PIX 515/515E
C H A P T E R
4
PIX 515/515E
This chapter describes how to install the PIX 515/515E, and includes the following sections:
Note
•
PIX 515/515E Product Overview, page 4-1
•
Installing the PIX 515/515E, page 4-3
•
PIX 515/515E Feature Licenses, page 4-8
•
Installing Failover, page 4-9
•
Installing LAN-Based Failover, page 4-12
•
Removing and Replacing the PIX 515/515E Chassis Cover, page 4-13
•
Replacing a Lithium Battery, page 4-15
•
Installing a Memory Upgrade, page 4-16
•
Installing a Circuit Board in the PIX 515/515E, page 4-19
•
Installing the PIX 515/515E DC Model, page 4-23
The PIX 515 and the PIX 515E are the same except that the PIX 515E has a faster processor.
PIX 515/515E Product Overview
This section describes the front and rear panels and the panel LEDs.
Figure 4-1 shows the front view of the chassis.
POWER
ACT
NETWORK
PIX 515/515E Front Panel
PIX Firewall
67851
Figure 4-1
SERIES
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-1
Chapter 4
PIX 515/515E
PIX 515/515E Product Overview
Figure 4-2 shows the rear view of the chassis.
PIX 515/515E Rear Panel
67850
Figure 4-2
100 Mbps Link
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FDX
10/100 ETHERNET 0/0
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0/0
CONSOLE
Figure 4-3 shows the front panel LEDs.
Figure 4-3
ACT
NETWORK
25735
POWER
PIX 515/515E Front Panel LEDs
Table 4-1 lists the states of the front panel LEDs.
Table 4-1
PIX 515/515E Front Panel LEDs
LED
Color
State
Description
POWER
Green
On
On when the unit has power.
ACT
Green
On
On when the unit is the active failover unit. If failover is present,
the light is on when the unit is the active unit.
Off
Off when the unit is in standby mode. If failover is not enabled, this
light is off.
NETWORK Green
Flashing On when at least one network interface is passing traffic.
Cisco PIX Security Appliance Hardware Installation Guide
4-2
78-15170-03
Chapter 4
PIX 515/515E
Installing the PIX 515/515E
Figure 4-4 shows the rear panel LEDs.
Figure 4-4
PIX 515/515E Rear Panel
100 Mbps
LED
ACT
LED
100 Mbps
LED
LINK ACT
LED LED
USB
LINK
LED
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
LINK
100 Mbps ACT
10/100 ETHERNET 1
10/100BaseTX
ETHERNET 1
(RJ-45)
FAILOVER
LINK
10/100 ETHERNET 0
USB
CONSOLE
96905
100 Mbps ACT
10/100BaseTX
Console Power switch
ETHERNET 0 port (RJ-45)
(RJ-45)
Table 4-2 lists the states of the rear panel LEDs.
Table 4-2
PIX 515/515E Rear Panel LEDs
LED
Color
Status
Description
100 Mbps
Green
On
100 megabits per second 100BaseTX communication. If the light is
off, that port is using 10 megabits per second data exchange.
ACT
Green
Flashing
Shows that data is passing on the network to which the connector is
attached.
LINK
Green
On
Shows that the connection uses full duplex data exchange where
data is transmitted and received simultaneously.
Off
If this light is off, half duplex is in effect.
The inside or outside network connections can be made to any available interface port on the
PIX 515/515E. If you are only using the ETHERNET 0 and ETHERNET 1 ports, connect the inside
network cable to the interface connector marked ETHERNET 0 or ETHERNET 1. Connect the outside
network cable to the remaining Ethernet port.
The USB port to the left of the Console port is not used. The detachable plate above the ETHERNET 1
connector is also not used.
Installing the PIX 515/515E
This section contains the following topics:
•
Surface Mounting the PIX 515/515E, page 4-4
•
Removing and Replacing the PIX 515/515E Chassis Cover, page 4-13
•
Vertical Mounting the PIX 515/515E, page 4-5
•
Installing a Circuit Board in the PIX 515/515E, page 4-19
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-3
Chapter 4
PIX 515/515E
Installing the PIX 515/515E
Surface Mounting the PIX 515/515E
To surface mount the chassis, perform the following steps:
Step 1
Locate the rubber feet on the black adhesive strip that shipped with the chassis.
