You'll be entered into a quarterly drawing for
free
Cisco Press books by returning this survey! Cisco is dedicated to customer
satisfaction and would like to hear your thoughts on these printed manuals. Please visit the Cisco Product Comments on-line
survey at
www.cisco.com/go/crc
to submit your comments about accessing Cisco technical manuals. Thank you for your time.
General Information
1 Years of networking experience: Years of experience with Cisco products:
2 I have these network types: LAN Backbone WAN
Other:
3 I have these Cisco products: Switches Routers
Other (specify models):
4 I perform these types of tasks: H/W installation and/or maintenance S/W configuration
Network management Other:
5 I use these types of documentation: H/W installation H/W configuration S/W configuration
Command reference Quick reference Release notes Online help
Other:
6 I access this information through: % Cisco.com % CD-ROM % Printed manuals
% Other:
7 I prefer this access method: Cisco.com CD-ROM Printed manuals
Other:
8 I use the following three product features the most:
Document Information
Document Title: Cisco PIX Security Appliance Hardware Installation Guide
Part Number: 78-15170-03 S/W Release (if applicable):
On a scale of 1–5 (5 being the best), please let us know how we rate in the following areas:
The document is complete. The information is accurate.
The information is well organized. The information I wanted was easy to find.
The document is written at my
technical level of understanding.
Please comment on our lowest scores:
The information I found was useful to my job.
Mailing Information
Organization Date
Contact Name
Mailing Address
City State/Province Zip/Postal Code
Country Phone ( ) Extension
E-mail Fax ( )
May we contact you further concerning our documentation? Yes No
You can also send us your comments by e-mail to bug-doc@cisco.com, or by fax to 408-527-8089.
When mailing this card from outside of the United States, please enclose in an envelope addressed to the location on the back of this card with
the required postage or fax to 1-408-527-8089.
SAN JOSE CA 95134-9916
BUSINESS REPLY MAIL
FIRST-CLASS MAIL PERMIT NO. 4631 SAN JOSE CA
POSTAGE WILL BE PAID BY ADDRESSEE
DOCUMENT RESOURCE CONNECTION
CISCO SYSTEMS INC
170 WEST TASMAN DR
UNITED STATES
IN THE
NO POSTAGE
NECESSARY
IF MAILED
Cisco PIX Security Appliance
Hardware Installation Guide
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7815170=
Text Part Number: 78-15170-03
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following inform ation is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant
to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required
to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not
installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to
comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable
protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.
Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital
devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television
communications at your own expense.
You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its
peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:
• Turn the television or radio antenna until the interference stops.
• Move the equipment to one side or the other of the television or radio.
• Move the equipment farther away from the television or radio.
• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits
controlled by different circuit breakers or fuses.)
Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and
iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ
Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Pac k e t, PIX, Post-Routing, Pre-Routing,
ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered
trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0502R)
Cisco PIX Security Appliance Hardware Installation Guide
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
About This Guide vii
Document Objectives vii
Audience vii
Document Organization viii
Document Conventions viii
Warning Definition ix
Cautions xii
Obtaining Documentation xiv
Cisco.com xv
Ordering Documentation xv
Documentation Feedback xv
Obtaining Technical Assistance xv
Cisco Technical Support Website xvi
Submitting a Service Request xvi
Definitions of Service Request Severity xvi
CONTENTS
CHAPTER
CHAPTER
Obtaining Additional Publications and Information xvii
1 Preparing for Installation 1-1
Installation Overview 1-1
Safety Recommendations 1-2
Maintaining Safety with Electricity 1-2
Preventing Electrostatic Discharge Damage 1-3
General Site Requirements 1-4
Site Environment 1-4
Preventive Site Configuration 1-4
Power Supply Considerations 1-4
Configuring Equipment Racks 1-5
2 PIX 501 2-1
