Configure Virtual Firewall on Pix

# Configure Virtual Firewall on Pix ###### tags: `cisco` `pix` Pix image: pix802.bin ### Scenario ``` a. The pix will be configured to support two virtual firewalls (contexts) as admin and ctx2. b. Admin will allocate ethernet0 and ethernet1 and configuration will use admin.cfg in flash c. ctx2 will allocate ethernet2 and ethernet3 and configuration will use ctx2.cfg in flash ``` ### Configuration Example ``` --------------------------------------------------- [1]. Change mode to multiple --------------------------------------------------- pixfirewall# conf t pixfirewall(config)# mode multiple WARNING: This command will change the behavior of the device WARNING: This command will initiate a Reboot Proceed with change mode? [confirm] Convert the system configuration? [confirm] ! The old running configuration file will be written to flash The admin context configuration will be written to flash The new running configuration file was written to flash Security context mode: multiple *** *** ¡X SHUTDOWN NOW ¡X *** *** Message to all terminals: *** *** change mode Rebooting¡K. . . . pixfirewall# show mode Security context mode: multiple pixfirewall# --------------------------------------------------- [2]. Create new contexts --------------------------------------------------- pixfirewall(config)# admin-context admin pixfirewall(config)# context admin pixfirewall(config-ctx)# allocate-interface e0 pixfirewall(config-ctx)# allocate-interface e1 pixfirewall(config-ctx)# config-url flash:/admin.cfg WARNING: Policy map global_policy is already configured as a service policy Cryptochecksum (changed): db73d439 c68976ce 511b0514 cc30ceda INFO: Context admin was created with URL flash:/admin.cfg INFO: Admin context will take some time to come up ¡K. please wait. pixfirewall(config-ctx)# exit pixfirewall(config)# context ctx2 Creating context ¡¥ctx2¡¦¡K Done. (2) pixfirewall(config-ctx)# allocate-interface e2 pixfirewall(config-ctx)# allocate-interface e3 pixfirewall(config-ctx)# config-url flash:/ctx2.cfg WARNING: Could not fetch the URL flash:/ctx2.cfg INFO: Creating context with default config pixfirewall(config-ctx)#exit pixfirewall(config)# --------------------------------------------------- [3]. Configure created virtual context --------------------------------------------------- pixfirewall(config)# changeto context admin pixfirewall/admin(config)# interface e0 pixfirewall/admin(config-if)# ip add 192.168.0.1 255.255.255.0 pixfirewall/admin(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default. pixfirewall/admin(config-if)# interface e1 pixfirewall/admin(config-if)# ip add 10.0.0.1 255.255.255.0 pixfirewall/admin(config-if)# nameif inside INFO: Security level for "inside" set to 100 by default. pixfirewall/admin(config-if)# changeto context ctx2 pixfirewall/ctx2(config)# int e2 pixfirewall/ctx2(config-if)# ip add 192.168.1.1 255.255.255.0 pixfirewall/ctx2(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default. pixfirewall/ctx2(config-if)# int e3 pixfirewall/ctx2(config-if)# ip add 10.0.1.1 255.255.255.0 pixfirewall/ctx2(config-if)# nameif inside INFO: Security level for "inside" set to 100 by default. pixfirewall/ctx2(config-if)# ```