Page 1
CHA PTER
6
PIX 525
This chapter guides you through the installation of the PIX 525, and includes the following sections:
• PIX 525 Product Overview, page 6-1
• Installing the PIX 525, page 6-3
• PIX 525 Feature Licenses, page 6-5
• Installing Failover, page 6-6
• Installing LAN-Based Failover, page 6-8
• Removing and Replacing the PIX 525 Chassis Cover, page 6-9
• Replacing a Lithium Battery, page 6-12
• Installing a Memory Upgrade, page 6-12
• Installing a Circuit Board in the PIX 525, page 6-15
• Installing a DC Power Supply, page 6-19
PIX 525 Product Overview
Figure 6-1 show the front view of the PIX 525.
78-15170-02
Figure 6-1 PIX 525 Front Panel
POWER
ACTIVE
CISCO SECURITY PIX 525
SERIES
FIREWALL
Cisco PIX Security Appliance Hardware Installation Guide
61906
6-1
Page 2
PIX 525 Product Overview
Figure 6-2 shows the rear view of the PIX 525.
Figure 6-2 PIX 525 Rear Panel
F
A
I
L
O
V
E
1
00M
bps A
CT
L
INK
1
00M
bps
10/1
0
0 ETH
ER
N
ET
1
R
A
C
T
1
0/100
P
IX-525
LIN
K
E
T
H
ER
NE
T 0
U
SB
C
O
N
S
OLE
There are two LEDs on the front panel of the PIX 525 (see Figure 6-3).
Figure 6-3 PIX 525 Front Panel LEDs
Chapter 6 PIX 525
61907
61913
Table 6-1 lists the state of the PIX 525 front panel LEDs.
Table 6-1 PIX 525 Front Panel LEDs
LED Color State Description
POWER Green On On when the unit has power.
ACT Green On On when the unit is the active failover unit.
Off Off when the unit is in standby mode.
There are three LEDs for the each RJ-45 interface port and three types of fixed interface connectors on
the back of the PIX 525.
Cisco PIX Security Appliance Hardware Installation Guide
6-2
78-15170-02
Page 3
Chapter 6 PIX 525
F
A
I
L
O
V
E
R
1
0
0M
b
ps A
C
T
1
00M
b
ps A
C
T
LIN
K
LIN
K
PIX
-5
25
10/100 ETHERNET 1
10/100 ETHERNET 0
USB
CONSOLE
Installing the PIX 525
Figure 6-4 shows the PIX 525 rear panel LEDs.
Figure 6-4 PIX 525 Rear Panel LEDs
ACT(ivity)
LED
100Mbps
LED
10/100 BaseTX
Ethernet 1
ACT(ivity)
LINK
LED
LED
LINK
LED
Failover
connector
USB
port
(RJ-45)
10/100 BaseTX
Ethernet 0
Console
port (RJ-45)
(RJ-45)
Table 6-2 lists the states of the PIX 525 rear panel LEDs.
Table 6-2 PIX 525 Rear Panel LEDs
61912
LED Color State Description
100 Mbps Green On Port 100 megabits per second 100BaseTX communication.
ACT Green Flashing Shows network activity.
LINK Green On Shows that data is passing through that interface.
The PIX 525 has RJ-45, network and console connectors, as well as a DB-15 Failover cable connector.
The USB port is not used at this time.
Installing the PIX 525
To install the PIX 525, perform the following steps:
Step 1 The PIX 525 provides one set of brackets for installing the unit in an equipment rack. Complete these
steps if the unit is going to be installed into an equipment rack:
a. Attach the brackets to the holes near the front of the unit on each side of the PIX 525 using the
supplied screws.
b. Attach the unit to the equipment rack.
78-15170-02
Off Port is using 10 megabits per second data exchange.
Cisco PIX Security Appliance Hardware Installation Guide
6-3
Page 4
Installing the PIX 525
F
A
I
L
O
V
E
R
100
M
bps A
C
T
100M
bps AC
T
LIN
K
LIN
K
P
IX
-525
10/100 ETHERNET 1
10/100 ETHERNET 0
USB
CONSOLE
Step 2 Connect the cable so that you have either a DB-9 or DB-25 connector on one end as required by the serial
Step 3 Connect the RJ-45 serial cable connector to the PIX 525 console connector and connect the other end to
Chapter 6 PIX 525
port for your computer, and the other end is the RJ-45 connector as shown in Figure 6-5.