PIX 501 Product Overview 2-1
Installing the PIX 501 2-3
Connecting a Power Supply Module to the PIX 501 2-3
PIX 501 Cable Lock 2-4
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
iii
Contents
Removing and Replacing the PIX 501 Chassis Cover 2-4
Removing the Chassis Cover 2-4
Replacing the Chassis Cover 2-5
Replacing a Lithium Battery 2-6
CHAPTER
CHAPTER
3 PIX 506/506E 3-1
PIX 506/506E Product Overview 3-1
Installing the PIX 506/506E 3-3
Connecting a Power Supply Module to the PIX 506/506E 3-4
Removing and Replacing the PIX 506/506E Chassis Cover 3-6
Removing the Chassis Cover 3-6
Replacing the Chassis Cover 3-7
Replacing a Lithium Battery 3-7
4 PIX 515/515E 4-1
PIX 515/515E Product Overview 4-1
Installing the PIX 515/515E 4-3
Surface Mounting the PIX 515/515E 4-4
Rack Mounting the PIX 515/515E 4-5
Vertical Mounting the PIX 515/515E 4-5
Installing the PIX 515/515E 4-6
PIX 515/515E Feature Licenses 4-8
VPN Accelerator Card 4-9
VPN Accelerator Card+ 4-9
iv
Installing Failover 4-9
Installing LAN-Based Failover 4-12
Removing and Replacing the PIX 515/515E Chassis Cover 4-13
Removing the Chassis Cover 4-13
Replacing the Chassis Cover 4-15
Replacing a Lithium Battery 4-15
Installing a Memory Upgrade 4-16
Memory Installation Steps 4-16
Installing a Circuit Board in the PIX 515/515E 4-19
Fast Ethernet Circuit Board 4-20
VPN Accelerator Circuit Board 4-22
Installing the PIX 515/515E DC Model 4-23
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
Contents
CHAPTER
5 PIX 520 5-1
PIX 520 Product Overview 5-1
Installing the PIX 520 5-4
PIX 520 Feature Licenses 5-6
Installing Failover 5-7
Installing LAN-Based Failover 5-8
Removing and Replacing the PIX 520 Chassis Cover 5-10
Removing the Chassis Cover 5-10
Replacing the Chassis Cover 5-11
Replacing a Lithium Battery 5-12
Installing a Memory Upgrade 5-12
Memory Installation Steps 5-13
Installing a Circuit Board in the PIX 520 5-15
16 MB Flash Circuit Board 5-18
VPN Accelerator Circuit Board 5-19
Gigabit Ethernet Circuit Board 5-20
Installing the PIX 520 DC Model 5-21
CHAPTER
6 PIX 525 6-1
PIX 525 Product Overview 6-1
Installing the PIX 525 6-3
PIX 525 Feature Licenses 6-5
VPN Accelerator Card 6-6
VPN Accelerator Card+ 6-6
Installing Failover 6-6
Installing LAN-Based Failover 6-8
Removing and Replacing the PIX 525 Chassis Cover 6-9
Removing the Chassis Cover 6-9
Replacing the Chassis Cover 6-11
Replacing a Lithium Battery 6-12
Installing a Memory Upgrade 6-12
Memory Installation Steps 6-13
Installing a Circuit Board in the PIX 525 6-15
Fast Ethernet Circuit Board 6-17
VPN Accelerator Circuit Board 6-18
Gigabit Ethernet Circuit Board 6-18
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
v
Contents
Installing a DC Power Supply 6-19
Rerouting the Fan Wiring 6-24
CHAPTER
7 PIX 535 7-1
PIX 535 Product Overview 7-1
PIX 535 Network Interface Description 7-4
Installing the PIX 535 7-5
Before Installing the PIX 535 7-5
Mounting the PIX 535 7-5
PIX 535 Network Interface Installation 7-6
PIX 535 Feature Licenses 7-6
VPN Accelerator Card 7-7
VPN Accelerator Card+ 7-7
Installing Failover 7-8
Installing LAN-Based Failover 7-9
Replacing a Lithium Battery 7-10
Installing a Memory Upgrade 7-11
Installing a Circuit Board in the PIX 535 7-14
PIX 535 Circuit Board Options 7-14
Circuit Board Slot Description 7-16
Installing a Circuit Board 7-17
16 MB Flash Circuit Board 7-18
VPN Accelerator Circuit Board 7-20
Gigabit Ethernet Circuit Board 7-20
APPENDIX
I
NDEX
vi
Installing the PIX 535 DC Model 7-21
A Cable Pinouts A-1
10BaseT and 100BaseTX Connectors A-1
Console Port (RJ-45) A-2
RJ-45 to DB-9 or DB-25 Serial Cable A-4
Failover Cable Pinouts A-4
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
About This Guide
This preface includes the following sections:
• Document Objectives, page vii
• Audience, page vii
• Document Organization, page viii
• Document Conventions, page viii
• Warning Definition, page ix
• Cautions, page xii
• Obtaining Documentation, page xiv
• Documentation Feedback, page xv
• Obtaining Technical Assistance, page xv
• Obtaining Additional Publications and Information, page xvii
Document Objectives
Audience
78-15170-03
This guide describes how to install the Cisco PIX security appliance hardware components.
This guide is for network administrators who perform any of the following tasks:
• Managing network security
• Installing and configuring firewalls, security appliances, or similar network equipment
• Managing default and static routes, and TCP and UDP services
Cisco PIX Security Appliance Hardware Installation Guide
vii
Document Organization
Document Organization
This guide includes the following chapters:
• Chapter 1, “Preparing for Installation,” describes the installation overview, safety
recommendations, and general site requirements.
