2-2
Installation Guide for the Cisco Secure PIX Firewall Version 5.2
78-11180-01
Chapter 2 Installing a PIX Firewall
Before You Begin the Installation
Before You Begin the Installation
Note The information you gather here is required during configuration and is a reminder to find
it while installing your PIX Firewall—before beginning the configuration. You can use
this information with Chapter 9, “Installing the PIX Firewall Setup Wizard” or with the
Cisco PIX Firewall Configuration Guide, Version 5.2.
Before you begin the installation, gather information about each network interface that will be
connected to the PIX Firewall. If you have a PIX 506, all you need are IP addresses for the two
interfaces. All other information in Table 2-1 will be provided automatically in the configuration that
comes with the PIX 506. For models other than the PIX 506, locate the following information before
proceeding.
To prepare to configure the PIX Firewall, locate the following information:
• Interface speed—The speed of each network interface. You only need to specify a value for
Ethernet interface boards that do not autosense the interface’s speed, connection type, and full/half
duplex support; or for Token Ring interface boards. Use the interface command to enter the speed
for each interface in the configuration.
• IP address and netmask—The IP address and network mask for each network interface. The
IP address for each interface must be different from any others you use in your network. Use the ip
address command to enter the IP address and network mask for each interface in the configuration.
• Interface name—HW—The hardware name for the interface, such as ethernet0, ethernet1, token0,
token1, fddi0, fddi1, and so on. Use the nameif command to enter the hardware name for the
interface in the configuration.
• Interface name—SW—The software name for the interface, such as inside or outside. The inside
interface must be named “inside.” All other interfaces can have any name. Note that you will need
to enter this name frequently in the configuration. Use the nameif command to associate the
hardware and software names in the configuration.
• Security level—Used to determine the level of trust for each network interface. The outside
network must have a security level of 0 and the inside network must be 100. The perimeter
interfaces can be any value from 1 to 99. Use the nameif command to enter the security level in the
configuration.
Table 2-1 Configuration Information
Outside
Network
Inside
Network Perimeter 1 Perimeter 2 Perimeter 3 Perimeter 4
Interface Speed
IP Address and
Netmask
Interface Name—HW
Interface Name—SW
Security Level
MTU Size