Step 2
Place the chassis upside down on a smooth, flat surface.
Step 3
Peel off the rubber feet from the black adhesive strip and place them adhesive-side down onto the five round,
recessed areas on the bottom of the chassis, as shown in Figure 4-5.
Step 4
Place the security appliance right-side up on a flat, smooth, secure surface.
Note
The fan is not blocked by the device below if you surface mount the chassis on top of each other, the air
is sucked in from the back and side vents and exhausted out with the help of the fan through the bottom
of the chassis and then directed out the side of the channel by the channel feature on the bottom of the
chassis.
Figure 4-5
Attaching the Rubber Feet to the PIX 515/515E
24301
Fan
Unused
Cisco PIX Security Appliance Hardware Installation Guide
4-4
78-15170-03
Chapter 4
PIX 515/515E
Installing the PIX 515/515E
Rack Mounting the PIX 515/515E
Observe the following before installing the chassis into an equipment rack:
•
To install optional circuit boards or memory, install the brackets on the unit for rack mounting, but
do not put the chassis in the equipment rack before installing the new boards. You must remove the
chassis cover to install or remove a circuit board. Refer to the “Removing and Replacing the
PIX 515/515E Chassis Cover” section on page 4-13 for information.
– For more information on installing a circuit board, refer to the “Installing a Circuit Board in the
PIX 515/515E” section on page 4-19.
– For more information on installing additional memory, refer to the “Installing a Memory
Upgrade” section on page 4-16.
Note
The fan is not blocked by the device below if you mount the chassis on top of each other, the air is sucked
in from the back and side vents and exhausted out with the help of the fan through the bottom of the
chassis and then directed out the side of the channel by the channel feature on the bottom of the chassis.
To install the chassis in a rack, perform the following steps:
Step 1
Attach the bracket to the chassis using the supplied screws. You can attach the brackets to the holes near
the front of the chassis.
Step 2
Attach the chassis to the equipment rack.
Vertical Mounting the PIX 515/515E
To mount the chassis vertically, attach the brackets to the side of the unit and mount the unit vertically
as shown in Figure 4-6.
Figure 4-6
Installing the PIX 515/515E Vertically
FDX
100 Mbps Link
FDX
24303
10/100 ETHERNET 0/0
100 Mbps Link
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
10/100 ETHERNET 0/0
CONSOLE
FAILOVER
PIX-515
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-5
Chapter 4
PIX 515/515E
Installing the PIX 515/515E
Installing the PIX 515/515E
To install the PIX 515/515E, perform the following steps:
Step 1
Connect the cable as shown in Figure 4-7 so that you have either a DB-9 or DB-25 connector on one end
as required by the serial port for your computer, and the other end is the RJ-45 connector.
Note
Step 2
Use the Console port to connect to a computer to enter configuration commands. Locate the
serial cable from the accessory kit. The serial cable assembly consists of a null modem cable
with RJ-45 connectors, and one DB-9 connector and a DB-25 connector.
Connect the RJ-45 connector to the PIX 515/515E Console port and connect the other end to the serial
port connector on your computer.
Figure 4-7
PIX 515/515E Serial Console Cable
F
A
I
L
O
V
E
R
100Mbps ACT
LINK
10/100 ETHERNET 1
100Mbps ACT
LINK
10/100 ETHERNET 0
PIX-525
USB
CONSOLE
Console
port (RJ-45)
PC terminal adapter DB-9
104944
RJ-45 to
DB-9 or DB-25
serial cable
(null-modem)
Note
If your unit has a four-port Ethernet circuit board already installed, refer to Figure 4-8. (The
four-port Ethernet circuit board requires the PIX-515/515E-UR license to be accessed.) If it has
one or two single-port Ethernet circuit boards, refer to Figure 4-9. If you need to install an
optional circuit board, refer to the “Removing and Replacing the PIX 515/515E Chassis Cover”
section on page 4-13 for more information.
