Re: PIX DEVICE MANAGER

gspencer · ‎04-30-2002

Can someone who is accessing a pix through a browser provide me with some assistance. I am running Cisco PIX Firewall Version 6.1(1) with

Cisco PIX Device Manager Version 1.1(2). When I launched the brower wth the IP of the inside interface I got "The page cannot be displayed". I ran a sniffer trace and the packets are getting to the inside interface but I don't see the a response from the PIX. I did not see any message being logged that there are errors.

Do I have to enable something? Thanks in advance.

raygibson · ‎04-30-2002

You have to give the PIX the IP address of the machine that you are using to access PDM.

Also, You need to disable your proxy settings if you are using a Proxy Server.

JOHN NIKOLATOS · ‎04-30-2002

You need to set the PDM command to tell the pix to allow the webpage.

pdm location 192.168.1.1 255.255.255.255 inside

** where 192.168.1.1 is the machine you want to give access

gspencer · ‎05-01-2002

I tried this but its not working. I also enabled http server with the IP address of the same pc. Is there something else I am overlooking?

tim.hunt · ‎05-01-2002

I had just installed ^.2, installed PDM and then was scratching my head why I could not get to it.. Then it hit me..

I forgot to put the static route in so the PIX would know how to get back to the PC I was running PDM on.

Make sure you have a route statement to the PC's network.

Hope this helps.

TH

bz · ‎05-01-2002

Make sure you are accessing the PIX using https://pix_inside_interface

robhorniachek · ‎05-01-2002

I haven't seen the solution pop up here yet... lots of good ideas though.

You need to do a 'http server enable' to enable the PDM, then do a 'http

inside' to tell the PIX to allow that PC (or network) to access the inside interface with HTTP. Also - make sure you are going to 'https://', not just 'http://'...

There are several other things that HAVE TO BE THERE:

1. Set the clock

2. Make sure DES/3DES is enabled.

3. Make sure PDM is installed - do a 'sh ver', and right under the version of PIX OS, you will see the version of PDM that is running.

Doing anything with the 'pdm location' command won't do anything - it is only there for the internal workings of PDM, it doesn't allow or disallow access to PDM.

Hope this helps!

JOHN NIKOLATOS · ‎05-01-2002

Like someone said above. You need to use https not http AND you need to have the DES or 3DES encryption enabled. Go to www.cisco.com click on software (you must log in to CCO) then you will have a link to software download.

Check out the FAQ at http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pdm_qa.htm

It may help out.... you need to meet some requirments.

The key is at http://www.cisco.com/kobayashi/sw-center/internet/pix-56bit.shtml (you need CCO access get it at http://www.cisco.com/register/ )

You will need a TFTP program. You will need to turn your PIX off and go into the ROM MONITOR MODE with the esc key. YOu need to type (in this order)

"Interface 1" -this will initialize the PIX NIC card for the inside interface

"IP address 192.168.1.1" -This will bind an ip address to it

"gateway 192.168.1.x" -where x is your laptop or pc

"server 192.168.1.x" -where x is your laptop or pc with the TFTP program

"PING 192.168.1.x" -to test connectivity to the TFTP server PC

"FILE PIX611.BIN" -where PIX611.BIN is the current OS of the PIX (you must download it and have it handy.

Make sure you connect the PIX to the PC with a small switch or cross over cable to INSIDE interface 1.

Once the TFTP process happens (it will take about 1 minute or so) it will reboot and ask you to "add a new license key" you must say "YES" and put the new key in Cisco will send you from the 56bit link above (IT'S FREE for 56bit) It will only take like 5 minutes or so also.

This will enable 56bit encryption on your PIX - you can verify by typing

"SHOW VER" - It is show what is enabled.

gspencer · ‎05-02-2002

Thanks all for your valuable input. I got it to work when I used "https://xxx.xxx.xxx.xxx/" this was the step I was overlooking.