Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Cleared config now wont connect to PDM

I cleared the config on my pix 515e and 525 and it now comes up with this error in firefox:

ssl error no cipher overlap

I think I did something with the SSL key so now it wont load the PDM.

Any suggestions?

Collin Clark

You need to enable http, an IP that can connect to http and you have to tell the firewall where the ASDM image is.

http server enable

http server idle-timeout 10

http inside

asdm image disk0:/asdm-621.bin

To recreate your SSH Keys-

Hope that helps.

I'm trying this now.

Didn't work.. same message when trying to access PDM from correct IP address.

What does IE say?



Probably you have a certificate problem.

Did you try to remove the certificate in Firefox.



IE gives a page cannot be displayed error.

It isn't a problem with the browser.. I'm using three different machines. None work.


I am guessing that there is some issue with what you put into the config of the PIXes. Can you post the config?





I'll get it posted in a bit however they are all default settings with only the HTTP server enabled for for access.

I can get as far as waiting for the PDM to load if I disable SSL3 but it still hangs.

Yes I have an earlier version of Java not update 14.

: Saved

: Written by enable_15 at 19:46:14.673 UTC Sun Jul 26 2009

PIX Version 6.3(4)

interface ethernet0 auto shutdown

interface ethernet1 auto

interface ethernet2 auto shutdown

interface ethernet3 auto shutdown

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

nameif ethernet3 intf3 security6

nameif ethernet4 intf4 security8

nameif ethernet5 intf5 security10

enable password NuLKvvWGg.x9HEKO encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pix


fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


pager lines 24

mtu outside 1500

mtu inside 1500

mtu intf2 1500

mtu intf3 1500

mtu intf4 1500

mtu intf5 1500

no ip address outside

ip address inside

no ip address intf2

no ip address intf3

no ip address intf4

no ip address intf5

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

no failover ip address intf2

no failover ip address intf3

no failover ip address intf4

no failover ip address intf5

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

terminal width 80



Thanks for posting the config. I believe that if you take a close look at the fourth octet of your permit for http that you will see what your problem is:

http inside

your permit is for a host specific address (and there is almost certainly not a host in the network with address If you change the mask to then I believe that your access via PDM will work.





Changed it. Still nothing. Keeps giving me the cypher overlap problem.

Surely someone here knows what the issue is?

If not do they still sell support for the PIX line? If so, where can I purchase a contract?

Anyone? I'm getting very very worried.

I never worked with a PIX or similar product but I found this on the web:

hen you attempt to access PDM, the message "the page cannot be displayed" appears in Internet Explorer or the message "network connection was refused by the server" appears in Netscape Communicator.

1. Check that you are using "https" in your connection to "https://pix_inside_interface_

ip_address" and not "http." The connection cannot be made using "http," it must be "https."

2. If you cannot connect, enter the show version command to check that you have the proper activation key to use DES or 3DES. If you do not, obtain an activation key that supports this requirement before continuing. If, after confirming that your activation key supports using DES or 3DES