Cisco PIX Security Appliance Hardware Installation Guide
4-6
78-15170-03
Chapter 4
PIX 515/515E
Installing the PIX 515/515E
Figure 4-8
Four-Port Ethernet Connectors in the PIX 515/515E
25733
Ethernet 5
Ethernet 3
100 Mbps Link
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FDX
10/100 ETHERNET 1
Ethernet 2
Ethernet 4
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0
CONSOLE
Ethernet 1
Ethernet 0
Step 3
Connect the inside, outside, or perimeter network cables to the interface ports. Starting from the top left
the connectors are Ethernet 2, Ethernet 3, Ethernet 4, and Ethernet 5. The maximum number of allowed
interfaces is 6.
Note
Do not add a single-port circuit board in the extra slot below the four-port circuit board.
Figure 4-9
Two Single-Port Ethernet Connectors in the PIX 515/515E
25734
Ethernet 2
100 Mbps Link
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FDX
10/100 ETHERNET 1
Ethernet 3
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0
CONSOLE
Ethernet 1
Ethernet 0
Note
As shown in Figure 4-9, if your unit has one or two single-port Ethernet circuit boards installed
in the auxiliary assembly on the left of the unit at the rear, the circuit boards are numbered top
to bottom so that the top circuit board is Ethernet 2 and the bottom circuit board is Ethernet 3.
(Additional Ethernet circuit boards require the PIX-515/PIX 515E-UR license to be accessed.)
If you have a second PIX security appliance to use as a failover unit, install the failover feature and cable
as described in the “Installing Failover” section on page 4-9.
Note
Step 4
Do not power on the failover units until the active unit has been configured.
Power on the unit from the switch at the rear to start the PIX 515/515E.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-7
Chapter 4
PIX 515/515E
PIX 515/515E Feature Licenses
Table 4-3 lists the states of the LEDs on the four-port Ethernet circuit boards available for the
PIX-515/515E.
Table 4-3
Status Lights on Four-Port Ethernet Circuit Boards
Board Model
LED position
Color
Status
Description
PIX-4FE
left
Green
On
Link enabled.
right
Green
Flashing
Link activity.
left
Green
Flashing
Link activity.
right
Green
On
100 MB link enabled.
Off
10 MB link enabled.
PIX-4FE-66
PIX 515/515E Feature Licenses
If you have the PIX-515/515E-UR unrestricted feature license, the following options are available:
•
If you have a second PIX 515/515E to use as a failover unit, install the failover feature and cable as
described in the “Installing Failover” section on page 4-9.
•
If needed, install the PIX security appliance syslog server as described in the logging command page
in the command reference online at:
http://cisco.com/en/US/products/sw/secursw/ps2120/prod_command_reference_list.html
•
Note
It is very important to remove the chassis cover before installing circuit boards in the PIX 515/515E.
Even though it appears possible to add or remove circuit boards from the back panel, removing the
chassis cover greatly simplifies the process.
•
Note
Refer to the “Removing and Replacing the PIX 515/515E Chassis Cover” section on page 4-13, for
information about how to remove and replace the chassis cover if you need to install optional circuit
boards.
If you need to install additional memory, refer to the “Installing a Memory Upgrade” section on
page 4-16.
If, for any reason, you choose to downgrade to any software version, note that you must use the clear
flashfs command before doing so. A new section is added to Flash memory that must be cleared before
downgrading.
For information on upgrading feature licenses or downloading the latest software versions, refer to the
the configuration guide online at:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/config.html
This section includes the following topics:
•
VPN Accelerator Card, page 4-9
•
VPN Accelerator Card+, page 4-9
Cisco PIX Security Appliance Hardware Installation Guide
4-8
78-15170-03
Chapter 4
PIX 515/515E
Installing Failover
VPN Accelerator Card
The VPN Accelerator Card (VAC) for the Cisco PIX security appliance series is a card that provides
high-performance, tunneling and encryption services suitable for site-to-site and remote access applications.
The VAC is integrated with PIX 515 unrestricted (UR) and failover (FO) bundles. You can also purchase the
VAC as a spare for use with PIX 515s that have a restricted (R) license.
VPN Accelerator Card+
The VAC+ is a 64-bit/66 MHz PCI card that provides faster tunneling and encryption services for Virtual
Private Network (VPN) remote access, and site-to-site intranet and extranet applications, than the VAC.
Each VAC+ occupies a single PCI slot in the system. The VAC+ is supported on any chassis that runs
Version 6.3 software or later, has an appropriate license to run VPN software, and at least one PCI slot
available. While the VAC continues to be supported in Version 6.3, if both types of cards, the VAC and
the VAC+, are installed in a system running Version 6.3, the VAC card is ignored. The VAC+ runs at both
32-bit/33 MHz and 64-bit/66 MHz, and does not slow down the bus when other 66 MHz cards are
installed. We strongly recommend that you install the VAC+ in a 64bit/66 MHz slot. Performance is degraded
if this recommendation is not followed.
The VAC+ driver supports the following:
•
3DES, DES, AES, SHA1, MD5 for (IPSec) ESP protocol (For AES, only the CBC mode and key
sizes of 128, 192, and 256 bits are supported).
•
SHA1, MD5 for the (IPSec) AH protocol.
•
Load sharing ESP and AH activity between up to three VAC+.
•
Diffie-Hellman public key and shared secret generation.
•
Any other crypto-related activity uses a software implementation.
Installing Failover
To install a failover connection, perform the following steps:
Step 1
Power off both the primary and secondary units.
Note
Step 2
Both PIX security appliances must have the same model number, have at least as much RAM,
have the same Flash memory size, and be running the same software version. Note that the
PIX-4FE and PIX-4FE-66 cards are considered equivalent and interchangeable. You can install
a PIX-4FE in the primary unit and a PIX-4FE-66 in the secondary unit, as long as you install
them in the same slot number of each chassis. For example, if you install a PIX-4FE in Slot 1 of
the primary unit, you must also install the PIX-4FE-66 in Slot 1 of the secondary unit.
Locate the failover cable (shown in Figure 4-10). The cable is labeled “Primary” on one end and
“Secondary” on the other.
Install the cable for the PIX 515/515E as shown in Figure 4-10.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-9
Chapter 4
PIX 515/515E
Installing Failover
Figure 4-10 PIX 515/515E Failover Cable Connection
FAILOVER
P RIM
ARY
Primary end
FAILOVER
ON
DA
RY
24297
Secondary end
SE
Note
C
You can connect the PIX 515 to the PIX 515, but you cannot connect the PIX 515 to the
PIX 515E or vice versa. Both units must be identical.
Step 3
Connect the Primary end of the failover cable to the first PIX security appliance; that is, the one you have
already configured.
Step 4
Connect the Secondary end of the failover cable to the standby unit.
Step 5
Connect a power cord to the power connector on the rear panel of each unit, and the other end of each
power cord to (preferably separate) power outlets.
Step 6
If you are using Stateful Failover, use one of the following types of connections, that is appropriate for
your system, between the dedicated interfaces on the PIX security appliance:
•
Category 5 crossover cable directly connecting the primary unit to the secondary unit
•
100BaseTX half-duplex hub using Straight-through Category 5 cables
•
100BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch
Cisco PIX Security Appliance Hardware Installation Guide
4-10
78-15170-03
Chapter 4
PIX 515/515E
Installing Failover
Figure 4-11 shows an example of a minimally configured PIX 515/515E with only the two interfaces on
the motherboard used for network traffic.
Figure 4-11 Failover Connections
Power
PIX 515
Primary unit
PIX 515
Standby unit
100 Mbps Link
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FAILOVER
FDX
10/100 ETHERNET 0
CONSOLE
100 Mbps Link
27883
FDX
10/100 ETHERNET 1
PIX-515
100 Mbps Link
Stateful Failover
dedicated interface
cable
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FDX
10/100 ETHERNET 1
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0
CONSOLE
UPS
(not supplied)
Failover
serial cable
Outside switch
Internet
Inside switch
Inside
network
Note
Caution
Step 7
All enabled interfaces must be connected between the active and standby units. Only configure the active
unit. On the PIX 515/515E, the active unit is indicated by the ACT LED on the front panel. (See
Figure 4-3.)
Do not turn the power on until the units are connected and the primary unit is configured completely.
Use the power switch at the back of the units to power on the primary unit and then power on the standby
unit.
Within a few seconds, the active unit automatically downloads its configuration to the standby unit.
If the primary unit fails, the secondary unit automatically becomes active.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-11
Chapter 4
PIX 515/515E
Installing LAN-Based Failover
Installing LAN-Based Failover
LAN-based failover supports failover between two units connected over a dedicated Ethernet interface.
