Advertisement

02.18.2008 at 03:58PM PST, ID: 23172974
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.2

PDM is unable to contact the PIX

Zones: Cisco PIX Firewall, Networking Hardware Firewalls
Tags: Cisco, PDM, 3.0(4), Cisco, Firewall, PIX 501
I have been trying to make some changes to the current configuration on our Cisco PIX 501 but I am unable to access the PDM.  Right before the PDMs main interface shows up I get a error that says:
PDM is unable to contact the PIX.  Please check the configuration and your connection and then try again by clicking the Refresh icon.

I am really stumped on this and some help would be great.  Here is some additional information that may help you help me.
Hostname      ORDpix      Device      PIX 501
PDM Version      3.0(4)      PIX Version      6.3(5)
User      admin      Privilege Level      15
JavaScript      Enabled      Java      Enabled
Browser      Internet Explorer 7.0      JDK Version      1.6.0_03
OS      Windows Vista 6.0

Under here is the running config but I removed globally routable IPs for security purposes

PIX Version 6.3(5)                  
interface ethernet0 100full                          
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password I54AcTXOsQcikomJ encrypted                                          
passwd 2KFQnbNIdI.2KYOU encrypted                                
hostname ORDpix              
domain-name ciscopix.com                        
fixup protocol dns maximum-length 512                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names    
name 10.10.10.50 Dell                    
name 10.10.10.12 ORD-03                      
name 10.10.10.20 ORD-04                      
name 10.10.10.8 GSA                  
name 10.10.10.210 sapabaptest                            
object-group service ORD-03ports tcp                                    
  port-object eq www                    
  port-object range 3389 3389                            
  port-object eq https                      
  port-object range 81 81                        
object-group service ORD-04ports tcp                                    
  port-object eq www                    
  port-object range 3389 3389                            
  port-object eq https                      
  port-object range pptp pptp                            
object-group service GSAports tcp                                
  port-object range 8000 8000                            
  port-object eq www                    
object-group service ORD-04udp udp                                  
  port-object range isakmp isakmp                                
  port-object range 4500 4500                            
access-list inbound_acl permit tcp any host xxx.xxx.xxx.xxx object-group ORD-03por                                                                                
ts  
access-list inbound_acl permit tcp any host xxx.xxx.xxx.xxx object-group ORD-04por                                                                                
ts  
access-list inbound_acl permit udp any host xxx.xxx.xxx.xxx object-group ORD-04udp                                                                                

access-list inbound_acl permit esp any host xxx.xxx.xxx.xxx                                                        
access-list inbound_acl permit gre any host xxx.xxx.xxx.xxx                                                        
access-list inbound_acl permit tcp any host xxx.xxx.xxx.xxx object-group GSAports                                                                              

