Re: PDM access required on low security level segment

gatekeeper · ‎07-29-2002

Just upgraded my PIX 525 (with failover) to 6.2(2).

Would want to use PDM access but not coming from "inside" interface but from a lower security level(95). How do I do this? Following procedures from docs got error when I specified IP address not on "inside". I have 5 segments on my pix ( outside, segment1, segment2, segment3, segment4, inside) and I want to use segment4. Thanks a lot.

gatekeeper

gfullage · ‎07-29-2002

You can certainly do this. All you should need is (assuming 1.1.1.1 is on segment4):

> http 1.1.1.1 255.255.255.255 segment4

The docs here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid4) show an example on the outside interface.

gatekeeper · ‎07-29-2002

First I entered the ff:

>http server enable

>http 1.1.1.1 255.255.255.255 segment4

and then I ran "setup".

>gatekeeper1(config)# setup

>Pre-configure PIX Firewall now through interactive prompts [yes]?

>Enable password []:

>Clock (UTC):

> Year [2002]:

> Month [Jul]:

> Day [30]:

>Time [14:22:27]:

> Inside IP address [2.2.2.2]: NOTE: I entered the "inside" IP address here

>Inside network mask [255.255.255.0]:

>Host name [gatekeeper1]:

>Domain name [gatekeeper.com]:

>IP address of host running PIX Device Manager: 1.1.1.1 NOTE: segment4 IP

>Use this configuration and write to flash? yes

>Building configuration...

When I did a "sh run", I got this:

>http server enable

>http 1.1.1.1 255.255.255.255 inside

>http 1.1.1.1 255.255.255.255 segment4

This doesn't look good! I access using 1.1.1.1. I authenticated successfully

but got a "404" error. I think I am doing something terribly stupid ;-)

Thanks.