LAN-based failover eliminates the need for a special failover cable and overcomes the distance
limitations imposed by the failover cable.
Note
Both chassis must be the same model number, have the same amount of RAM, Flash memory, number
and type of interfaces, and be running the same software version.
To set up a LAN-based failover connection, perform the following steps:
Step 1
Disconnect both PIX security appliances, so that there is no traffic flow between them. If the failover
cable is connected to the PIX security appliance, disconnect it.
Step 2
Configure the PIX security appliances for LAN-based failover. Refer to the chapter on configuring
LAN-based failover in the configuration guide online at:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/config.html
Step 3
Power off both units.
Step 4
Connect the LAN failover interfaces to the dedicated switch/hub, as shown in Figure 4-12.
Note
A dedicated LAN interface and a dedicated switch (or VLAN) is required to implement
LAN-based failover. You cannot use a crossover Ethernet cable to connect the two PIX security
appliances.
Figure 4-12 LAN-Based Failover Connections
PIX 515
PIX 515
FDX
10/100 ETHERNET 1
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
PIX-515
100 Mbps Link
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
CONSOLE
100 Mbps Link
FDX
10/100 ETHERNET 1
Dedicated Ethernet
interface
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0
CONSOLE
87313
Dedicated Ethernet
interface
Hub/switch
Cisco PIX Security Appliance Hardware Installation Guide
4-12
78-15170-03
Chapter 4
PIX 515/515E
Removing and Replacing the PIX 515/515E Chassis Cover
Step 5
Caution
Step 6
If you are using Stateful Failover, use one of the following types of connections, that is appropriate for
your system, between the dedicated interfaces on the PIX security appliance:
•
100BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch
•
1000BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch
Do not turn the power on until the units are connected and the primary unit is configured completely.
Power the primary unit on first, then power on the secondary unit. Within a few seconds, the active unit
automatically downloads its configuration to the standby unit.
If the primary unit fails, the secondary unit automatically becomes active.
Removing and Replacing the PIX 515/515E Chassis Cover
This section describes how to remove and replace the chassis cover from the PIX 515/515E. This section
includes the following topics:
•
Removing the Chassis Cover, page 4-13
•
Replacing the Chassis Cover, page 4-15
Removing the Chassis Cover
To remove the chassis cover, perform the following steps:
Note
Removing the chassis cover does not affect your Cisco warranty. Upgrading the PIX security appliance
does not require any special tools and does not create any radio frequency leaks.
Step 1
Read the Regulatory Compliance and Safety Information document.
Step 2
Unplug the power cord from the power outlet. Ensure that the PIX 515/515E is powered off. Once the
upgrade is complete, you can safely reconnect the power cord.
Warning
Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-13
Chapter 4
PIX 515/515E
Removing and Replacing the PIX 515/515E Chassis Cover
Step 3
Remove the screws from the front of the chassis on the PIX 515/515E (Figure 4-13).
Figure 4-13 Removing PIX 515/515E Chassis Cover Screws
24305
Top panel screws (4)
100 Mbps Link
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FDX
10/100 ETHERNET 0/0
Step 4
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0/0
CONSOLE
With the front of the unit facing you, push the chassis cover back by about one inch as shown in
Figure 4-14.
Figure 4-14 Pushing Back the Chassis Cover
Step 5
ACT
SERIES
24285
PIX Firewall
POWER
NETWORK
Pull the chassis cover up as shown in Figure 4-15. Put the chassis cover in a safe place.
Figure 4-15 Pull the Chassis Cover up to Remove
ACT
NETWORK
SERIES
24286
PIX Firewall
POWER
Cisco PIX Security Appliance Hardware Installation Guide
4-14
78-15170-03
Chapter 4
PIX 515/515E
Replacing a Lithium Battery
Replacing the Chassis Cover
Caution
Do not operate the PIX security appliance without the chassis cover installed. The chassis cover protects
the internal components, prevents electrical shorts, and provides proper air-flow for cooling the
electronic components.
To replace the chassis cover, perform the following steps:
Step 1
Place the chassis on a secure surface with the front panel facing you.
Step 2
Hold the chassis cover so the tabs at the rear of the chassis cover are aligned with the chassis bottom.
Step 3
Lower the front of the chassis cover onto the chassis, making sure that the chassis cover side tabs fit
under the chassis side panels.
