01-12-2004 08:33 AM - edited 02-20-2020 11:11 PM
Hi
Just started up my pix and changed the outside address.Tried to access the pdm via the browser,but cannot.Any guidance would be much appreciated.
01-12-2004 09:01 AM
Hi,
You'll need to enable http server on the PIX.
In config mode on PIX do:
> http server enable
> http 192.168.1.0 255.255.255.0 inside
(Ofcourse change the above IP to yours)
Now open up IE browser and type:
> https://
When you see the username and password box pop-up in IE browser just type the pix password (no need for username)
Hope this helps and Please rate this post if it helps you out.
Thanks -
01-14-2004 09:15 AM
Hi
Thanks for the help.I can get as far as the Cisc pix PDM manager loading...It has an egg timer that just sits there.I waited for 5 minutes but it is still not coming up with anything further.
It says Loading pix device manager....please wait
Can anyone advise please?
01-15-2004 01:45 AM
can anyone advise on this please.
Cheers
01-15-2004 04:52 AM
Are you getting a pop-up window that ask if you want to install and run Cisco PIX device mananger? That is the next phase. If you are not seeing this it could be a permissions issue on your workstation or I have seen some pop-up blockers kill this as well.
Please remember to rate any post that helps you out.
01-16-2004 04:31 AM
Yeah I am getting this message coming up.
It keeps saying please wait and just sits there.
It comes up saying the certificate information and then it says do you want to proceed.
I then click yes and it comes up with username and password.I dont have one set so i press enter.
I then get a popup window that says LOADING PIX DEVICE MANAGER please wait......
It just there.I cant get any further. much appreciated.
Any help would be
01-16-2004 04:41 AM
The only thing that looks out of the ordinary is this startup certiticate message.Could this be the problem.
When i put in https://10.98.7.250 in the browser
it then comes up with the message below.
The information you exchange with this site cannot be viewed or changed by others.
However there is a problem with the sites security certificate.
! The security certificate was issued by a company you have not chosen to trust
! The security certificate has expiredor is not yet valid.
! The name on the security certificate is invalid or does not match the name of the site.
01-16-2004 07:49 AM
Can anyone advise?
Cheers
01-16-2004 12:57 PM
Do you have a DES or 3DES key installed on you PIX. This key is required for PDM. If do not have this key Cisco will provide you with a new DES key for free. You will find this information with "show version" command.
01-16-2004 02:20 PM
Ward,
You should check on CCO on the supported browsers and the requirements of your browser. Sounds to me like not having a correct encryption level, some old version browser or java runtime environment. Check these things first before checking anything else.
You are using no username and the enable secret as the password on the PDM authentication popup?
You do have configured an enable secret. Otherwise I think PDM won´t be able to authenticate.
If all this is not of any help, there´s one other thing you could try, and that is regenerating the rsa key. There should be a procedure described on CCO, otherwise search the frum within this group, cause a few months ago the procedure was posted here. But regenerating the rsa key is rarely needed, so, I advise you to first check on the other things mentioned.
Good luck and kind regards,
Leo
01-19-2004 05:59 AM
Hi there
Please see my config and show version below.
All I have changed on the pix is the inside ip address,clock and added in the username and password.
i am running java 1.4.1_02 which is correct for internet explorer 6.
After typing the username and password I dont get prompted for it when I try get into pdm via the browser.It just comes up witht he pretty cisco picture saying PDM manager is loading...Please wait...
This is so frustrating.Please see the config and show version below
NLONL02FIREWALL# sho run
: Saved
:
PIX Version 6.3(1)
interface ethernet0 auto shutdown
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password Be5nymj6ciY8kJol encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname NLONL02FIREWALL
domain-name lon.flitech.net
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
mtu outside 1500
mtu inside 1500
no ip address outside
ip address inside 10.98.7.250 255.255.248.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 10.98.7.2 255.255.255.255 inside
http 10.98.0.0 255.255.248.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
username thgilf password D467B2.MngTyAEZY encrypted privilege 2
terminal width 80
Cryptochecksum:384e1453437cfe00e9f28ab416c4c44b
: end
NLONL02FIREWALL# sho version
Cisco PIX Firewall Version 6.3(1)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 19-Mar-03 11:49 by morlee
NLONL02FIREWALL up 46 secs
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : Crypto5823 (revision 0x1)
0: ethernet0: address is 000e.833e.ee8b, irq 10
1: ethernet1: address is 000e.833e.ee8c, irq 11
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: 806263072 (0x300e9920)
Running Activation Key: 0xed6cddef 0x4c4d4350 0xa3e2a0d9 0x4145f7ad
Configuration last modified by enable_15 at 00:00:10.920 UTC Fri Jan 1 1993
NLONL02FIREWALL#
Thanks for all you help
01-19-2004 09:23 AM
Can anybody help with this?
01-19-2004 12:40 PM
Ward,
First I want to state that next time when you post your config, it would be better to remove the passwords..., allthough they are encrypted, the encryption is weak, and there are tools available to break them..... (but don´t worry, normally the moderators of this forum will edit your meaasge soon)
This said I have a few questions for you?
Have you tried just entering the enable password with no username (on the username/password box which is prompted)?
If not, please do so. This will give you access to PDM. There is no need to configure a username and password first.
Bytheway, I think you need to configure pdm location
If you want to use usernames and passwords to give different users different privilige levels (which I think you want, assuming this while looking at parts of your config), then you need a lot more config like setting the privilige levels, setting what to authenticate and what not, and stuff like that.
But first try it the easy way, let´s start simple, just enter the enable password you configured as the password on the prompt (and nu username) when connecting to PDM. This will get you in :-)
You will get privilige level 15 (which is the highest privilige level) when connecting with the enable password.
Hope this helps,
Leo
01-20-2004 04:20 AM
Hi leo
I appreciate your help on this.
Thanks for the tip on the passwords.
I was so stuck in my fault that I forgot to do that.
I have followed your steps as you said.
I type in the https://10.98.7.250/pdm.html
It then prompts me about the certificate.
All of them are ticked except for one and it says
"The name on the security is invalid or does not
match the name of the site"
I then click on proceed and it comes up with the
loading PDM manager please wait.....
It just sits on that page and does nothing further.
What do I need to do next?
Kind regards
01-20-2004 06:51 AM
Ward,
In that case it looks to me as you need to regenerate the public/private key.
Please execute the following commands:
ca zero rsa
ca gen rsa key 512
ca save all
After this please try again, but I'm pretty sure this will help you out.
kind regards,
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide