Early 2000s Networking with Cisco PIX 

haha

True story 😂

very true, for my church my dad put in this 20 year old DLink gigabit switch to replace a newer switch that was causing network issues and the network has never been faster!

we had some of these as well in 2016, the high speed serial port was... not fast (compared to the old aui 10mbit, although I don't recall if we could push it further than 115200)

Because really, 10mbit still can do a lot. You can argue it doesn't, it still does!

gotta stay honest 😂

Thanks!

Of course, no one bothers with those "fronts". I've never seen one mounted in a rack facing "forward". You'll want something to cover the fan, but a square of window screen will do. After 20 years, I'm surprised my 515E still has it's bezel. (the 2 506's don't. no clue where they are.)

ha that's awesome!

thanks for watching!

It's a bit odd to hear someone be nostalgic about equipment that my last employer still had in production (and I think still does) two years ago. And it's not because there's no better solution or because it's stable - it reboots frequently and needs remote hands to go hard power cycle it - it's because the CEO would rather spend tens of thousands on chartered flights, than ten thousand on getting a decent networking consultant to re-implenment it in something modern and reliable. You get nostaligia, I get something like PTSD 🙂

this is the kind of info I need. thank you!

ha!

I was thinking the same thing xD

Nobody ever accused Ubiquiti of making _enterprise_ kit. :-)

​@@jfbeamLook at their ads, they are making spat at Cisco!

Too bad ubiquiti's feature (currently) isn't stateful, just a warm spare. Maybe one day..

haha good!

thanks for watching!

@@clabretro Your welcome! Thank you for the entertaining and educational content. I really enjoy coverage of new and retro hardware.

yeah I'm gonna do the erasedisk, I couldn't even get it to load 7.x after that last pw reset attempt

@@clabretro I assume you've found the activation code generator. (it's just md5) The erase process will wipe the code, so you should attempt to find it first. (logs from previous boots?) Otherwise, we're just guessing at the feature set. (no one has documented what the bits mean.)

yeah I've got that secondary wiped and back in action

I'm running out 😆

Shaved it for the first time in 10 years a little bit ago! I'm sure it'll be back.

And bad caps. And an era of bad Atom CPU's.

i had two 1812 routers, until the soldered ram went bad😅

Everyone knows the stuff from 1999 and earlier was the best looking.

thanks for watching!

Turns out you were ahead of the curve since every now is software defined running Linux in the background.

ha that's awesome

good timing. thanks!

ha nice!

100% I cut my teeth on PIX, then ASA. I never felt like I completely understood whether particular kinds of traffic would work or not. There were so many additional configuration settings that would allow things you didn't intend to, or block things you wanted, and sometimes things seemed to work / not work even when the policy checker said they shouldn't / should. On a PAN firewall, when I write a config and it does something I don't expect, I'm immediately thinking -- what did I miss, am I logged into the right box, which one of the HA pair is active right now? Because it generally does exactly what it's told, and when the results are anything else, I can usually find the reason why. Maybe the difference is an additional decade of experience. I dunno. It's been a long time since I built a network around an ASA. But I remember it having a mind of its own. And I still, to this day, have to deal with VPNs that use that awful proxy list method of identifying traffic, vs. a normal routed interface at each end. MAN do I hate those. I think I'm going to hate-watch this episode, because I have no nostalgia whatsoever for these cursed boxes.

that's awesome haha

haha yeah. I did hunt down a flash erase bin I'll try next

@@clabretroLike many network minions of the era, I have an extensive archive of PIX things. (well, as extensive as it was... 27 files, 102M Maybe more if I go hunting, but that's my primary archive.) Plus a pix license generator. (hint: it's just MD5)

thanks!

Yea, you have to get the right cables with the correct USB controller or Windows just will not have it. Haha

thanks!

thank you!

thanks for watching!

thank you! more on the way.

haha thanks!

oh interesting. would this small unit have been racked up in large quantities though? or maybe they just used the same plug.

@@clabretroThis being more of the 'small business' type, these would typically be combined with a small router with the same plug, and maybe a switch. A lot of these will ultimately have run off wall-warts, but you can find this typical DC plug on a lot of this type of gear, even non-cisco.

Some of the 'newer' Cisco hardware actually has built in A/C power supplies as well as direct backup/alternate D/C connections on it. It's common to provide a UPS that provides D/C to a whole rack of devices, but it can also be used in situations where its easier to only provide D/C.

@@clabretro Depends on the shop. Where I working in the early 2000's, 506's were paired on shelves. The power brick tied to the back of the shelf. The 1700 line of routers used the same power brick. As I recall, it provides 3 voltages. The 515 uses an internal PSU... because it has room for one. (the 506 is the same board as the 515. they omit the PCI riser slot, one flash chip -- thus 8M, and in some DIMM slots. the 506 was made to be as cheap as possible.)

thanks!

ha very cool

thanks!

oh yeah those 535s look awesome

Haha thanks. It's interesting, the PIX reports it as a Pentium II 300Mhz and I didn't think much of it, but some other folks pointed out PII wasn't ever socketed like that. So maybe some weird chip or a celeron!

Nowadays NAT is just built into Cisco routers even home routers. Also using commodity x86 hardware for the PIX!

I swear. Cisco always uses IOS, so normal commands like en, conf t, sh ver, sh ip int br..... Hahaha

PIX part 2 haha. Have a great new year dude.

ha thats wild. I bet there's a lot still out there.

yeah too slow for any real work for sure. just like messing around with them

nice! I've been picking up a bit of token ring stuff here and there, hoping to build up a network eventually.

Thank you! It's clab-retro. "clab" is a nickname I've had for a very long time haha.

nice!

Technically, they're standard Intel PC's, and the ASA OS is linux. 'tho tricking one into running "homebrew" can be difficult. (I've made some modified images... to prove Cisco was throttling by model number.)

@@jfbeam interesting.....

@@JMassengillWell, they're obviously throttling the 5510... they don't allow the gig interfaces to run at gig. (secplus only enables one)

I was thinking about that too.. I was just following some failover documentation I found, it did seem odd. I just got that secondary pix I was having trouble with wiped and running the same version as the primary again so I'll give it another shot eventually.

@@clabretro @ramble-uk My recollect is that they flip-flop IP's, so gateway IP's don't change. Can't remember if they do a gratuitous arp to update client arp tables or not. Back in the day, I deployed and ran a few dozen 520's, 515's, 525's & 535's on our network. It's been a while though.

if it works, it works!

Monolithic kernels and software routing will do that. Which is why nobody does it that way anymore. These things are a honeypot nowadays.

@@nickwallette6201 uh, I dunno how to tell you but that's how entirety of cloud runs. Software routing and monolithic (Linux) kernels.

@@xani666 Yeaaahh, you kinda have a point there. But at least the entire software stack isn't running as one single process.

@@nickwallette6201 I think main problem is that Linux just had million eyes on its code, improving and fixing bugs, while PIX was created in-house (by good engineers, but still). There is reason even Cisco went to Linux in their new products, writing the "money part" by yourself and getting the entire well built OS for free have way more sense than making your own OS.

I thought about it! might do another video about all the gui and remote management tools

Awesome! Just a word of warning, back the day ASDM was really picky about Java versions.@@clabretro

I'd never done it before but even I could tell the nat syntax felt weird haha

@@clabretro As a note, if you want to go really oldschool pix, see if you can find a "pix classic". I think it's the most readily available that'll run the really old code. But I'm not sure they're that common anymore - that's where I got my first flash card from, a forgotten one in the bottom of a rack at work that no one ever noticed I'd pillaged it I'd also recommend if you want to go period correct to that era, a nokia ip series appliance running checkpoint was a lot more common in the places I dealt with. Should be easy to get the hardware, but after a quick glance it looks like the software is dropping off the face of the planet. Used to have isos for most releases from checkpoint ng onwards, but the drives I stored it on went missing years ago 😢

I've seen those checkpoint machines floating around on ebay, might have to get my hands on one.

That'd be a good follow up, put a little pressure on them to see how they perform.

oops. I'm a UPS plant 🙈

Lol I'm sure someone's going to hack FedEx with private IP addresses and host names used from this antiquated firewall.

sometimes management systems have jumpers on the main board to get around the password. I'd take a look in the manual to see if the g7 has something like that!

@@clabretro Hey Clab , just a quick Update on my server. The ilo password wasn’t actually changed from the standard password and the configuration utility allowed me to add a second admin. And yes ilo is fully licensed. Thanks for your help 👍🏻👍🏻👍🏻

that's great!@@leoben53

nice! i'll be messing with more phone stuff eventually!

yeah there are some dupes, I think that might've been my last one. it might not grow for awhile haha

there is! I haven't tried it out yet, probably cover that in a future video

@@clabretro yeah it required Java if I recall. I think it was called PDM (pix device manager). The ASA appliances had an even better gui.

yeah I thought it'd be interesting to eventually cover a bunch of the different management GUIs

I have a couple already: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-eTq793n2-sA.html and ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-JXIEt7MH4Qs.html. There will be more eventually!

ha quad p3! very awesome.

I'll cheers to that

one day.

I bet it's possible to get something custom flashed on there, I couldn't really find anything to try out either though

yeah! they did an excellent video of the history of these PIX units

Well, PIX is from the 90s but these units are from 2002.

🙈