• Chapter 2, “PIX 501,” provides a product overview, installation instructions, and lithium battery
replacement instructions.
• Chapter 3, “PIX 506/506E,” provides a product overview, installation instructions, and lithium
battery replacement instructions.
• Chapter 4, “PIX 515/515E,” provides a product overview, installation instructions, as well as the
procedure to remove and replace the chassis cover. This chapter also includes installation procedures
for the circuit board and installation of the DC model.
• Chapter 5, “PIX 520,” provides a product overview, installation instructions, as well as the
procedure to remove and replace the chassis cover. This chapter also includes the procedure for
installation of the DC model.
• Chapter 6, “PIX 525,” provides a product overview, installation instructions, as well as the
procedure to remove and replace the chassis cover. This chapter also includes installation procedures
for the circuit board and installation of the DC model.
About This Guide
• Chapter 7, “PIX 535,” provides a product overview, installation instructions, as well as the
installation procedure for the circuit board and installation of the DC model.
• Appendix A, “Cable Pinouts,” provides cable pinouts.
Document Conventions
Command descriptions use these conventions:
• Braces ({ }) indicate a required choice.
• Square brackets ([ ]) indicate optional elements.
• Vertical bars (|) separate alternative, mutually exclusive elements.
• Boldface indicates commands and keywords that are entered literally as shown.
• Italics indicate arguments for which you supply values.
Examples use these conventions:
• Examples depict screen displays and the command line in screen font.
• Information you need to enter in examples is shown in b oldface screen font.
• Variables for which you must supply a value are shown in
italic screen
font.
viii
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
About This Guide
Graphic user interface access uses these conventions:
• Boldface indicates buttons and menu items.
• Selecting a menu item (or screen) is indicated by the following convention:
Click Start > Settings > Control Panel.
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Warning Definition
Document Conventions
Warning
Waarschuwing
Varoitus
IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar
with standard practices for preventing accidents. Use the statement number provided at the end of
each warning to locate its translation in the translated safety warnings that accompanied this
device.
SAVE THESE INSTRUCTIONS
BELANGRIJKE VEILIGHEIDSINSTRUCTIES
Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan
veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij
elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van de standaard
praktijken om ongelukken te voorkomen. Gebruik het nummer van de verklaring onderaan de
waarschuwing als u een vertaling van de waarschuwing die bij het apparaat wordt geleverd, wilt
raadplegen.
BEWAAR DEZE INSTRUCTIES
TÄRKEITÄ TURVALLISUUSOHJEITA
Tämä varoitusmerkki merkitsee vaaraa. Tilanne voi aiheuttaa ruumiillisia vammoja. Ennen kuin
käsittelet laitteistoa, huomioi sähköpiirien käsittelemiseen liittyvät riskit ja tutustu
onnettomuuksien yleisiin ehkäisytapoihin. Turvallisuusvaroitusten käännökset löytyvät laitteen
mukana toimitettujen käännettyjen turvallisuusvaroitusten joukosta varoitusten lopussa näkyvien
lausuntonumeroiden avulla.
78-15170-03
SÄILYTÄ NÄMÄ OHJEET
Cisco PIX Security Appliance Hardware Installation Guide
ix
Document Conventions
About This Guide
Attention
Warnung
Avvertenza
IMPORTANTES INFORMATIONS DE SÉCURITÉ
Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant
entraîner des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez
conscient des dangers liés aux circuits électriques et familiarisez-vous avec les procédures
couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions des
avertissements figurant dans les consignes de sécurité traduites qui accompagnent cet appareil,
référez-vous au numéro de l'instruction situé à la fin de chaque avertissement.
CONSERVEZ CES INFORMATIONS
WICHTIGE SICHERHEITSHINWEISE
Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu Verletzungen
führen kann. Machen Sie sich vor der Arbeit mit Geräten mit den Gefahren elektrischer Schaltungen
und den üblichen Verfahren zur Vorbeugung vor Unfällen vertraut. Suchen Sie mit der am Ende jeder
Warnung angegebenen Anweisungsnummer nach der jeweiligen Übersetzung in den übersetzten
Sicherheitshinweisen, die zusammen mit diesem Gerät ausgeliefert wurden.
BEWAHREN SIE DIESE HINWEISE GUT AUF.
IMPORTANTI ISTRUZIONI SULLA SICUREZZA
Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle
persone. Prima di intervenire su qualsiasi apparecchiatura, occorre essere al corrente dei pericoli
relativi ai circuiti elettrici e conoscere le procedure standard per la prevenzione di incidenti.