Step 4
Slide the chassis cover toward the front, making sure that the chassis cover tabs fit under the chassis back
panel, and the back panel tabs fit under the chassis cover.
Step 5
Fasten the chassis cover with the screws you set aside earlier.
Step 6
Reinstall the chassis on a rack, wall, desktop, or table.
Step 7
Reinstall network interface cables.
Replacing a Lithium Battery
The PIX security appliance has a lithium battery on its main circuit board. This battery has an operating
life of about ten years. When the battery loses its charge, the PIX security appliance cannot function.
The lithium battery is not a field-replacable unit (FRU) for the PIX 515/515E. Contact Cisco TAC to
replace the battery.
Note
Warning
Do not attempt to replace this battery yourself.
Danger of explosion exists if the lithium battery is incorrectly replaced. Replace only with the same
or equivalent type recommended by the manufacturer. Dispose of used batteries according to the
manufacturer's instructions.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-15
Chapter 4
PIX 515/515E
Installing a Memory Upgrade
Installing a Memory Upgrade
Observe the following warnings, cautions, and notes when installing additional system memory.
The following statement applies to DC models:
Warning
Before performing any of the following procedures, ensure that power is removed from the DC circuit.
To ensure that all power is OFF, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit
breaker in the OFF position.
The following statements apply to both AC and DC models:
Warning
Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord.
Caution
If you remove the chassis cover, always reinstall the cover. Running the PIX security appliance without the
chassis cover causes the system to overheat and and might damage the electrical components.
Memory Installation Steps
Depending on the software version and feature license installed on the PIX 515/515E security appliance,
you might need to upgrade the system memory to run newer software versions or more robust software
features.
PIX software Version 6.3 and previous software releases require a minimum of 32 MB of memory with
the Restricted license, and 64 MB of memory with the Unrestricted and Failover licenses.
PIX software Version 7.0 requires a minimum of 64 MB of memory with the Restricted license, and
128 MB of memory with the Unrestricted and Failover licenses.
If you want to upgrade the feature license from Restricted to Unrestricted or Failover, or upgrade the
software from Version 6.3 to Version 7.0, you need to upgrade the memory.
Note
Software Version 7.0 is supported only on the PIX 515/515E security appliance. New PIX 515E security
appliances shipped after the general availability of PIX software Version 7.0 have enough memory to run
version 7.0 and the software license ordered.
Table 4-4 lists the minimum memory requirements for the various software versions and licenses.
Table 4-4
PIX 515/515E Minimum Memory Requirements
Software
License
Software Version 6.3
and Previous Releases
Software Version 7.0 and
Later Releases
Restricted
32 MB
64 MB
Unrestricted 64 MB
128 MB
Failover
128 MB
64 MB
Cisco PIX Security Appliance Hardware Installation Guide
4-16
78-15170-03
Chapter 4
PIX 515/515E
Installing a Memory Upgrade
To install memory, perform the following steps:
Step 1
If the PIX 515/515E security appliance is rack mounted, remove it from the rack and place it on a stable
work surface.
Step 2
Disconnect the network interface cables and power cord from the PIX 515/515E security appliance.
Step 3
Unpack the items in the memory upgrade kit.
Step 4
Remove the chassis cover. Remove all screws holding the assembly in place. Refer to the “Removing
and Replacing the PIX 515/515E Chassis Cover” section on page 4-13 for information on how to remove
and replace the chassis cover.
Step 5
Determine the location of the memory sockets (see Figure 4-16).
24302
Figure 4-16 PIX 515/515E System Memory Location
Memory
sockets
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-17
Chapter 4
PIX 515/515E
Installing a Memory Upgrade
Step 6
Locate the wrist grounding strap in the accessory kit and connect one end to the unit as shown in
Figure 4-17, or to the PIX security appliance chassis, and securely attach the other to your wrist so it
contacts your bare skin.
Figure 4-17 Attaching the Wrist Strap to the PIX 515/515E
24304
Copper foil
100 Mbps Link
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FDX
10/100 ETHERNET 0/0
Step 7
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0/0
CONSOLE
If you are upgrading from:
•
32 MB to 64 MB of memory, install an additional 32 MB memory module into the empty socket for
a new total of 64 MB of memory.