access-list inside_nat0_outbound permit ip 10.10.10.0 255.255.255.0 192.168.1.0                                                                              
255.255.255.0            
access-list inside_nat0_outbound permit ip any 10.10.10.192 255.255.255.192                                                                          
access-list outside_cryptomap_10 permit ip 10.10.10.0 255.255.255.0 192.168.1.0                                                                              
255.255.255.0            
pager lines 24              
icmp permit any outside                      
mtu outside 1500                
mtu inside 1500              
ip address outside xxx.xxx.xxx.xxx 255.255.255.248                                                
ip address inside 10.10.10.1 255.255.255.0                                          
ip audit info action alarm                          
ip audit attack action alarm                            
ip local pool Remote 10.10.10.200-10.10.10.250 mask 255.255.255.0                                                                
pdm location ORD-03 255.255.255.255 inside                                          
pdm location Dell 255.255.255.255 inside                                        
pdm location 10.100.100.0 255.255.255.0 inside                                              
pdm location xxx.xxx.xxx.xxx 255.255.255.255 outside                                                  
pdm location 10.10.10.0 255.255.255.0 inside                                            
pdm location 10.10.10.0 255.255.255.0 outside                                            
pdm location 10.100.100.0 255.255.255.0 outside                                              
pdm location 192.168.1.0 255.255.255.0 outside                                              
pdm location GSA 255.255.255.255 inside                                      
pdm location ORD-04 255.255.255.255 inside                                          
pdm location 10.10.10.192 255.255.255.192 outside                                                
pdm location sapabaptest 255.255.255.255 inside                                              
pdm logging informational 100                            
pdm history enable                  
arp timeout 14400                
global (outside) 10 interface                            
nat (inside) 0 access-list inside_nat0_outbound                                              
nat (inside) 10 0.0.0.0 0.0.0.0 0 0                                  
static (inside,outside) xxx.xxx.xxx.xxx ORD-03 netmask 255.255.                                                            
static (inside,outside) xxx.xxx.xxx.xxx GSA netmask 255.255.255.255 0 0                                                                    
static (inside,outside) xxx.xxx.xxx.xxx ORD-04 netmask 255.255.255.255 0 0                                                                        
access-group inbound_acl in interface outside                                            
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1                                            
timeout xlate 0:05:00                    
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00                                                                            
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00                                                              
timeout sip-disconnect 0:02:00 sip-invite 0:03:00                                                
timeout uauth 0:05:00 absolute                              
aaa-server TACACS+ protocol tacacs+                                  
aaa-server TACACS+ max-failed-attempts 3                                        
aaa-server TACACS+ deadtime 10                              
aaa-server RADIUS protocol radius                                
aaa-server RADIUS max-failed-attempts 3                                      
aaa-server RADIUS deadtime 10                            
aaa-server LOCAL protocol local                              
http server enable                  
http 10.10.10.0 255.255.255.0 inside                                    
no snmp-server location                      
no snmp-server contact                      
snmp-server community public                            
no snmp-server enable traps                          
floodguard enable                
sysopt connection permit-ipsec                              
sysopt connection permit-pptp                            
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac                                                            
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac                                                          
crypto ipsec transform-set MyTFSet esp-3des esp-md5-hmac                                                        
crypto map outside_map 10 ipsec-isakmp                                      
crypto map outside_map 10 match address outside_cryptomap_10                                                            
crypto map outside_map 10 set peer xxx.xxx.xxx.xxx                                              
crypto map outside_map 10 set transform-set MyTFSet                                                  
crypto map outside_map interface outside                                        
isakmp enable outside                    
isakmp key ******** address xxx.xxx.xxx.xxx netmask 255.255.255.255 no-xauth no-con                                                                                
fig-mode        
isakmp identity address                      
isakmp policy 10 authent                      
isakmp policy 10 encryption 3des                                
isakmp policy 10 hash md5                        
isakmp policy 10 group 1                        
isakmp policy 10 lifetime 86400                              
isakmp policy 30 authentication pre-share                                        
isakmp policy 30 encryption 3des                                
isakmp policy 30 hash md5                        
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto required
vpdn group PPTP-VPDN-GROUP client configuration address local Remote
vpdn group PPTP-VPDN-GROUP client configuration dns 10.10.10.10
vpdn group PPTP-VPDN-GROUP client configuration wins 10.10.10.10
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username Jeff password *********
vpdn username Michael password *********
vpdn enable outside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
username admin password PAHrYsYbAxunajsa encrypted privilege 15
terminal width 80
Cryptochecksum:1fb1ee3d963c4355eeaf6991c9155303
: end
Start your free trial to view this solution
Question Stats
Zone: Security
Question Asked By: TechGuy1984
Solution Provided By: batry_boy
Participating Experts: 2
Solution Grade: A
Views: 33
Translate:
Loading Advertisement...
02.18.2008 at 04:17PM PST, ID: 20924696

Rank: Sage

batry_boy:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.18.2008 at 04:17PM PST, ID: 20924697

Rank: Guru

MrHusy:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.19.2008 at 07:57AM PST, ID: 20929538
TechGuy1984:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
02.19.2008 at 08:53AM PST, ID: 20930125

Rank: Sage

batry_boy:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
20080236-EE-VQP-29 / EE_QW_2_20070628