Utilizzare il numero di istruzione presente alla fine di ciascuna avvertenza per individuare le
traduzioni delle avvertenze riportate in questo documento.
Advarsel
Aviso
CONSERVARE QUESTE ISTRUZIONI
VIKTIGE SIKKERHETSINSTRUKSJONER
Dette advarselssymbolet betyr fare. Du er i en situasjon som kan føre til skade på person. Før du
begynner å arbeide med noe av utstyret, må du være oppmerksom på farene forbundet med
elektriske kretser, og kjenne til standardprosedyrer for å forhindre ulykker. Bruk nummeret i slutten
av hver advarsel for å finne oversettelsen i de oversatte sikkerhetsadvarslene som fulgte med denne
enheten.
TA VARE PÅ DISSE INSTRUKSJONENE
INSTRUÇÕES IMPORTANTES DE SEGURANÇA
Este símbolo de aviso significa perigo. Você está em uma situação que poderá ser causadora de
lesões corporais. Antes de iniciar a utilização de qualquer equipamento, tenha conhecimento dos
perigos envolvidos no manuseio de circuitos elétricos e familiarize-se com as práticas habituais de
prevenção de acidentes. Utilize o número da instrução fornecido ao final de cada aviso para
localizar sua tradução nos avisos de segurança traduzidos que acompanham este dispositivo.
GUARDE ESTAS INSTRUÇÕES
Cisco PIX Security Appliance Hardware Installation Guide
x
78-15170-03
About This Guide
Document Conventions
¡Advertencia!
Varning!
INSTRUCCIONES IMPORTANTES DE SEGURIDAD
Este símbolo de aviso indica peligro. Existe riesgo para su integridad física. Antes de manipular
cualquier equipo, considere los riesgos de la corriente eléctrica y familiarícese con los
procedimientos estándar de prevención de accidentes. Al final de cada advertencia encontrará el
número que le ayudará a encontrar el texto traducido en el apartado de traducciones que acompaña
a este dispositivo.
GUARDE ESTAS INSTRUCCIONES
VIKTIGA SÄKERHETSANVISNINGAR
Denna varningssignal signalerar fara. Du befinner dig i en situation som kan leda till personskada.
Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och
känna till vanliga förfaranden för att förebygga olyckor. Använd det nummer som finns i slutet av
varje varning för att hitta dess översättning i de översatta säkerhetsvarningar som medföljer denna
anordning.
SPARA DESSA ANVISNINGAR
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
xi
Cautions
About This Guide
Cautions
This section includes the following cautions:
• DC Power Connection Warning, page xii
• Lightening Protection Installation Warning, page xiii
• Power Supply Disconnection Warning, page xiii
• Jewelry Removal Warning, page xiii
• AC Power Disconnection Warning, page xiii
• TN Power Warning, page xiii
• 48 VDC Power System, page xiii
• More Than One Power Cord, page xiii
• Circuit Breaker (15A) Warning, page xiv
• Grounded Equipment Warning, page xiv
• Safety Cover Requirement, page xiv
• Faceplates and Cover Panel Requirement, page xiv
• Wrist Strap Warning, page xiv
DC Power Connection Warning
xii
Caution After wiring the DC power supply, remove the tape from the circuit breaker switch handle and
reinstate power by moving the handle of the circuit breaker to the ON position.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
About This Guide
Lightening Protection Installation Warning
Caution Lightning protection or grounding blocks are required to isolate or protect the in-building equipment
from the hazards associated with the outside plant or outside environment. Lightning protectors
and/or grounding blocks are normally installed outside the building just prior to the coaxial cable
entering the building.
Power Supply Disconnection Warning
Caution Before working on a chassis or working near power supplies, unplug the power cord on AC units;
disconnect the power at the circuit breaker on DC units.
Jewelry Removal Warning
Caution Before working on equipment that is connected to power lines, remove jewelry (including rings,
necklaces, and watches). Metal objects will heat up when connected to power and ground and can
cause serious burns or weld the metal object to the terminals.
Cautions
AC Power Disconnection Warning
Caution Before working on a chassis or working near power supplies, unplug the power cord on AC units.
TN Power Warning
Caution The device is designed to work with TN power systems.
48 VDC Power System
Caution The customer 48 volt power system must provide reinforced insulation between the primary AC
power and the 48 VDC output.
More Than One Power Cord
Caution This unit might have more than one power cord. To reduce the risk of electrical shock, disconnect all
power supply cords before servicing the unit.
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
xiii
Obtaining Documentation
Circuit Breaker (15A) Warning
Caution This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure
that a UL Listed and Certified fuse or circuit breaker no larger than 60 VDC, 15 A is used on all
current-carrying conductors.