Note Use the Console port to connect a computer to enter configuration commands. Locate the serial
cable from the accessory kit. The serial cable assembly consists of a null modem cable with
RJ-45 connectors, and one DB-9 connector and a DB-25 connector.
the serial port connector on your computer.
Figure 6-5 PIX 525 Rear Panel
Console
port (RJ-45)
RJ-45 to
DB-9 or DB-25
PC terminal adapter DB-9
serial cable
(null-modem)
104944
Step 4
Connect the outside network cable to the remaining Ethernet port. Refer to the “PIX 525 Feature
Licenses” section on page 6-5 for information on how to configure the ports.
Note The inside or outside network connections can be made to any available interface port on the
PIX 525. If you are only using the ETHERNET 0 and ETHERNET 1 ports, connect the inside
network cable to the interface connector marked ETHERNET 0 or ETHERNET 1.
Step 5 If you need to install an optional circuit board, refer to the “Installing a Circuit Board in the PIX 525”
section on page 6-15. If you need to install memory, refer to the “Installing a Memory Upgrade” section
on page 6-12 for more information.
Note It is not necessary to remove the chassis cover of the PIX 525 to access the circuit boards or
memory.
Cisco PIX Security Appliance Hardware Installation Guide
6-4
78-15170-02
Page 5
Chapter 6 PIX 525
Step 6 Connect the network cables to the expansion interface ports. (The inside, outside, or perimeter network
connections can be made to any available interface port on the PIX 525.) The first expansion port
number, at the top left, is interface 2. Starting from that port and going from left to right and top to
bottom, the next port is interface 3, the next is interface 4, and so on. Refer to the “PIX 525 Feature
Licenses” section on page 6-5 for information on how to configure the ports.
Step 7 If you have a second PIX security appliance to use as a failover unit, install the failover feature and cable
as described in the “Installing Failover” section on page 6-6.
Note Do not power on the standby failover unit until the primary unit is configured.
Step 8 When you are ready to start the PIX 525, power on the unit from the switch at the rear of the unit.
PIX 525 Feature Licenses
If you have the PIX-525-UR unrestricted feature license, the following options are available:
• If you have a second PIX 525 to use as a failover unit, install the failover feature and cable as
described in the “Installing Failover” section on page 6-6.
• If needed, install the PIX security appliance syslog server as described on the logging command
page in the command reference online at:
PIX 525 Feature Licenses
http://cisco.com/en/US/products/sw/secursw/ps2120/prod_command_reference_list.html
• If you need to install an optional circuit board, refer to the “Installing a Circuit Board in the
PIX 525” section on page 6-15.
• If you need to install additional memory, refer to the “Installing a Memory Upgrade” section on
page 6-12.
For information on upgrading feature licenses or downloading the latest software versions, refer to the
configuration guide online at:
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html
This section includes the following topics:
• VPN Accelerator Card, page 6-6
• VPN Accelerator Card+, page 6-6
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-5
Page 6
Installing Failover
VPN Accelerator Card
The VPN Accelerator Card (VAC) for the Cisco PIX security appliance series is a card that provides
high-performance, tunneling and encryption services suitable for site-to-site and remote access applications.
The VAC is integrated with PIX 525 unrestricted (UR) and failover (FO) bundles. You can also purchase the
VAC as a spare for use with PIX 525 units that have a restricted (R) license.
VPN Accelerator Card+
The VAC+ is a 64-bit/66 MHz PCI card that provides faster tunneling and encryption services for Virtual
Private Network (VPN) remote access, and site-to-site intranet and extranet applications, than the VAC.
Each VAC+ occupies a single PCI slot in the system. The VAC+ is supported on any chassis that runs
software Version 6.3 or later, has an appropriate license to run VPN software, and at least one PCI slot
available. While the VAC continues to be supported in Version 6.3, if both types of cards, the VAC and
the VAC+, are installed in a system running Version 6.3, the VAC card is ignored. The VAC+ runs at both
32-bit/33 MHz and 64-bit/66 MHz, and does not slow down the bus when other 66 MHz cards are
installed. We strongly recommend that you install the VAC+ in a 64bit/66 MHz slot. Performance will be
degraded if this recommendation is not followed.
Chapter 6 PIX 525
The VAC+ driver supports the following:
• 3DES, DES, AES, SHA1, MD5 for (IPSec) ESP protocol (For AES, only the CBC mode and key
sizes of 128, 192, and 256 bits are supported).
• SHA1, MD5 for the (IPSec) AH protocol.
