RE: which PIX to buy

From: Messina, John V (john@crimsoncti.com)
Date: Tue Apr 20 2004 - 09:15:39 GMT-3

• Next message: Church, Chuck: "RE: Nice Feature: Mac Traceroute"
• Previous message: roger.wang\(shanghai\): "test"
• Maybe in reply to: ccie done: "which PIX to buy"
• Next in thread: Brad Spencer: "RE: which PIX to buy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As you can see below the commands are there however even in the 6.3.3
config guide it clearly states that it is not supported. Unfortunately
where my 501 is I cannot test it right now but since the guide states
definitively that it is not supported, I would be surprised if it
worked.

pix# config t
pix(config)# router ?
Usage: [no|show] router ospf <pid>
pix(config)# router ospf 1 ?
Usage: [no|show] router ospf <pid>
pix(config)# router ospf 1
pix(config-router)# ?

At the end of show <command>, use the pipe character '|' fo
begin|include|exclude|grep [-v] <regular_exp>, to filter sh

area Configures OSPF areas.
compatible Run OSPF in RFC 1583 compatible mode.
default-information Distribute a default route
distance Configure administrative distances for OSPF
ignore Supress syslog for receipt of type 6(MOSPF)
log-adj-changes Log OSPF adjacency changes
network Add/remove interfaces to/from OSPF routing
redistribute Configure redistribution between OSPF proce
router-id Configure router id for an OSPF process.
summary-address Configure summary address for OSPF redistri
timers Configure timers for an OSPF process.
pix(config-router)# exi
pix(config)# sh ver

Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee

pix up 7 days 18 hours

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

-----Original Message-----
From: Double CCIE [mailto:doubleccie@lycos.com]
Sent: Tuesday, April 20, 2004 12:20 AM
To: security@groupstudy.com; ccielab@groupstudy.com
Subject: Re: which PIX to buy

im confused
practically does a new 501 (6.3) supports OSPF or it Does not ..?

thanks

--------- Original Message ---------

DATE: Mon, 19 Apr 2004 13:20:22
From: "Jason Viera" <jasonviera@avenuecable.com>
To: <security@groupstudy.com>
Cc:

> Yea I actually got it to work right now as far as OSPF goes (on my
501),
>but
>it killed my connection to the internet. I falsely assumed that because
it's
> in the CLI it's supported, should have checked the command reference
first.
> I still find it interesting that I was able to create a neighbor
> relationship to one of my routers sitting off of the inside interface.
> Jason
>
>> ----- Original Message -----
>> From: "CXP Peter" <peter@cyscoexpert.com>
>> To: "Jonathan Hays" <nomad@gfoyle.org>; <security@groupstudy.com>
>> Sent: Monday, April 19, 2004 11:48 AM
>> Subject: Re: which PIX to buy
>>
>>
>> > I stand corrected. Looks like 506 does support OSPF, not sure why I
>> thought
>> > it doesn't.
>> > So if you want to practice OSPF, get 506.
>> > PIX 501 has the command in the CLI but it doesn't do anything. I
>actually
>> > tried that on PIX 501 at some point and it made the firewall stop
>> forwarding
>> > traffic.
>> >
>> > Peter
>> >
>> > ----- Original Message -----
>> > From: "Jonathan Hays" <nomad@gfoyle.org>
>> > To: <security@groupstudy.com>
>> > Sent: Monday, April 19, 2004 12:53 PM
>> > Subject: RE: which PIX to buy
>> >
>> >
>> > > you wrote:
>> > > >-----Original Message-----
>> > > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>> > > >Behalf Of CXP Peter
>> > > >Sent: Monday, April 19, 2004 12:16 PM
>> > > >To: patrick.basso@groupstudy.com
>> > > >Cc: security@groupstudy.com
>> > > >Subject: Re: which PIX to buy
>> > > >
>> > > >
>> > > >There is really no difference between 501 and 506 if you want
>> > > >to practice,
>> > > >so buying 501 will save you some money; but to get to more
advanced
>> > > >features you need 515.
>> > > >
>> > > >_____________________________
>> > > >Peter
>> > > >#7247 (R&S, Security, SP)
>> > > >CyscoExpert Corp.
>> > > >4433 W. Touhy Ave. Suite 410
>> > > >Lincolnwood, IL 60712
>> > > >Phone (847) 674-3392
>> > > >Toll Free (866) CyscoXP (297-2697)
>> > > >Fax (847) 674-2625
>> > > >
>> > > = = =
>> > >
>> > > Peter,
>> > >
>> > > I'm sure the PIX 501 would be an excellent learning tool, and
probably
>> > > all you would need to prepare for the CCIE Security lab exam. And
you
>> > > would probably know more about that than I would, since I've
never sat
>> > > the Security exam.
>> > >
>> > > However, if you do a search on "501" in the document "Cisco PIX
>Firewall
>> > > and VPN Configuration Guide, Version 6.3" you will find many
>differences
>> > > in the two platforms, almost all of them restrictions on the PIX
501.
>> > > The 501 has LOT of restrictions. Although most of them are
admittedly
>> > > minor, one particular major difference is that the PIX 501 is the
>_only_
>> > > PIX platform that does not support OSPF at all. Also, you cannot
>> > > configure manual SAs on the PIX 501, like you can on all other
>> > > platforms. And there are a few others.
>> > >
>> > > While the differences may be minor, saying that "there is really
_no_
>> > > difference between" the two models is too strong of a statement,
IMHO.
>> > >
>> > > FYI,
>> > >
>> > > Jonathan
>

• Next message: Church, Chuck: "RE: Nice Feature: Mac Traceroute"
• Previous message: roger.wang\(shanghai\): "test"
• Maybe in reply to: ccie done: "which PIX to buy"
• Next in thread: Brad Spencer: "RE: which PIX to buy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:50 GMT-3