Grounded Equipment Warning
Caution This equipment is intended to be grounded. Ensure that the host is connected to earth ground during
normal use.
Safety Cover Requirement
Caution The safety cover is an integral part of the product. Do not operate the unit without the safety cover
installed. Operating the unit without the cover in place will invalidate the safety approvals and pose
a risk of fire and electrical hazards.
About This Guide
Faceplates and Cover Panel Requirement
Caution Blank faceplates and cover panels serve three important functions: they prevent exposure to
hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI)
that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do
not operate the system unless all cards, faceplates, front covers, and rear covers are in place.
Wrist Strap Warning
Caution During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly
touch the backplane with your hand or any metal tool, or you could shock yourself.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several
ways to obtain technical assistance and other technical resources. These sections explain how to obtain
technical information from Cisco Systems.
xiv
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
About This Guide
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from
the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/index.shtml
Documentation Feedback
• Nonregistered Cisco.com users can order documentation through a local account representative by
calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in
North America, by calling 1 800 553-NETS (6387).
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco
Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical
Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical
Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service
contract, contact your reseller.
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
xv
Obtaining Technical Assistance
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and
resolving technical issues with Cisco products and technologies. The website is available 24 hours a day,
365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password.
If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting
a web or phone request for service. You can access the CPI tool from the Cisco Technical Support
Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product
Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product
Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID
or model name; by tree view; or for certain products, by copying and pasting show command output.
Search results show an illustration of your product with the serial number label location highlighted.
Locate the serial number label on your product and record the information before placing a service call.
About This Guide
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3
and S4 service requests are those in which your network is minimally impaired or for which you require
product information.) After you describe your situation, the TAC Service Request Tool provides
recommended solutions. If your issue is not resolved using the recommended resources, your service
request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone.
(S1 or S2 service requests are those in which your production network is down or severely degraded.)
Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business
operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
xvi
To ensure that all service requests are reported in a standard format, Cisco has established severity
definitions.
Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
About This Guide
Obtaining Additional Publications and Information
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
• Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit
Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
• The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as
ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://cisco.com/univercd/cc/td/doc/pcat/
• Cisco Press publishes a wide range of general networking, training and certification titles. Both new
and experienced users will benefit from these publications. For current Cisco Press titles and other
information, go to Cisco Press at this URL:
http://www.ciscopress.com
• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and
networking investments. Each quarter, Packet delivers coverage of the latest industry trends,
technology breakthroughs, and Cisco products and solutions, as well as network deployment and
troubleshooting tips, configuration examples, customer case studies, certification and training
information, and links to scores of in-depth online resources. You can access Packet magazine at
this URL:
http://www.cisco.com/packet
• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies
learn how they can use technology to increase revenue, streamline their business, and expand
services. The publication identifies the challenges facing these companies and the technologies to
help solve them, using real-world case studies and business strategies to help readers make sound
technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
78-15170-03
http://www.cisco.com/ipj
• World-class networking training is available from Cisco. You can view current offerings at
this URL:
http://www.cisco.com/en/US/learning/index.html
Cisco PIX Security Appliance Hardware Installation Guide
xvii
Obtaining Additional Publications and Information
About This Guide
xviii
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
CHAPTER
1
Preparing for Installation
This chapter describes how to install and add hardware upgrades that accompany the unit. The
information in this guide applies to the PIX 501, PIX 506/506E, PIX 515/515E, PIX 520, PIX 525, and
PIX 535. In this guide, the term “security appliance” refers to all models unless specifically noted
otherwise.
Caution Installing PIX software Version 6.0(1), or a later version, on an older model of PIX hardware, such as a
PIX “Classic” (PIX 10000) or PIX 510, causes the security appliance to reboot continuously until a
software version previous to 6.0(1) is reinstalled.
This chapter includes the following sections:
• Installation Overview, page 1-1
• Safety Recommendations, page 1-2
• General Site Requirements, page 1-4
Installation Overview
To prepare for the installation of the PIX security appliance, perform the following steps:
Note If your PIX security appliance model supports a failover configuration, perform the steps that follow
only on the primary (active) unit. (Not applicable to the PIX 501 or the PIX 506/506E.)
Step 1 Review the safety precautions outlined in the Regulatory Compliance and Safety Information document.
Step 2 Completely read the release notes for your respective software version.
Step 3 Unpack the PIX security appliance. The PIX security appliance consists of two main components, the
PIX security appliance unit and a separate accessory kit. The accessory kit contains documentation, a
power supply or cord, rack mounting hardware (not applicable to the PIX 501 or the PIX 506/506E), and
additional software you can use with the PIX security appliance.
Step 4 Place the PIX security appliance on a stable work surface.
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
1-1
Safety Recommendations
Safety Recommendations
Use the following guidelines and the information in the following sections to help ensure your safety and
protect the PIX security appliance. The list of guidelines may not address all potentially hazardous
situations in your working environment, so be alert and exercise good judgement at all times.
Note If you need to open the PIX security appliance case to install a hardware component, such as additional
memory or an interface card, doing so does not affect your Cisco warranty. Upgrading the PIX security
appliance does not require any special tools and does not create any radio frequency leaks.
The safety guidelines are as follows:
• Keep the chassis area clear and dust-free before, during, and after installation.
• Keep tools away from walk areas where you and others could fall over them.
• Do not wear loose clothing or jewelry, such as earrings, bracelets, or chains, that could get caught
in the chassis.
• Wear safety glasses if you are working under any conditions that might be hazardous to your eyes.
Chapter 1 Preparing for Installation
• Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
• Never attempt to lift an object that is too heavy for one person to handle.
This section includes the following topics:
• Maintaining Safety with Electricity, page 1-2
• Preventing Electrostatic Discharge Damage, page 1-3
Maintaining Safety with Electricity
Warning
Before working on a chassis or working near power supplies, unplug the power cord on AC units;
disconnect the power at the circuit breaker on DC units.
Follow these guidelines when working on equipment powered by electricity:
• Before beginning procedures that require access to the interior of the PIX security appliance, locate
the emergency power-off switch for the room in which you are working. Then, if an electrical
accident occurs, you can act quickly to turn off the power.
• Do not work alone if potentially hazardous conditions exist anywhere in your work space.
• Never assume that power is disconnected from a circuit; always check the circuit.
• Look carefully for possible hazards in your work area, such as moist floors, ungrounded power
extension cables, frayed power cords, and missing safety grounds.
1-2
• If an electrical accident occurs, proceed as follows:
–
Use caution; do not become a victim yourself.
–
Disconnect power from the system.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
Chapter 1 Preparing for Installation
–
–
• Use the PIX security appliance within its marked electrical ratings and product usage instructions.
• Install the PIX security appliance in compliance with local and national electrical codes as listed in
the Regulatory Compliance and Safety Information document.
• PIX security appliance models equipped with AC-input power supplies are shipped with a three-wire
electrical cord with a grounding-type plug that fits only a grounding-type power outlet. This is a
safety feature that you should not circumvent. Equipment grounding should comply with local and
national electrical codes.
• PIX security appliance models equipped with DC-input power supplies must be terminated with the
DC input wiring on a DC source capable of supplying at least 15 amps. A 15-amp circuit breaker is
required at the 48 VDC facility power source. An easily accessible disconnect device should be
incorporated into the facility wiring. Be sure to connect the grounding wire conduit to a solid earth
ground. We recommend that you use a closed loop ring to terminate the ground conductor at the
ground stud.
Safety Recommendations
If possible, send another person to get medical aid. Otherwise, assess the condition of the victim
and then call for help.
Determine if the person needs rescue breathing or external cardiac compressions; then take
appropriate action.
Other DC power guidelines are listed in the Regulatory Compliance and Safety Information document.
Preventing Electrostatic Discharge Damage
Electrostatic discharge (ESD) can damage equipment and impair electrical circuitry. ESD damage
occurs when electronic components are improperly handled and can result in complete or intermittent
failures.
• Always follow ESD-prevention procedures when removing and replacing components. Ensure that
the chassis is electrically connected to earth ground. Wear an ESD-preventive wrist strap, ensuring
that it makes good skin contact. Connect the grounding clip to an unpainted surface of the chassis
frame to safely ground ESD voltages. To properly guard against ESD damage and shocks, the wrist
strap and cord must operate effectively. If no wrist strap is available, ground yourself by touching
the metal part of the chassis.
• For safety, periodically check the resistance value of the antistatic strap, which should be between
1 and 10 megohms (Mohms).
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
1-3
General Site Requirements
General Site Requirements
The topics in this section describe the requirements your site must meet for safe installation and
operation of your system. Ensure that your site is properly prepared before beginning installation.
This section includes the following topics:
• Site Environment, page 1-4
• Preventive Site Configuration, page 1-4
• Power Supply Considerations, page 1-4
• Configuring Equipment Racks, page 1-5
Site Environment
The PIX security appliance can be placed on a desktop. Except for the PIX 501 and the PIX 506/506E,
all other PIX security appliance models can be mounted in a rack. The location of the PIX security
appliance and the layout of your equipment rack or wiring room are extremely important for proper
system operation. Equipment placed too close together, inadequate ventilation, and inaccessible panels
can cause system malfunctions and shutdowns, and can make PIX security appliance maintenance
difficult.