• Load sharing ESP and AH activity between up to three VAC+.
• Diffie-Hellman public key and shared secret generation.
• Any other crypto-related activity uses a software implementation.
Installing Failover
To install a failover connection, perform the following steps:
Step 1 Power off both the primary and secondary units.
Note Both PIX security appliances must have the same model number, have at least as much RAM,
have the same Flash memory size, and be running the same software version. Note that the
PIX-4FE and PIX-4FE-66 cards are considered equivalent and interchangeable. You can install
a PIX-4FE in the primary unit and a PIX-4FE-66 in the secondary unit, as long as you install
them in the same slot number of each chassis. For example, if you install a PIX-4FE in Slot 1 of
the primary unit, you must also install the PIX-4FE-66 in Slot 1 of the secondary unit.
Step 2 Locate the failover cable (shown in Figure 6-6). This cable is shipped separately from the PIX security
appliance. The cable is labeled “Primary” on one end and “Secondary” on the other.
Cisco PIX Security Appliance Hardware Installation Guide
6-6
78-15170-02
Page 7
Chapter 6 PIX 525
Install the cable for the PIX 525 as shown in Figure 6-6.
Figure 6-6 PIX 525 Failover Cable Connection
F
A
I
L
O
V
E
R
Y
R
A
M
I
R
P
Primary end
Y
R
A
D
N
O
C
E
S
Secondary end
F
A
I
L
O
V
E
R
Installing Failover
12395
Step 3
Connect the Primary end of the failover cable to the first PIX security appliance; that is, the one you have
already configured.
Note We highly recommend that you use a GE failover link when connecting the PIX 525 with GE
interfaces.
Step 4 Connect the Secondary end of the failover cable to the standby unit.
Step 5 Connect a power cord to the power connector on the rear panel of each unit, and the other end of each
power cord to (preferably separate) power outlets.
Step 6 If you are using Stateful Failover, use one of the following types of connections, that is appropriate for
your system, between the dedicated interfaces on the PIX security appliance:
• Category 5 crossover cable directly connecting the primary unit to the secondary unit
• 100BaseTX half-duplex hub using Straight-through Category 5 cables
• 100BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch
Note All enabled interfaces must be connected between the active and standby units. Only configure
the active unit. On the PIX 525, the active unit is indicated by the ACT LED on the front panel.
(See Figure 6-3.)
Caution Do not turn the power on until the units are connected and the primary unit is configured completely.
Step 7 Power on the primary unit first, then power on the secondary unit. Within a few seconds, the active unit
automatically downloads its configuration to the standby unit.
If the primary unit fails, the secondary unit automatically becomes active.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-7
Page 8
Installing LAN-Based Failover
Installing LAN-Based Failover
LAN-based failover supports failover between two units connected over a dedicated Ethernet interface.
LAN-based failover eliminates the need for a special failover cable and overcomes the distance
limitations imposed by the failover cable.
Note Both PIX security appliances must be the same model number, have the same amount of RAM, Flash
memory, number and type of interfaces, and be running the same software version.
To set up a LAN-based failover connection, perform the following steps:
Step 1 Disconnect both PIX security appliance, so that there is no traffic flow between them. If the failover
cable is connected to the PIX security appliance, disconnect it.
Step 2 Configure the PIX security appliance for LAN-based failover. Refer to the chapter on configuring
LAN-based failover in the configuration guide online at:
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html
Step 3 Power off both units.
Chapter 6 PIX 525
Step 4 Connect the LAN failover interfaces to the dedicated switch/hub, as shown in Figure 6-7.
Note A dedicated LAN interface and a dedicated switch (or VLAN) is required to implement
LAN-based failover. You cannot use a crossover Ethernet cable to connect the two PIX security
appliances.
