topic PIX PDM in Network Security

PIX PDM

andymorph — Mon, 11 Mar 2019 23:35:53 GMT

im sort of at my wits end, ive spent most of the after noon trying to work this out - I got hold of an old pix 501, running following:

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 001d.4521.a06f, irq 9

1: ethernet1: address is 001d.4521.a070, irq 10

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces: 2

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: 10

Throughput: Unlimited

IKE peers: 10

This PIX has a Restricted (R) license.

Serial Number: 907381129 (0x36158989)

Running Activation Key: 0x6e9eef0d 0x39fc65c5 0x12491b66 0x1be8afaf

Configuration has not been modified since last system restart.

192.168.1.1#

Everytime i try and start the PDM, i get the error that there is a hostname mismatch with certificates.

Now i've tried the following:

1) 5 differant versions of java, from 1.5 and under.

2) Tried delating the key on the router and re-createing it.

Ive been all over the internet checking out lots of other people who had this problem and it seems to relate to java or the cetificates, but i still cant get this working...has anyone got any suggestions ?

Im not a company so dont have a CCO login to maybe uprage the IOS and PDM...I'm more than happy to try and configure things via command line...i just cant stand it when i cant work out why its not working.....

Re: PIX PDM

Ramraj Sivagnanam Sivajanam — Mon, 30 Jul 2012 03:56:10 GMT

Hi Bro

As long as your config looks like this, this is not a FW problem. Perhaps, it could be your PC. Have you tried with another PC, to see if this works fine? I suspect this has something to do with your browser's cookies etc.

asdm image flash:/asdm
asdm history enable

http server enable
http 10.0.0.0 255.0.0.0 inside

domain-name cisco.com

hostname FW01

Try this as well;

ca zeroize rsa

ca generate rsa key 768 <-- 1024 and above seems to have compatiblity issue with some browsers.

ca save all

Re: PIX PDM

Karsten Iwen — Mon, 30 Jul 2012 06:28:26 GMT

The error-message in question comes when you connect to your pix with a different hostname then what is in the certificate. If you only have the IP-address in the certificate, then you have to use https://1.2.3.4. If you have used a hostname or FQDN, then you have to use that: https://pixfirewall or https://pixfirewall.yourdomain.local. Just change the IP or the names to what you have on your PIX. If you have a name in your certificate you also need to make sure that the name resolves to the correct IP-address.

If you don't know what's in the certificate, I think the command on this plattform was also "show crypto ca certificate". There you need to look at the field "subject".

Sent from Cisco Technical Support iPad App