Chapter 1 Preparing for Installation
When planning your site layout and equipment locations, keep in mind the precautions described in the
next section “Preventive Site Configuration,” to help avoid equipment failures and reduce the possibility
of environmentally caused shutdowns. If you are currently experiencing shutdowns or unusually high
errors with your existing equipment, these precautions may help you isolate the cause of failures and
prevent future problems.
Preventive Site Configuration
The following precautions helps you plan an acceptable operating environment for your PIX security
appliance and helps you avoid environmentally caused equipment failures:
• Electrical equipment generates heat. Ambient air temperature might not be adequate to cool
equipment to acceptable operating temperatures without adequate circulation. Ensure that the room
in which you operate your system has adequate air circulation.
• Always follow the ESD-prevention procedures described previously to avoid damage to equipment.
Damage from static discharge can cause immediate or intermittent equipment failure.
• Ensure that the chassis cover is secure. The chassis is designed to allow cooling air to flow
effectively within it. An open chassis allows air leaks, which may interrupt and redirect the flow of
cooling air from internal components.
Power Supply Considerations
1-4
The PIX 515/515E, PIX 520, PIX 525, PIX 535, and PIX 10000, have AC power supplies. The
PIX 515/515E, PIX 520, PIX 525, and PIX 535 models can have either an AC or DC power supply. The
PIX 501 and the PIX 506/506E have an external power supply that converts AC to DC.
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
Chapter 1 Preparing for Installation
Observe the following considerations:
• Check the power at your site before installing the PIX security appliance to ensure that you are
receiving “clean” power (free of spikes and noise). Install a power conditioner if necessary, to ensure
proper voltages and power levels in the source voltage for the system.
• Install proper grounding for the site to avoid damage from lightning and power surges.
• In units equipped with AC-input power supplies, use the following guidelines:
–
–
–
–
–
General Site Requirements
The PIX 501, PIX 506/506E, and PIX 10000 models automatically select operating ranges of a
low range of 90 to 135 volts or a high range of 180 to 270 volts.
The PIX 510 and PIX 520 models operate with a source voltage ranging from 100 to 240 VAC;
the input power supply requires a 20 amp service minimum for North America and 10 amp or
16 amp for the international area.
The PIX 515/PIX 515E, PIX 525, and PIX 535 do not have a selectable operating range. Refer
to the label on each model for the correct AC-input power requirement.
Several styles of AC-input power supply cords are available; make sure you have the correct
style for your site.
Install an uninterruptible power source for your site, if possible.
–
Install proper site grounding facilities to guard against damage from lightning or power surges.
• In a unit equipped with DC-input power supplies, use the following guidelines:
–
Each DC-input power supply requires dedicated 15 amp service.
–
For DC power cables, we recommend that you use a minimum of 18 AWG wire cable.
Configuring Equipment Racks
Follow these tips to help plan for configuration of an equipment rack:
• PIX 515/515E, PIX 520, PIX 525, and PIX 535 security appliances require you to first attach rack
mounting brackets to the units before mounting them in an equipment rack.
• Enclosed racks must have adequate ventilation. Ensure that the rack is not overly congested because
each unit generates heat. An enclosed rack should have louvered sides and a fan to provide cooling
air.
• When mounting a chassis in an open rack, ensure that the rack frame does not block the intake or
exhaust ports. If the chassis is installed on slides, check the position of the chassis when it is seated
all the way into the rack.
• In an enclosed rack with a ventilation fan in the top, excessive heat generated by equipment near the
bottom of the rack can be drawn upward and into the intake ports of the equipment above it in the
rack. Ensure that you provide adequate ventilation for equipment at the bottom of the rack.
• Baffles can help to isolate exhaust air from intake air, which also helps to draw cooling air through
the chassis. The best placement of the baffles depends on the airflow patterns in the rack.
Experiment with different arrangements to position the baffles effectively.
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
1-5
General Site Requirements
Chapter 1 Preparing for Installation
1-6
Cisco PIX Security Appliance Hardware Installation Guide
78-15170-03
PIX 501
This chapter describes how to install the PIX 501, and includes the following sections:
• PIX 501 Product Overview, page 2-1
• Installing the PIX 501, page 2-3
• Connecting a Power Supply Module to the PIX 501, page 2-3
• Removing and Replacing the PIX 501 Chassis Cover, page 2-4
• Replacing a Lithium Battery, page 2-6
Note The PIX 501 is not supported in software Version 7.0(1).
PIX 501 Product Overview
CHAPTER
2
This section describes the PIX 501 front and rear panels and the panel LEDs.