Figure 6-7 LAN- Based Failover Connections
Dedicated Ethernet
interface
1
0
0
M
b
p
s
A
C
T
L
IN
K
1
0
0
M
b
p
s
A
C
T
1
0
/
1
0
0
E
T
H
E
R
N
E
T
1
1
0
/
1
0
0
E
T
H
Hub/switch
PIX 525
F
A
I
L
O
V
E
R
P
I
X
5
2
5
L
IN
K
E
R
N
E
T
0
U
S
B
C
O
N
S
O
L
E
1
0
0
F
A
I
L
O
V
E
R
M
b
p
s
A
C
T
L
I
N
K
1
0
0
M
b
p
s
A
C
T
L
I
N
K
1
0
/
1
0
0
E
T
H
E
R
N
E
T
1
1
0
/
1
0
0
E
T
H
E
R
N
E
T
0
U
S
B
C
O
N
S
Dedicated Ethernet
interface
PIX 525
P
I
X
5
2
5
O
L
E
87366
87367
Cisco PIX Security Appliance Hardware Installation Guide
6-8
78-15170-02
Page 9
Chapter 6 PIX 525
Removing and Replacing the PIX 525 Chassis Cover
Step 5 If you are using Stateful Failover, use one of the following types of connections, that is appropriate for
your system, between the dedicated interfaces on the PIX security appliance units:
• 100BaseTX full duplex on a dedicated switch or dedicated VLAN of a switch
• 1000BaseSX full duplex on a dedicated switch or dedicated VLAN of a switch
Caution Do not turn the power on until the units are connected and the primary unit is configured completely.
Step 6 Power the primary unit on first, then power on the secondary unit. Within a few seconds, the active unit
automatically downloads its configuration to the standby unit.
If the primary unit fails, the secondary unit automatically becomes active.
Removing and Replacing the PIX 525 Chassis Cover
This section describes how to remove and replace the chassis cover from PIX 525. This section includes
the following topics:
• Removing the Chassis Cover, page 6-9
• Replacing the Chassis Cover, page 6-11
Removing the Chassis Cover
Note Removing the PIX security appliance chassis cover does not affect your Cisco warranty. Upgrading the
PIX security appliance does not require any special tools and does not create any radio frequency leak.
To remove the chassis cover, perform the following steps:
Step 1 Read the Regulatory Compliance and Safety Information document.
Step 2 Power off the PIX 525 and disconnect site power.
Note The power switch is part of the power supply.
Step 3 Place the PIX 525 so that the front panel is facing you. If you place the PIX 525 on a table, ensure that
you have clear access to all sides.
Step 4 Remove the four screws on the chassis cover. (See Figure 6-8.)
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-9
Page 10
Removing and Replacing the PIX 525 Chassis Cover
Figure 6-8 Removing the Chassis Cover Screws
P
O
W
E
R
A
C
T
IV
E
CISCO SECURITY PIX 525
FIREWALL
S
E
Chapter 6 PIX 525
55324
R
IE
S
Step 5 Lift the chassis cover upward and pull it away from the tabs on the rear of the chassis. (See Figure 6-9.)
Figure 6-9 Removing the Chassis Cover
Chassis cover
P
O
W
E
R
A
C
T
IV
E
55325
CISCO SECURITY PIX 525
FIREWALL
S
E
R
IE
Front panel
S
Chassis bottom
Cisco PIX Security Appliance Hardware Installation Guide
6-10
78-15170-02
Page 11
Chapter 6 PIX 525
Replacing the Chassis Cover
To replace the chassis cover, perform the following steps:
Step 1 Place the chassis bottom so that the front panel is facing you.
Step 2 Hold the chassis cover over the chassis bottom, and align each of the cover tabs with the chassis tabs at
the top rear of the chassis. (See Figure 6-10.)
Step 3 Lower the front of the top cover to close the chassis, and ensure the following:
• The chassis cover tabs fit under the edge of the chassis rear panel so that they are not exposed.
• The chassis tabs fit under the chassis cover so that they are not exposed.
• The chassis cover side tabs on both sides fit inside the chassis side panels so that they are not
exposed.
When the chassis cover is properly assembled, no tabs are visible.
Step 4 Secure the chassis cover with the four screws you previously removed.
Step 5 Reinstall all interface cables.
Removing and Replacing the PIX 525 Chassis Cover
Figure 6-10 Replacing the Chassis Cover
Chassis cover
P
O
W
E
R
A
C
T
IV
E
CISCO SECURITY PIX 525
FIREWALL
S
E
R
IE
Front panel
Chassis
tabs
55330
S
Chassis bottom
Step 6
Connect the power to the site power and power on the PIX 525. The internal power supply fan should go
on.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-11
Page 12
Replacing a Lithium Battery
Replacing a Lithium Battery
The PIX security appliance has a lithium battery on its main circuit board. This battery has an operating
life of about ten years. When the battery loses its charge, the PIX security appliance cannot function.
The lithium battery is not a field-replacable unit (FRU). Contact Cisco TAC to replace the battery.
Note Do not attempt to replace this battery yourself.
