Torrey Bates
asked on
Cisco PIX 501 how to view current config / enable pdm (web interface) / open port 3389
I'm working on an existing PIX 501 setup. A Comcast modem set in bridge mode is connected to it and another ethernet wire going to the network switch. I have to be careful what I do because this unit is also acting at the public IP for hosting mail and I don't know the settings.
I can only telnet from a command prompt into the unit. I enter the password, which works, but everything else I try fails except show version:
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
1. How can I view the current config?
2. How do I enable the PDM? (in Internet Explorer when I go to https://xxx.xxx.x.xx I get nothing
3. How can I enable port 3389? (Terminal Server not working - port blocked/not forwarding)
Regards,
Torrey
I can only telnet from a command prompt into the unit. I enter the password, which works, but everything else I try fails except show version:
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
1. How can I view the current config?
2. How do I enable the PDM? (in Internet Explorer when I go to https://xxx.xxx.x.xx I get nothing
3. How can I enable port 3389? (Terminal Server not working - port blocked/not forwarding)
Regards,
Torrey
HI,
1. 'sh run' command tellls the actual running config
2. you needto create rsa key, and enable pdm:
http://www.scribd.com/doc/4635345/PIX-Configuration-With-PDM
3. you need top create static nat, and you need to create on outside interface which is enable the reachability of tcp 3389 from public access!
Please show the config
1. 'sh run' command tellls the actual running config
2. you needto create rsa key, and enable pdm:
http://www.scribd.com/doc/4635345/PIX-Configuration-With-PDM
3. you need top create static nat, and you need to create on outside interface which is enable the reachability of tcp 3389 from public access!
Please show the config
You do need to get to enable before most of the commands will run, hopfully as bobinthenoc states they are the same, they arn't always. You do have to enable the pdm with an old pix, there are procedures to getting the passwords removed from the configuration if you need that let us know.
ASKER
The telnet password works but the "enable" password we have doesn't. I tried the "login" to log in as a particular user but that doesn't work. No suggested commands work just by getting on the telnet with a password. We don't have the console cable, it is gone.
Monday I'm going to try and contact the person who setup the PIX501 in the first place and get the "enable" password so I can try everyones suggestions.
Resetting the PIX501 is not an option - I don't know the configue and as I mentioned this unit is the public IP for hosting a domains mail.
Regards,
Torrey
Monday I'm going to try and contact the person who setup the PIX501 in the first place and get the "enable" password so I can try everyones suggestions.
Resetting the PIX501 is not an option - I don't know the configue and as I mentioned this unit is the public IP for hosting a domains mail.
Regards,
Torrey
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will need the enable password to do just about anything. And you will need the console cable to get the password reset. If are going to be managing this device in the future, you should get access to the device. If you can't get the password from someone else, getting a console cable and doing a password reset would be recommended.
Because the PIX is no longer supported, you might consider purchasing a new(er) firewall. Just a thought
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just to update everyone, it has now become somewhat of a legal issue between the prior IT firm and my customer over the enable password not working and getting them to come out and assist.
Buying a console cable, replacing the router with something more current, or holding out on the situation mentioned above are all options. As soon as something happens I'll update everyone and award points. I'm in a tough spot not knowing the configuration to apply to a factory reset box or a new router.
Regards,
Torrey
Buying a console cable, replacing the router with something more current, or holding out on the situation mentioned above are all options. As soon as something happens I'll update everyone and award points. I'm in a tough spot not knowing the configuration to apply to a factory reset box or a new router.
Regards,
Torrey
Once in ENABLE mode, you'll have full access to the PIX's configuration, including being able to enable the web server.
CONFIG TERM will get you into the 'edit' interface to be able to edit the running configuration.
PDM makes things a little simpler, but lacks some abilities too. If you're trying to do a port forward configuration for 3389 to a particular INSIDE host, and you have only 1 external IP address, you can't set it via PDM, you must use the CLI.
If all else fails, resentting the unit to factory default will re-enable the web interface.