Figure 2-1 shows the front view of the PIX 501.
Figure 2-1 PIX 501 Front Panel
CISCO
®
PIX
501
FIREWALL
POWER
VPN TUNNEL
LINK/ACT
1234
100 MBPS
67848
78-15170-03
Cisco PIX Security Appliance Hardware Installation Guide
2-1
PIX 501 Product Overview
Figure 2-2 shows the rear view of the PIX 501.
Figure 2-2 PIX 501 Rear Panel
POWER
4
3
2
1
0
CONSOLE
3.3V 4.5A
Figure 2-3 shows the PIX 501 front panel LEDs.
Chapter 2 PIX 501
67849
POWER
VPN TUNNEL
12
3
LINK/ACT
100 MBPS
4
61926
Table 2 - 1 lists the states of the PIX 501 front panel LEDs.
Figure 2-3 PIX 501 Front Panel LEDs
Table 2-1 PIX 501 Front Panel LEDs
LED Color State Description
POWER Green On The device is powered on.
Off The device is powered off.
LINK/ACT Green Flashing Network activity, such as Internet access, is present.
On The correct cable is in use, and the connected equipment has power and
is operational.
Off No link is established.
Tip If the LINK/ACT LED does not light up, you might be using the
wrong type of cable. Try replacing the yellow, straight-through
Ethernet cable with the orange, crossover Ethernet cable.
VPN TUNNEL Green On One or more IKE/IPSec VPN tunnels are established.
Off One or more IKE/IPSec VPN tunnels are disabled. If the standard
configuration is not modified to support VPN tunnels, the LED does not
light up because it is disabled by default. Also, the LED does not light up
when PPTP/L2TP tunnels are established.
100 MBPS Green On The interface is enabled at 100 Mbps (autonegotiated).
Off The interface is enabled at 10 Mbps.
Cisco PIX Security Appliance Hardware Installation Guide
2-2
78-15170-03
Chapter 2 PIX 501
Installing the PIX 501
Place the PIX 501 on a flat, stable surface. The PIX 501 is not rack mountable.
To install the PIX 501, perform the following steps:
Step 1 Connect Port 0, the outside Ethernet port, to the public network.
• Use the yellow Ethernet cable (72-1482-01) to connect the device to a switch or hub.
• Use the orange Ethernet cable (72-3515-01) to connect the device to a DSL modem, cable modem,
or router.
Step 2 Connect your PC or the other network devices to one of the four switched inside ports (numbered 1
through 4).
Connecting a Power Supply Module to the PIX 501
Installing the PIX 501
This section describes how to connect the power supply module to a PIX 501. Use this information in
conjunction with the Regulatory Compliance and Safety Information document.
To connect the power supply module to the PIX 501, perform the following steps:
Step 1 Connect the small, round connector of the power supply cable to the power connector on the rear panel
(see Figure 2-4).
Step 2 Connect the AC power connector of the power supply input cable to an electrical outlet.
Note The PIX 501 does not have a power switch. Completing Step 2 powers on the device.
Figure 2-4 Connecting the Power Supply Module to the PIX 501
POWER
43
2
1
0 CONSOLE
3.3V 4.5A
78-15170-03
Power supply
Cisco PIX Security Appliance Hardware Installation Guide
71534
2-3
Removing and Replacing the PIX 501 Chassis Cover
PIX 501 Cable Lock
The PIX 501 includes a slot that accepts standard desktop cable locks to provide physical security for
small portable equipment, such as laptop computers (see Figure 2-5).
Chapter 2 PIX 501
POWER
43
2
1
0 CONSOLE
3.3V 4.5A
Lock slot
Cable lock
(not included)
To install a security cable lock, perform the following steps:
Figure 2-5 PIX 501 Security Cable Lock
Step 1 Attach the cable lock to the lock slot on the back panel of the PIX 501.
Step 2 Follow the directions from the manufacturer for attaching the other end of the device for securing the
PIX 501.
Removing and Replacing the PIX 501 Chassis Cover
This section describes how to remove and replace the chassis cover from the PIX 501. This section
includes the following topics:
61929
• Removing the Chassis Cover, page 2-4
• Replacing the Chassis Cover, page 2-5
Removing the Chassis Cover
To remove the chassis cover, perform the following steps:
Note Removing the chassis cover does not affect your Cisco warranty. Upgrading the PIX security appliance
does not require any special tools and does not create any radio frequency leaks.
Step 1 Read the Regulatory Compliance and Safety Information document.
Step 2 Unplug the power cord from the power outlet to power off the security appliance.
Step 3 Disconnect the network interface cables.
Cisco PIX Security Appliance Hardware Installation Guide
2-4
78-15170-03
Loading...