Chapter 6 PIX 525
Warning
Danger of explosion exists if the lithium battery is incorrectly replaced. Replace only with the same
or equivalent type recommended by the manufacturer. Dispose of used batteries according to the
manufacturer's instructions.
Installing a Memory Upgrade
Observe the following warnings, cautions, and notes when installing additional PIX security appliance
system memory.
The following statement applies to DC models:
Warning
Warning
Before performing any of the following procedures, ensure that power is removed from the DC circuit.
To ensure that all power is OFF, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit
breaker in the OFF position.
The following statement applies to both AC and DC models:
Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord.
Caution Always remove old memory before installing new memory.
Caution If you remove the PIX security appliance chassis cover, always reinstall the cover. Running the PIX security
appliance without the chassis cover causes overheating and damage to electrical components.
Memory Installation Steps
To install additional system memory, perform the following steps:
Step 1 If the unit is rack-mounted, remove network wires and any cords connecting to the PIX security
appliance. Ensure that the unit is unplugged from its power source.
Step 2 Unpack the items in the memory upgrade kit.
Cisco PIX Security Appliance Hardware Installation Guide
6-12
78-15170-02
Page 13
Chapter 6 PIX 525
Step 3 Remove the component tray and all the screws holding the assembly in place. Refer to the “Removing
Step 4 Determine the location of your system memory sockets (see Figure 6-11).
Step 5 Use the markings on the motherboard to determine the socket numbers. Always install the first memory
Installing a Memory Upgrade
and Replacing the PIX 525 Chassis Cover” section on page 6-9 for more information.
strip into the lowest socket number. Progressively add memory strips into higher numbered sockets.
Figure 6-11 System Memory Location on the PIX 525 Component Tray
61910
Step 6
Locate the wrist grounding strap in the accessory kit and connect one end to the unit or to the
PIX security appliance chassis, and securely attach the other to your wrist so it contacts your bare skin.
Step 7 With the wrist strap on your wrist, carefully grasp the memory strip from either end. Note that a DIMM
strip has notches.
Step 8 To install a DIMM strip:
• Remove the old memory strip by opening the two plastic wing connectors, and pulling the old strip
up. Discard the old strip.
• When installing the memory strip in a PIX 525, install the new strip in Bank 0 as shown in
Figure 6-12 and Figure 6-13, by opening the two plastic wing connectors, inserting the strip, and
closing the wing connectors.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-13
Page 14
Installing a Memory Upgrade
Figure 6-12 Inserting a DIMM Memory Strip in the PIX 525
Bank 2
Bank 1
Bank 0
Chapter 6 PIX 525
DIMM
17997
Figure 6-13 Securing a DIMM Memory Strip in the PIX 525
17998
Bank 2
Bank 1
Bank 0
When you finish inserting new RAM memory, reinstall the tray on the PIX 525. Reattach the screws. If
desired, rack mount the PIX security appliance and attach all cables and cords as discussed in previous
sections. After the PIX security appliance is installed, you can view the amount of RAM memory in the
system startup messages or with the show version command.
Cisco PIX Security Appliance Hardware Installation Guide
6-14
78-15170-02
Page 15
Chapter 6 PIX 525
Installing a Circuit Board in the PIX 525
This section includes the following topics:
• Fast Ethernet Circuit Board, page 6-17
• VPN Accelerator Circuit Board, page 6-18
• Gigabit Ethernet Circuit Board, page 6-18
Note The PIX 525 Restricted Interface Options can have a maximum of six interfaces, and for the Unrestricted
Interface Options, a maximum of eight interfaces.
Table 6-3 lists the possible options/examples of configuration choices available for the PIX 525
restricted and unrestricted interface options.
Table 6-3 PIX 525 Interface Options
Restricted Interface Options Unrestricted Interface Options
3 FE 3 FE
2 FE + 1 VPN Accelerator 2 FE + 1 VPN Accelerator
3 GE 3 GE
2 GE + 1 VPN Accelerator 2 GE + 1 VPN Accelerator
1 GE + 1 FE 1 GE + 2 FE
1 GE + 1 FE + 1 VPN Accelerator 1 GE + 1 FE + 1 VPN Accelerator
1 4-Port FE 1 4-port FE
1 4-Port FE + 1 VPN Accelerator 1 4-port FE + 2 FE
2 4-port FE 2 4-port FE
1 4-port FE + 2 GE
1 4-port FE + 1 VPN Accelerator
1 4-port FE + 1 VPN Accelerator + 1 FE
1 4-port FE + 1 VPN Accelerator + 1 GE
Installing a Circuit Board in the PIX 525
To install a circuit board in the PIX 525, perform the following steps:
Step 1 Locate the grounding strap from the accessory kit. Fasten the grounding strap to your wrist so that it
contacts your bare skin. Attach the other end to bare metal on the PIX 525 chassis.
