Cisco pix problem connecting to https interface to config pix

Hello i am trying to get a little practice with a pix 515. I would like to enable the web interface but i am having problems doing so.

I want to use http (but only https gets a reply) my guess is ther eis something wrong with the ssl cert. I would have no problem using normal http to get this working.

https://192.168.50.253/

When i try to connect via www i get the password box. I leave username blank and put my enable password in there. it goes the the next page and says

404 Not Found
The requested URL / was not found on this server.

I am stumped. Also i can not connect via ssh (do i need to enable that)

thanks

I have included my config below

PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8JkmeYOodD/bOziu encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX
domain-name erased
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto shutdown
interface ethernet1 auto
ip address outside 127.0.0.1 255.255.255.255
ip address inside 192.168.50.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.50.252 255.255.255.255 inside
http 192.168.50.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 60
ssh timeout 5
terminal width 80
Cryptochecksum:a74e3f5ac231d12446ed55e3e30472c1
: end
LVL 8
bilbusAsked:
Who is Participating?
 
stressedout2004Commented:
Ok first, web GUI access to the PIX is only via HTTPS, HTTP would not work. So if you would like to access the PIX
via GUI, you need to do https://192.168.50.253.

For SSH, you need to enable it. But before that, generate an RSA key first. This will also help you reset the rsa key for
the web GUI access. So do the following command:

ca zeroize rsa
ca generate rsa key 512
ca save all

After doing the ca commands, try to access the GUI again.

Then to enable SSH, the command would be:

ssh 192.168.50.0 255.255.255.0 inside

The above ssh command will allow anybody on the entire subnet to be able to SSH into the PIX inside interface. It will
ask you for a username, this time you have to enter the default username which is pix.
0
 
bilbusAuthor Commented:
Ok, thanks

i was able to get ssh working, but it would not let me in. I used "pix" as the username and my enable password as the password.

Also the webpage still does not work, any ideas?

thanks!

PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8JlmeYOodD/bOziu encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX
domain-name erased
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto shutdown
interface ethernet1 auto
ip address outside 127.0.0.1 255.255.255.255
ip address inside 192.168.50.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.50.252 255.255.255.255 inside
http 192.168.50.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 60
ssh 192.168.50.0 255.255.255.0 inside
ssh timeout 5
terminal width 80
Cryptochecksum:281776c4046b9564171984ff17a19896
: end
0
 
Keith AlabasterEnterprise ArchitectCommented:
Leave the username blank and just put in your enable password in the password field
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
Keith AlabasterEnterprise ArchitectCommented:
PS  That is for the PDM, not ssh
0
 
Keith AlabasterEnterprise ArchitectCommented:
OK. yes. I die of embarrassment in not reading your question properly....
0
 
stressedout2004Commented:
For SSH, the default username is pix and the password is cisco.  However, I see that you have telnet already enable and I am not sure if you have the telnet password modified. So if thats the case, for ssh access, still use pix for username and use the same password you are using for telnet.

Now for PDM access, can you post the output of show version.
0
 
lrmooreCommented:
Couple of points on the PDM:
Be sure your IE is not setup to use a proxy.
Be sure you have the latest JRE1.42. I don't think your version of PDM works with JRE5
If you upgrade the PIX to 6.3(5) and pdm 305, and your PC updated to latest JRE 1.5.6, your experience will be much enhanced.. The 2.x PDM is pretty useless.

>404 Not Found
>The requested URL / was not found on this server.
Looks like you would need to re-install the PDM anyway...

0
 
bilbusAuthor Commented:
ah great ok ssh works with the cisco/pix

on my pc i have

J2SE
Version 1.5.0 (build 1.5.0_06-b05)

how do i tell the version of my PDM?
0
 
stressedout2004Commented:
Just access the pix via telnet/ssh, and just do "show version"
0
 
bilbusAuthor Commented:
Ya i did that but it does not ay pdm version, does that mean i have no pdm?

I just upgraded the pix from 6.2 to 6.3

PIX# show version

Cisco PIX Firewall Version 6.3(5)

Compiled on Thu 04-Aug-05 21:40 by morlee

PIX up 7 hours 32 mins

Hardware:   PIX-515, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0001.64ff.ceda, irq 10
1: ethernet1: address is 0001.64ff.cedb, irq 7
Licensed Features:
Failover:                    Disabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Disabled
Maximum Physical Interfaces: 3
Maximum Interfaces:          5
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited

This PIX has a Restricted (R) license.

Serial Number:
Running Activation Key:
Configuration has not been modified since last system restart.
PIX#
0
 
lrmooreCommented:
Since it does not show the PDM version, and you get that error that you posted, it is obvious that the PDM is not loaded at all. You need to download the pdm file and load it.
Download pdm-304.bin to your tftp server.
Almost just like upgrading the OS:
 pix#copy tftp://server/pdm-304.bin flash:pdm


0
 
bilbusAuthor Commented:
thanks, i will have to locate a PDM version, do you know what version need for my 6.35 os?
0
 
Keith AlabasterEnterprise ArchitectCommented:
As per lrmoores post

<<< 
Since it does not show the PDM version, and you get that error that you posted, it is obvious that the PDM is not loaded at all. You need to download the pdm file and load it.
Download pdm-304.bin to your tftp server.
Almost just like upgrading the OS:
 pix#copy tftp://server/pdm-304.bin flash:pdm
>>>
0
 
paul1gilbertCommented:
Hi,

For that version you can use PDM version 3.0.4. On the Cisco download page it will appear as pdm-304.bin.
Here is the link for that software:
http://www.cisco.com/cgi-bin/tablebuild.pl/pix 

You will need a TFTP server and I suggest you to use:
http://tftpd32.jounin.net/ 

The command will be:
copy tftp flash:pdm

Then just follow the steps.

This will install the PDM and then you can try it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.