•
32 MB to 128 MB of memory, remove the existing 32 MB memory module. Open the two plastic
wing connectors on the sides of the memory socket, and pull the old memory module up and out of
the socket. Discard the old 32 MB memory module. Then install the two new 64 MB memory
modules for a new total of 128 MB of memory.
•
64 MB to 128 MB of memory:
– If two 32 MB memory modules are installed, remove them. Open the two plastic wing
connectors on the sides of the memory socket, and pull the old memory module up and out of
the socket. Repeat for the second memory module. Discard the old 32 MB memory modules.
Then install the two new 64 MB memory modules for a new total of 128 MB of memory.
– If one 64 MB memory module is installed, add an additional 64 MB memory module into the
empty socket for a new total of 128 MB of memory.
Step 8
To install a new memory module, slide it into the memory socket and secure the plastic wing connectors
on the sides of the socket. Use the markings on the motherboard to determine the socket numbers.
Always install the first memory module into the lowest socket number. Then populate the second
memory socket. See Figure 4-18 and Figure 4-19.
Cisco PIX Security Appliance Hardware Installation Guide
4-18
78-15170-03
Chapter 4
PIX 515/515E
Installing a Circuit Board in the PIX 515/515E
Figure 4-18 Inserting a Memory Module in the PIX 515/515E
24299
DIMM
24300
Figure 4-19 Securing a Memory Module in the PIX 515/515E
When you finish installing new memory, replace the chassis cover. Reattach the screws. If desired, rack
mount the chassis and attach all cables and cords as discussed in previous sections. After the chassis is
installed, you can view the amount of memory in the system startup messages or with the show version
command.
Installing a Circuit Board in the PIX 515/515E
This section includes the following topics:
•
Fast Ethernet Circuit Board, page 4-20
•
VPN Accelerator Circuit Board, page 4-22
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-19
Chapter 4
PIX 515/515E
Installing a Circuit Board in the PIX 515/515E
Fast Ethernet Circuit Board
The information in this section refers to both the AC and DC models of the PIX 515/515E.
The 4-port 64 bit/66 MHz FE card (PIX-4FE-66) is supported in software Versions 6.3, 6.2(2), 6.1(4),
and 5.2(9), and later versions. These are the minimum software versions that support the card.
Note
The PIX-4FE card continues to be supported but is no longer manufactured. The PIX-4FE and
PIX-4FE-66 cards are considered equivalent and interchangeable. You can install a PIX-4FE in the
primary unit and a PIX-4FE-66 in the secondary unit, as long as you install them in the same slot number
of each chassis. For example, if you install a PIX-4FE in Slot 1 of the primary unit, you must also install
the PIX-4FE-66 in Slot 1 of the secondary unit.
The new card has the following characteristics:
•
Includes an Intel 21154BE bridge and 4 Intel 82559 Ethernet MAC/PHY devices.
•
Supports 10/100mbps full/half-duplex operation on each port.
•
Retains bus performance when installed with other 66 MHz devices.
•
Does not support auto MDI/MDIX operation.
To install a circuit board in the PIX 515/515E, perform the following steps:
Step 1
Locate the grounding strap from the accessory kit. Fasten the grounding strap to your wrist so that it
contacts your bare skin. Attach the other end to bare metal inside the PIX 515/515E chassis as shown in
Figure 4-20.
Figure 4-20 Attaching the PIX 515/515E Grounding Strap
24304
Copper foil
100 Mbps Link
PIX-515
DO NOT INSTALL INTERFACE
CARDS WITH POWER APPLIED
FDX
10/100 ETHERNET 0/0
Step 2
100 Mbps Link
FAILOVER
FDX
10/100 ETHERNET 0/0
CONSOLE
Remove the screws from the rear assembly on the left and put the assembly aside.
Cisco PIX Security Appliance Hardware Installation Guide
4-20
78-15170-03
Chapter 4
PIX 515/515E
Installing a Circuit Board in the PIX 515/515E
Step 3
Insert a circuit board through the cage opening and into the slot as shown in Figure 4-21.
61904
Figure 4-21 Inserting a Circuit Board into the PIX 515/515E
Note
Step 4
When you insert a four-port Ethernet circuit board in the slot, the end of the circuit board
connector extends past the end of the slot. This does not affect the use or operation of the circuit
board.