Step 2 Remove the screws from the rear panel of the component tray and slide the tray out (see Figure 6-14).
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-15
Page 16
Installing a Circuit Board in the PIX 525
Figure 6-14 The Component Tray at the Back of the PIX 525
Chapter 6 PIX 525
61908
F
A
I
L
O
V
E
10/100 ETHERNET 0
R
PIX-52
LIN
5
K
USB
CONSOLE
100Mbps AC
T
LINK
100Mbps ACT
10/100 ETHERNET 1
Step 3
Remove the screw and cover plate from the circuit board slot.
Step 4 Use Figure 6-15 as a guide to install a circuit board into a PCI slot on the component tray.
Step 5 Attach the screw to hold the circuit board connecting flange to the rear cover plate on the component tray.
Figure 6-15 Inserting an Expansion Board into a PCI Slot on the PIX 525 Component Tray
Step 6
Figure 6-16 shows circuit boards in PCI slots on the component tray.
Figure 6-16 Expansion Boards in PCI Slots on the PIX 525 Component Tray
61911
Step 7
Reinstall the component tray into the PIX 525 chassis.
Cisco PIX Security Appliance Hardware Installation Guide
6-16
61909
78-15170-02
Page 17
Chapter 6 PIX 525
Fast Ethernet Circuit Board
The 4-port 64 bit/66 MHz FE card (PIX-4FE-66) is supported in software Versions 6.3, 6.2(2), 6.1(4),
and 5.2(9), and later versions. These are the minimum software versions that support the card.
Note The PIX-4FE card continues to be supported but is no longer manufactured. The PIX-4FE and
PIX-4FE-66 cards are considered equivalent and interchangeable. You can install a PIX-4FE in the
primary unit and a PIX-4FE-66 in the secondary unit, as long as you install them in the same slot number
of each chassis. For example, if you install a PIX-4FE in Slot 1 of the primary unit, you must also install
a PIX-4FE-66 in Slot 1 of the secondary unit.
The new card has the following characteristics:
• Includes an Intel 21154BE bridge and four Intel 82559 Ethernet MAC/PHY devices.
• Supports 10/100 mbps full/half-duplex operation on each port.
• Retains bus performance when installed with other 66-MHz devices.
• Does not support auto MDI/MDIX operation.
Installing a Circuit Board in the PIX 525
Figure 6-17 4-Port Circuit Board Overlap
Overlap
27884
Note Port numbering is 2, 3, 4, 5 starting at the top, and continuing to the bottom, in consecutive order.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-17
Page 18
Installing a Circuit Board in the PIX 525
Note If you are installing a 4-port circuit board, note that the circuit board overlaps the slot connector
on the motherboard. This does not affect the use or operation of the circuit board. See
Figure 6-17.
VPN Accelerator Circuit Board
The VPN Accelerator (PIX-VPN-ACCEL) is an encryption and accelerator circuit board. The VPN
Accelerator uses a PCI interface and therefore can only be installed in PIX security appliance platforms
with PCI slots. The VPN Accelerator begins to function immediately after installation without the need
of special installation configurations.
Note The new VPN Accelerator cannot be used with the former PIX security appliance IPSec accelerator in
the same chassis. The PIX security appliance IPSec accelerator was also known as the Private Link card.
Chapter 6 PIX 525
An illustration of the VPN Accelerator is shown in Figure 6-18.
Figure 6-18 PIX Security Appliance VPN Accelerator Circuit Board
Gigabit Ethernet Circuit Board
61921
PIX security appliance supports 1000 Mbps (Gigabit) Ethernet. The Gigabit Ethernet circuit board has
only one hardware speed and supports the following duplex options:
• 1000SXfull—Forces full-duplex operation
• 1000BaseSX—Forces half-duplex operation
• 1000auto—Auto negotiates full or half duplex
Cisco PIX Security Appliance Hardware Installation Guide
6-18
78-15170-02
Page 19
Chapter 6 PIX 525
Note We highly recommend that you use a GE failover link when connecting the PIX 525 with GE interfaces.
Installing a DC Power Supply
The Gigabit Ethernet circuit board and the fiber optic cable connection are shown in Figure 6-19.
Figure 6-19 Gigabit Ethernet Circuit Board
33010
The Gigabit Ethernet circuit board has three LEDs:
• TX—Transmitting data
• RX—Receiving data
• LINK—The Gigabit Ethernet circuit board has established a network connection
Installing a DC Power Supply
Warning
Before performing any of the following procedures, ensure that power is removed from the DC circuit.
To ensure that all power is OFF, locate the circuit breaker on the panel board that services the DC
circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit
breaker in the OFF position.
TX
RX
LINK
To install the DC power supply, perform the following steps:
Step 1 Place the power supply as shown in Figure 6-20, and then slide it toward the rear panel. You will be able
to feel the chassis hook engage with the slot on the bottom of the power supply.
Step 2 Reinstall the three screws that secure the power supply on the back panel of the chassis.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-19
Page 20
Installing a DC Power Supply
Figure 6-20 Inserting the Power Supply in the Chassis
Chapter 6 PIX 525
Chassis hook
Power
Power
supply
supply
slot
55329
Chassis bottom
Step 3
Connect the six-pin connector to the motherboard.
Step 4 Route the fan cables on top of fans exactly as shown in Figure 6-21. Note that the two longest cables are
connected to the two installed fans on the right. The connectors to these two fans will fit into the space
between the second and third fans.
Step 5 Reconnect the power connector.
Cisco PIX Security Appliance Hardware Installation Guide
6-20
78-15170-02
Page 21
Chapter 6 PIX 525
Installing a DC Power Supply
Figure 6-21 Routing the Fan Cables
31109
Sheet metal tabs
Base tabs
Front panel
Step 6 Insert the second fan as shown in Figure 6-21, making sure that the fan cable feeds to your left. Position
the cables to the two installed fans so that they will fit over the first and second fans. Press the fan into
place between the four sheet metal tabs.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-21
Page 22
Installing a DC Power Supply
Step 7 Reconnect the two-pin fan cables to the remaining fan, as shown in Figure 6-22.
Figure 6-22 Reconnecting the Fan Cables
Chapter 6 PIX 525
Fan
Fan connector
Front panel
31910
Cisco PIX Security Appliance Hardware Installation Guide
6-22
78-15170-02
Page 23
Chapter 6 PIX 525
Step 8 Reinstall the remaining fan. Make sure you orient the fan so that the cables feed to the right (toward the
Step 9 Starting with the fan farthest away from the power supply, bend the cable clamps over wires and into
Installing a DC Power Supply
second fan). Route the cable over the fan before you reconnect it. When correctly assembled, the cables
appear as shown in Figure 6-23.
the gap between chassis and fan housing.
31109
Sheet metal tabs
Base tabs
Front panel
Figure 6-23 Correct Fan Cable Routing
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-23
Page 24
Installing a DC Power Supply
Step 10 Replace the air separator as shown in Figure 6-24, holding all cables to the right of the separator as you
slip it into the chassis.
Figure 6-24 Replacing the Air Separator
Chapter 6 PIX 525
Air separator
Step 11 Replace the chassis cover as described in the “Replacing the Chassis Cover” section on page 6-11.
Rerouting the Fan Wiring
If the fan wiring in your router is not routed on top of the fans, you need to reroute the fan wiring. This
will make future power supply replacement easier.
To reroute the fan wiring, perform the following steps:
Step 1 Pull the fan closest to the power supply away from the sheet metal tabs. (See Figure 6-25.)
Note To help with reconnecting the cables, write down which colored cable connects to which fan.
See Ta ble 6-4 for a list of the wire colors. There are three different lengths of two-wire ± 12 VDC
power cables. The two shortest cables go to the two fans that you will remove in Step 9. The two
longer cables go to the two remaining fans you will remove in Step 10 and Step 11. The
remaining cable goes to the power connector on the backplane. These cables are color-coded.
Front panel
52021
Cisco PIX Security Appliance Hardware Installation Guide
6-24
78-15170-02
Page 25
Chapter 6 PIX 525
Installing a DC Power Supply
Figure 6-25 Pulling the Fan Away from the Tabs
Fan
55326
Chassis bottom
Fan tabs
Step 2
Lift the fan out of the chassis as shown in Figure 6-26.
Figure 6-26 Removing the Fan
Fan
55327
Chassis bottom
Step 3 Depress the tab as shown in Figure 6-27.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-25
Page 26
Installing a DC Power Supply
Caution Do not attempt to remove the fan cables without first depressing the tab as shown in Figure 6-27. You
can damage the fan cables by applying stress if the connector is not removed properly.
