PIXCRIPT - version 1.33 ==================== This is a free utility to help configuring a CISCO Secure PIX Firewall. It is designed for simple installations with 2-3 interfaces, however some optional advanced features are included. I have written this program to assist me and other IT personals that support PIX, and also to practice and improve my knowledge. PIXCRIPT has 2 recommended usage types: 1) When configuring a new PIX firewall, PIXCRIPT can be used to create the basic configuration. In that case you can later apply the configuration manualy, using Copy&Paste or file transfer. 2) When you wish to add a feature to an existing PIX firewall, PIXCRIPT can be used as a reminder for the needed commands. For example - you want to add VPN3000 to PIX IPSec VPN , PIXCRIPT can be used to create a sample config for that. The actual configuration method should be manual in that case, to avoid problems. In any case, PIXCRIPT output scripts will probably need some manual editing and additions. PIXCRIPT cannot read and parse configuration from an already configured PIX. Notes: ---------- * This version does no error checking. If you fail to plan and give the correct info, please don't blame me. * I have spent many hours writing this program, but I didn't yet test it in the field long enough. Many features like IPSec are yet to be tested and debugged. This is where you can help , and the recommended use of PIXCRIPT: * PIX has many versions. PIXCRIPT does not fully support each version, so you should verify that commands used in the configuration are supported by your version. Most of the commands in PIXCRIPT will be supported in PIX version 5.2 and above, however this is not guarantied. * To check for updated versions, and to send your comments and questions, send me email and visit my site (see below and Links page). Known Issues: ----------------------- * PIXCRIPT uses many "system resources" in Windows 9x (about 30%') and therefor might cause problems if used with other applications open. It is recommended to close other programs while running PIXCRIPT. (Use "Resource Meter" in Win9x to monitor system resources.) Windows NT/2000/XP do not have this problem. Version History: ------------------------- Ver 1.33, Mar 2003 - Added partial support for up to 6 interfaces (the "inbound" configuration is still limitted to the outside interface only). Ver 1.32, Dec 2001 - Minor addition: + interface speed GUI selection in the basic page. Minor fixes: - configuration generated output will be saved as plain text and not as RTF. - stripped some empty lines from generated output script. - removed duplicated "nat 0" and "crypto map" commands in IPSec generated configuration. - some minor bugs in the "outbound" tab for automatic selection of NAT hosts. Ver 1.30, Nov 2001 - Added Management page. Rearanged the AAA page. Few other minor fixes and changes. Ver 1.22 , Nov 2001 - Fix some errors with VPDN commands. Ver 1.21 , Oct 2001 - Fix "crypto map mymap 100 interface outside" => "crypto map mymap interface outside". Ver 1.2 , Oct 2001 - First major public release. Contact: ------------- Yizhar Hurwitz Kibbutz Gaaton, Israel yizhar@mail.com http://come.to/yizhar http://teachers.sivan.co.il/yizhar