Attach the back cover plate making sure that the connecting flange on the circuit board goes through the
slot on the back cover plate as shown in Figure 4-22.
61905
Figure 4-22 Attaching PIX 515/515E Back Cover Plate
Step 5
Attach the screw to hold the circuit board connecting flange to the cover plate, and install the screws to
attach the cover plate to the PIX 515/515E.
Step 6
Reattach the chassis cover.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-21
Chapter 4
PIX 515/515E
Installing a Circuit Board in the PIX 515/515E
Figure 4-23 4-Port Circuit Board Overlap
27884
Overlap
Note
If you are installing a 4-port circuit board, note that the circuit board overlaps the slot connector
on the motherboard. This does not affect the use or operation of the circuit board. See
Figure 4-23.
VPN Accelerator Circuit Board
The VPN Accelerator (PIX-VPN-ACCEL) is an encryption and accelerator circuit board. The VPN
Accelerator uses a PCI interface and therefore can only be installed in PIX security appliance platforms
with PCI slots. The VPN Accelerator begins to function immediately after installation without the need
of special installation configurations.
Note
The new VPN Accelerator cannot be used with the former PIX security appliance IPSec accelerator in
the same chassis. The PIX security appliance IPSec accelerator was also known as the Private Link card.
Cisco PIX Security Appliance Hardware Installation Guide
4-22
78-15170-03
Chapter 4
PIX 515/515E
Installing the PIX 515/515E DC Model
Installing the PIX 515/515E DC Model
Warning
Before performing any of the following procedures, ensure that power is removed from the DC circuit.
To ensure that all power is OFF, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit
breaker in the OFF position.
To install the PIX 515/515E DC power model, perform the following steps:
Step 1
Read the Regulatory Compliance and Safety Information document.
Step 2
Terminate the DC input wiring on a DC source capable of supplying at least 15 amps. A 15-amp circuit
breaker is required at the 48 VDC facility power source. An easily accessible disconnect device should
be incorporated into the facility wiring.
Step 3
Power off the PIX 515/515E. Ensure that power is removed from the DC circuit. To ensure that all power
is OFF, locate the circuit breaker on the panel board that services the DC circuit, switch the circuit
breaker to the OFF position, and tape the switch handle of the circuit breaker in the OFF position.
Step 4
As shown in Figure 4-24, the PIX 515/515E is equipped with two grounding holes at the back of the unit,
which you can use to connect a two-hole grounding lug to the PIX 515/515E. Use 8-32 screws to connect
a copper standard barrel grounding lug to the holes. The ground lug must be NRTL listed or recognized.
In addition, the copper conductor (wires) must be used and the copper conductor must comply with the
NEC code for ampacity. The PIX 515/515E requires a lug where the distance between the center of each
hole is 0.56 inches. A lug is not supplied with the PIX 515/515E.
Figure 4-24 Attaching a Grounding Lug to the PIX Security Appliance
wire
Ground wire
To rack
ground
100 Mbps Link
wire
FDX
27885
10/100 ETHERNET 1
Grounding holes on
PIX DC model
8-32 screws
2-hole copper standard
barrel grounding lug
must be NRTL
listed or recognized
Step 5
Strip the ends of the wires for insertion into the power connect lugs on the PIX 515/515E.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
4-23
Chapter 4
PIX 515/515E
Installing the PIX 515/515E DC Model
Step 6
Insert the ground wire into the connector for the earth ground and tighten the screw on the connector.
Refer to Figure 4-24 and, using the same method as for the ground wire, connect the negative wire and
then the positive wire.
Note
The DC return connection to this system is to remain isolated from the system frame and
chassis (DC-I).
Step 7
After wiring the DC power supply, remove the tape from the circuit breaker switch handle and reinstate
power by moving the handle of the circuit breaker to the ON position.
Step 8
Install any remaining interface boards as described in the “Installing a Circuit Board in the
PIX 515/515E” section on page 4-19.
Step 9
Power on the unit from the switch at the rear of the unit.
Note
If you need to power cycle the DC PIX 515/515E, wait at least five seconds between powering off the
unit and powering it back on.
Cisco PIX Security Appliance Hardware Installation Guide
4-24
78-15170-03
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising