Hi

Thanks for the help.I can get as far as the Cisc pix PDM manager loading...It has an egg timer that just sits there.I waited for 5 minutes but it is still not coming up with anything further.

It says Loading pix device manager....please wait

Can anyone advise please?

can anyone advise on this please.

Cheers

Are you getting a pop-up window that ask if you want to install and run Cisco PIX device mananger? That is the next phase. If you are not seeing this it could be a permissions issue on your workstation or I have seen some pop-up blockers kill this as well.

Please remember to rate any post that helps you out.

Yeah I am getting this message coming up.

It keeps saying please wait and just sits there.

It comes up saying the certificate information and then it says do you want to proceed.

I then click yes and it comes up with username and password.I dont have one set so i press enter.

I then get a popup window that says LOADING PIX DEVICE MANAGER please wait......

It just there.I cant get any further. much appreciated.

Any help would be

The only thing that looks out of the ordinary is this startup certiticate message.Could this be the problem.

When i put in https://10.98.7.250 in the browser

it then comes up with the message below.

The information you exchange with this site cannot be viewed or changed by others.

However there is a problem with the sites security certificate.

! The security certificate was issued by a company you have not chosen to trust

! The security certificate has expiredor is not yet valid.

! The name on the security certificate is invalid or does not match the name of the site.

Can anyone advise?

Cheers

Do you have a DES or 3DES key installed on you PIX. This key is required for PDM. If do not have this key Cisco will provide you with a new DES key for free. You will find this information with "show version" command.

Ward,

You should check on CCO on the supported browsers and the requirements of your browser. Sounds to me like not having a correct encryption level, some old version browser or java runtime environment. Check these things first before checking anything else.

You are using no username and the enable secret as the password on the PDM authentication popup?

You do have configured an enable secret. Otherwise I think PDM won´t be able to authenticate.

If all this is not of any help, there´s one other thing you could try, and that is regenerating the rsa key. There should be a procedure described on CCO, otherwise search the frum within this group, cause a few months ago the procedure was posted here. But regenerating the rsa key is rarely needed, so, I advise you to first check on the other things mentioned.

Good luck and kind regards,

Leo

Hi there

Please see my config and show version below.

All I have changed on the pix is the inside ip address,clock and added in the username and password.

i am running java 1.4.1_02 which is correct for internet explorer 6.

After typing the username and password I dont get prompted for it when I try get into pdm via the browser.It just comes up witht he pretty cisco picture saying PDM manager is loading...Please wait...

This is so frustrating.Please see the config and show version below

NLONL02FIREWALL# sho run

: Saved

:

PIX Version 6.3(1)

interface ethernet0 auto shutdown

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password Be5nymj6ciY8kJol encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname NLONL02FIREWALL

domain-name lon.flitech.net

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

pager lines 24

mtu outside 1500

mtu inside 1500

no ip address outside

ip address inside 10.98.7.250 255.255.248.0

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.98.7.2 255.255.255.255 inside

http 10.98.0.0 255.255.248.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

username thgilf password D467B2.MngTyAEZY encrypted privilege 2

terminal width 80

Cryptochecksum:384e1453437cfe00e9f28ab416c4c44b

: end

NLONL02FIREWALL# sho version

Cisco PIX Firewall Version 6.3(1)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 19-Mar-03 11:49 by morlee

NLONL02FIREWALL up 46 secs

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : Crypto5823 (revision 0x1)

0: ethernet0: address is 000e.833e.ee8b, irq 10

1: ethernet1: address is 000e.833e.ee8c, irq 11

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

Serial Number: 806263072 (0x300e9920)

Running Activation Key: 0xed6cddef 0x4c4d4350 0xa3e2a0d9 0x4145f7ad

Configuration last modified by enable_15 at 00:00:10.920 UTC Fri Jan 1 1993

NLONL02FIREWALL#

Thanks for all you help

Can anybody help with this?

Ward,

First I want to state that next time when you post your config, it would be better to remove the passwords..., allthough they are encrypted, the encryption is weak, and there are tools available to break them..... (but don´t worry, normally the moderators of this forum will edit your meaasge soon)

This said I have a few questions for you?

Have you tried just entering the enable password with no username (on the username/password box which is prompted)?

If not, please do so. This will give you access to PDM. There is no need to configure a username and password first.

Bytheway, I think you need to configure pdm location as well for the PC where you want to connect from.

If you want to use usernames and passwords to give different users different privilige levels (which I think you want, assuming this while looking at parts of your config), then you need a lot more config like setting the privilige levels, setting what to authenticate and what not, and stuff like that.

But first try it the easy way, let´s start simple, just enter the enable password you configured as the password on the prompt (and nu username) when connecting to PDM. This will get you in :-)

You will get privilige level 15 (which is the highest privilige level) when connecting with the enable password.

Hope this helps,

Leo

Hi leo

I appreciate your help on this.

Thanks for the tip on the passwords.

I was so stuck in my fault that I forgot to do that.

I have followed your steps as you said.

I type in the https://10.98.7.250/pdm.html

It then prompts me about the certificate.

All of them are ticked except for one and it says

"The name on the security is invalid or does not

match the name of the site"

I then click on proceed and it comes up with the

loading PDM manager please wait.....

It just sits on that page and does nothing further.

What do I need to do next?

Kind regards

Ward,

In that case it looks to me as you need to regenerate the public/private key.

Please execute the following commands:

ca zero rsa

ca gen rsa key 512

ca save all

After this please try again, but I'm pretty sure this will help you out.

kind regards,

Leo