firewall and interrupt the boot process to enter monitor mode.
To do this, press the Escape key or send a break character.
pixP# reload
Step 5 Specify the PIX Firewall interface to use for TFTP:
monitor> int 0
Step 6 Specify the PIX Firewall interface’s IP address:
monitor> address 192.168.P.2
(where P = pod number)
Step 7 Enter gateway to specify the IP address of the gateway.
monitor> gateway 192.168.P.1
Step 8 Verify connectivity to the TFTP server:
monitor> ping 172.26.26.50 Step 9 Name the server:
monitor> server 172.26.26.50
Step 10 Name the image filename:
monitor> file np53.bin Step 11 Start the TFTP process:
monitor> tftp
Step 12 When prompted, press y to erase the password:
Do you wish to erase the passwords? [yn] y Passwords have been erased
The system automatically erases the password and starts rebooting.
Step 13 Verify that the password badpassword has been erased by entering privileged mode on your PIX Firewall:
pix> en
password: <Enter>
pixP#
Task 3Update the Image of the PIX Firewall 515
Note You will complete this task only if your lab is set up with PIX Firewall 515s.
To load the PIX Firewall 515 image using TFTP, complete the following steps:
Step 1 After you reload the PIX Firewall 515 and the startup messages appear, press Esc to interrupt the boot process. The monitor prompt appears.
Use BREAK or ESC to interrupt flash boot.
Flash boot in 5 sec.
Esc
Note If you are using HyperTerminal with Windows 95, you can press the control and break keys simultaneously to activate a break. Depending on which service pack is installed, Windows NT HyperTerminal may not be able to send a break character.
Refer to the Windows NT documentation for more information.
Step 2 You can enter ? to list the available commands:
monitor> ?
interface [num] select TFTP interface ping <addr> send ICMP echo reload halt and reload system server [addr] set server IP address
tftp TFTP download
timeout TFTP timeout trace toggle packet tracing
Step 3 Specify the PIX Firewall interface to use for TFTP:
monitor> int 0
Step 4 Enter address to specify the IP address of the PIX Firewall’s interface:
monitor> address 192.168.P.2
(where P = pod number)
Step 5 Enter gateway to specify the IP address of the gateway.
monitor> gateway 192.168.P.1 (where P = pod number)
Step 6 Ping the TFTP server to verify connectivity:
monitor> ping 172.26.26.50
Step 7 Enter server to specify the IP address of the TFTP server:
monitor> server 172.26.26.50
Step 8 Enter file to specify the filename of the PIX Firewall image (the instructor will provide you with the name of the file):
monitor> file pixNNN.bin
(where NNN = release number)
Step 9 Enter tftp to start downloading the PIX Firewall 515 image:
monitor> tftp
Step 10 After the PIX Firewall has received the image from the TFTP server, it will then reboot itself. During the reboot process, you are prompted for a new activation key. Enter n for no.
Step 11 Enter the show version command to verify that you have loaded PIX Firewall software version 6.1.
pixP> show version
Task 4—Update the Image of the PIX Firewall 520
Note You will complete this task only if your lab is set up with PIX Firewall 520s.
To load the PIX Firewall 520 image, complete the following steps:
Step 1 At the Windows command prompt, execute the rawrite program. You are prompted for the name of the binary file and the output device, and to insert a formatted diskette into the drive.
C:\> rawrite
rawrite 1.2 − write disk file to raw floppy diskette enter source file name: pixNNN.bin
enter destination drive: a:\
please insert a formatted diskette into drive a: and press –enter-:
writing image to drive a: press “control c” to abort track: 31 head: 1 sector: 16
done C:\>
(where NNN = revision number)
Step 2 Remove the diskette from the drive and place it in the PIX Firewall 520 diskette drive. Power cycle the unit, or use the reload command from the console to reboot the machine. The PIX Firewall 520 then boots from the new diskette.
Step 3 For the new configuration to permanently load into memory, you have to save the configuration to system memory. Use the write memory command to complete this task.
pixfirewall> write memory