Step 4 Disconnect the fan cable as shown in Figure 6-27, and set the fan aside.
Figure 6-27 Disconnecting the Fan Cable
Chapter 6 PIX 525
Depress tab
and pull outward
Fan
Fan connector
Power supply
Location of the three
31106
remaining fan connectors
Step 5
Remove the next fan and disconnect its cable.
Step 6 Remove the cables for the two remaining fans. Remove the last two fans.
Step 7 Replace the fans, starting with the fan farthest away from the power supply. If the bezel is removed, make
sure the fan farthest away from the power supply does not cover the bezel holes.
Note Make sure that the label on the fan faces the chassis wall to ensure proper airflow direction.
Step 8 Install cable clamps onto the fans by aligning cable clamp holes over fan mounting holes and pressing
rivets through both. (See Figure 6-28.)
Cisco PIX Security Appliance Hardware Installation Guide
6-26
78-15170-02
Page 27
Chapter 6 PIX 525
Installing a DC Power Supply
Figure 6-28 Inserting Cable Clamp to the Fan
Wiring clamp
Front panel
31335
Step 9
Reconnect the two-pin fan cables to the remaining fan, as shown in Figure 6-28. Fan wiring colors are
listed in Tabl e 6-4 .
Step 10 Route the fan wire on the top surface of the fans. Place the fan wires straight, and do not twist the wires
together. Locate the connectors in the gap between fans. (See Figure 6-23.)
Step 11 Starting with the fan farthest away from the power supply, bend the cable clamps over the wires and into
the gap between the chassis and fan housing.
Table 6-4 Fan Wiring Colors
Fan Number Wire Colors
1 (closest to power supply) Purple and black
2 Green and black
3 Blue and black
4 (farthest away from power
Brown and black
supply)
Step 12 Terminate the DC input wiring on a DC source capable of supplying at least 15 amps. A 15-amp circuit
breaker is required at the 48 VDC facility power source. An easily accessible disconnect device should
be incorporated into the facility wiring.
Step 13 Be sure the PIX 525 power is off by checking the power switch at the rear of the unit.
Step 14 As shown in Figure 6-29, the PIX 525 is equipped with two grounding studs at the back of the unit,
which you can use to connect a two-hole grounding lug to the PIX 525. Use the 10-32 nuts provided with
the PIX 525 to connect a copper standard barrel grounding lug to the studs. The PIX 525 requires a lug
where the distance between the center of each hole is 0.56 inches. A lug is not supplied with the PIX 525.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-27
Page 28
Installing a DC Power Supply
Figure 6-29 Attaching a Grounding Lug to the PIX Security Appliance
PIX security appliance
Rear of
Chapter 6 PIX 525
–
+
11827
Grounding studs
on PIX DC model
Step 15
To ra c k
ground
10-32 nuts
2-hole copper
standard barrel
grounding lug
Ensure that power is removed from the DC circuit. To ensure that all power is OFF, locate the circuit
breaker on the panel board that services the DC circuit, switch the circuit breaker to the OFF position,
and tape the switch handle of the circuit breaker in the OFF position.
Step 16 Strip the ends of the wires for insertion into the power connect lugs on the PIX 525.
Step 17 Refer to Figure 6-30 and insert the ground wire into the connector for the earth ground and tighten the
screw on the connector. Using the same method as for the ground wire, connect the negative wire and
then the positive wire.
Figure 6-30 Attaching DC Power Cables
–
+
Cisco PIX Security Appliance Hardware Installation Guide
6-28
11779
78-15170-02
Page 29
Chapter 6 PIX 525
Step 18 Reconnect power to the PIX 525. After wiring the DC power supply, remove the tape from the circuit
Step 19 Insert the PIX 525 system diskette in the drive at the front of the unit.
Step 20 Power on the unit from the switch at the rear of the unit.
Installing a DC Power Supply
breaker switch handle and reinstate power by moving the handle of the circuit breaker to the ON position.
If you need to power cycle the DC PIX security appliance, wait at least 5 seconds between powering off
the unit and powering it back on.
78-15170-02
Cisco PIX Security Appliance Hardware Installation Guide
6-29
Page 30
Installing a DC Power Supply
Chapter 6 PIX 525
Cisco PIX Security Appliance Hardware Installation Guide
6-30
78-15170-02
Loading...