Table of Contents
Bootstrapping Managed Devices
Bootstrapping a PIX Firewall To Operate with AUS
Verifying Configuration
Bootstrapping Managed Devices
Before you can manage a PIX Firewall using AUS, you must set up the firewall with a minimum configuration that provides basic connectivity. See Using Management Center for PIX Firewalls 1.0 for details about setting up basic connectivity.
In addition to basic connectivity, you need to configure some settings specific to AUS. The following procedures describe how to configure and verify these settings using the firewall command line interface:
Bootstrapping a PIX Firewall To Operate with AUS
To bootstrap a PIX Firewall to operate with AUS, follow these steps from the console terminal connected to the PIX Firewall console port:
| Step No. |
Enter Command |
Purpose |
Step 1
|
enable password
|
Enters privileged mode from which you can configure the PIX Firewall.
|
Step 2
|
config terminal
|
Enters configuration mode from the terminal
|
Step 3
|
http server enable
|
Enables the PIX Firewall to be monitored or have its configuration modified from a browser.
|
Step 4
|
http ip_address [netmask] [if_name]
|
Specifies the host or network authorized to initiate an HTTP connection to the PIX Firewall.
- ip_address - IP address of the host or network authorized to initiate an HTTP connection to the PIX Firewall.
- netmask - Network mask for the http ip_address.
- if_name - PIX Firewall interface name on which the host or network initiating the HTTP connection resides.
 |
Note This setting must be configured for the the Auto Update Immediate feature to work. |
|
Step 5
|
auto-update server https://username:
password@AUSserver_
IP_address:port/
autoupdate/AutoUpdateServlet
|
Connects the device to AUS.
- username—Login name used to enter the CiscoWorks2000 Server.
- password—Password used to enter the CiscoWorks2000 Server.
- AUSserver_IP_address—IP address of the AUS server.
- port—Port number of the AUS server. Number is typically 443.
|
Step 6
|
auto-update poll-period poll_period [retry_count]
[retry_period]
|
Changes the polling period for AUS.
- poll_period—Period in minutes between poll updates. Default is 720.
- retry_count—Number of times to retry if unable to connect to server. Default is 0. (Optional)
- retry_period—Time, in minutes, between retries. Default is 5. (Optional)
|
Step 7
|
auto-update device-id hardware-serial_ip|
hostname|ip_address [if_name|mac-address
[if_name]|string text]
|
Configures the device to use the specified device ID to identify itself.
- if_name—The interface name.
- text—Text that identifies the device.
Because a PIX Firewall might have more than one interface, the assigned device ID could be the IP address or MAC address of one of the interfaces.
In the following example, "outside" is the name of the outside interface of and the device ID is the IP address of that outside interface.
auto-update device-id ipaddress outside
|
Step 8
|
write memory
|
Stores the current configuration in Flash memory.
|
Step 9
|
exit
|
Exits configuration mode.
|
Verifying Configuration
To verify that the device is configured properly, view the configuration file on the device.
Step 1 From the AUS server, start a browser.
Step 2 Enter https://ip_address/exec/show%20config where ip_address is the IP address of the PIX Firewall. The PIX Firewall prompts for credentials.
Step 3 At the username prompt, press Enter.
Step 4 At the password prompt, enter the enable password for the PIX Firewall.
Step 5 Verify that the settings match those in the "Bootstrapping a PIX Firewall To Operate with AUS" section.
