Link to home
Start Free TrialLog in
Avatar of bilbus
bilbus

asked on

Cisco pix problem connecting to https interface to config pix

Hello i am trying to get a little practice with a pix 515. I would like to enable the web interface but i am having problems doing so.

I want to use http (but only https gets a reply) my guess is ther eis something wrong with the ssl cert. I would have no problem using normal http to get this working.

https://192.168.50.253/

When i try to connect via www i get the password box. I leave username blank and put my enable password in there. it goes the the next page and says

404 Not Found
The requested URL / was not found on this server.

I am stumped. Also i can not connect via ssh (do i need to enable that)

thanks

I have included my config below

PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8JkmeYOodD/bOziu encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX
domain-name erased
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto shutdown
interface ethernet1 auto
ip address outside 127.0.0.1 255.255.255.255
ip address inside 192.168.50.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.50.252 255.255.255.255 inside
http 192.168.50.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 60
ssh timeout 5
terminal width 80
Cryptochecksum:a74e3f5ac231d12446ed55e3e30472c1
: end
ASKER CERTIFIED SOLUTION
Avatar of stressedout2004
stressedout2004
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bilbus
bilbus

ASKER

Ok, thanks

i was able to get ssh working, but it would not let me in. I used "pix" as the username and my enable password as the password.

Also the webpage still does not work, any ideas?

thanks!

PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8JlmeYOodD/bOziu encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX
domain-name erased
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto shutdown
interface ethernet1 auto
ip address outside 127.0.0.1 255.255.255.255
ip address inside 192.168.50.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.50.252 255.255.255.255 inside
http 192.168.50.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 60
ssh 192.168.50.0 255.255.255.0 inside
ssh timeout 5
terminal width 80
Cryptochecksum:281776c4046b9564171984ff17a19896
: end
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Leave the username blank and just put in your enable password in the password field
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
PS  That is for the PDM, not ssh
SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of stressedout2004
stressedout2004
For SSH, the default username is pix and the password is cisco.  However, I see that you have telnet already enable and I am not sure if you have the telnet password modified. So if thats the case, for ssh access, still use pix for username and use the same password you are using for telnet.

Now for PDM access, can you post the output of show version.
SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bilbus
bilbus

ASKER

ah great ok ssh works with the cisco/pix

on my pc i have

J2SE
Version 1.5.0 (build 1.5.0_06-b05)

how do i tell the version of my PDM?
Avatar of stressedout2004
stressedout2004
Just access the pix via telnet/ssh, and just do "show version"
Avatar of bilbus
bilbus

ASKER

Ya i did that but it does not ay pdm version, does that mean i have no pdm?

I just upgraded the pix from 6.2 to 6.3

PIX# show version

Cisco PIX Firewall Version 6.3(5)

Compiled on Thu 04-Aug-05 21:40 by morlee

PIX up 7 hours 32 mins

Hardware:   PIX-515, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0001.64ff.ceda, irq 10
1: ethernet1: address is 0001.64ff.cedb, irq 7
Licensed Features:
Failover:                    Disabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Disabled
Maximum Physical Interfaces: 3
Maximum Interfaces:          5
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited

This PIX has a Restricted (R) license.

Serial Number:
Running Activation Key:
Configuration has not been modified since last system restart.
PIX#
Avatar of Les Moore
Les Moore
Flag of United States of America image
Since it does not show the PDM version, and you get that error that you posted, it is obvious that the PDM is not loaded at all. You need to download the pdm file and load it.
Download pdm-304.bin to your tftp server.
Almost just like upgrading the OS:
 pix#copy tftp://server/pdm-304.bin flash:pdm


Avatar of bilbus
bilbus

ASKER

thanks, i will have to locate a PDM version, do you know what version need for my 6.35 os?
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
As per lrmoores post

<<< 
Since it does not show the PDM version, and you get that error that you posted, it is obvious that the PDM is not loaded at all. You need to download the pdm file and load it.
Download pdm-304.bin to your tftp server.
Almost just like upgrading the OS:
 pix#copy tftp://server/pdm-304.bin flash:pdm
>>>
Avatar of paul1gilbert
paul1gilbert
Hi,

For that version you can use PDM version 3.0.4. On the Cisco download page it will appear as pdm-304.bin.
Here is the link for that software:
http://www.cisco.com/cgi-bin/tablebuild.pl/pix 

You will need a TFTP server and I suggest you to use:
http://tftpd32.jounin.net/ 

The command will be:
copy tftp flash:pdm

Then just follow the steps.

This will install the PDM and then you can try it.