tballin
asked on
Can't get PDM to work
I just uploaded PDM ver 5.2 to my PIX and Im having trouble getting it working.
Given the following output:
PIX# show ver
Cisco PIX Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "flash:/pix722.bin"
Config file at boot was "startup-config"
Addison-PIX up 17 hours 8 mins
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 0003.6bf6.c171, irq 11
1: Ext: Ethernet1 : address is 0003.6bf6.c172, irq 10
Licensed features for this platform:
Maximum Physical Interfaces : 3
Maximum VLANs : 10
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Restricted (R) license.
Serial Number: 405400750
Running Activation Key: 0xaeeb8b88 0x04133bbd 0x3244a388 0xded9d489
Configuration has not been modified since last system restart.
And
http server enable
http 0.0.0.0 0.0.0.0 inside
What am I doing wrong?
Given the following output:
PIX# show ver
Cisco PIX Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "flash:/pix722.bin"
Config file at boot was "startup-config"
Addison-PIX up 17 hours 8 mins
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 0003.6bf6.c171, irq 11
1: Ext: Ethernet1 : address is 0003.6bf6.c172, irq 10
Licensed features for this platform:
Maximum Physical Interfaces : 3
Maximum VLANs : 10
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Restricted (R) license.
Serial Number: 405400750
Running Activation Key: 0xaeeb8b88 0x04133bbd 0x3244a388 0xded9d489
Configuration has not been modified since last system restart.
And
http server enable
http 0.0.0.0 0.0.0.0 inside
What am I doing wrong?
Robert Sutton Jr
<Sh run> and post it back here......
ASKER
Addison-PIX# show run
: Saved
:
PIX Version 7.2(2)
!
hostname Addison-PIX
domain-name cisco.com
enable password LxIayVUtjCiLuhnB encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 12.34.185.2 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.10.10.5 255.255.255.0
!
passwd dTAG2FyX4NQBI0Z2 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.com
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 host 54.32.240.130
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 host 67.89.51.2
access-list 103 extended permit ip host 12.34.185.2 192.168.2.0 255.255.255.0
access-list 103 extended permit ip host 12.34.185.2 192.168.3.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list 103 extended permit ip host 192.168.1.4 host 67.89.51.2
access-list 120 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 120 extended permit ip 192.168.1.0 255.255.255.0 host 54.32.240.130
access-list 120 extended permit ip host 12.34.185.2 192.168.2.0 255.255.255.0
access-list 130 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 130 extended permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list 130 extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 130 extended permit ip host 192.168.1.4 host 67.89.51.2
access-list 101 extended permit tcp any host 12.34.185.3 eq www
access-list 101 extended permit tcp any host 12.34.185.3 eq https
access-list 101 extended permit tcp any host 12.34.185.3 eq smtp
access-list 101 extended permit tcp any host 12.34.185.10 eq www
access-list 101 extended permit tcp any host 12.34.185.11 eq www
access-list 101 extended permit tcp any host 12.34.185.12 eq www
access-list 101 extended permit tcp any host 12.34.185.12 eq https
access-list 101 extended permit tcp any host 12.34.185.12 eq ssh
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp host 67.89.51.3 host 12.34.185.3 eq 3268
access-list 101 extended permit tcp host 67.89.51.3 host 12.34.185.3 eq smtp
access-list 101 extended permit icmp any any unreachable
access-list 101 extended permit icmp any any time-exceeded
access-list UserVPNTunnel extended permit ip 192.168.1.0 255.255.255.0 any
access-list UserVPNTunnel extended deny ip any any
access-list 150 extended deny tcp any host 81.95.146.130
access-list 150 extended deny tcp any host 81.95.147.107
access-list 150 extended permit ip any any
pager lines 15
logging enable
mtu outside 1500
mtu inside 1500
ip local pool DPvpnpool 192.168.1.70-192.168.1.99
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/pdm
no asdm history enable
arp timeout 14400
global (outside) 1 12.34.185.20-12.34.185.253
global (outside) 1 12.34.185.254
nat (inside) 0 access-list 103
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) 12.34.185.3 192.168.1.3 netmask 255.255.255.255
static (inside,outside) 12.34.185.10 192.168.1.10 netmask 255.255.255.255
static (inside,outside) 12.34.185.11 192.168.1.12 netmask 255.255.255.255
static (inside,outside) 12.34.185.12 192.168.1.11 netmask 255.255.255.255
access-group 101 in interface outside
access-group 150 in interface inside
route outside 0.0.0.0 0.0.0.0 12.34.185.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server DPAuth protocol radius
aaa-server DPAuth host 192.168.1.4
timeout 5
key *
group-policy DPpixVPN internal
group-policy DPpixVPN attributes
wins-server value 192.168.1.4
dns-server value 192.168.1.4
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value UserVPNTunnel
username pgary password 8L4sdWR8aB6/9cG7 encrypted
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set SiteToSiteVPN esp-3des esp-md5-hmac
crypto ipsec transform-set UserVPNSet esp-3des esp-md5-hmac
crypto dynamic-map UserVPNdynmap 50 set transform-set UserVPNSet
crypto map FromAddison 20 match address 120
crypto map FromAddison 20 set peer 54.32.240.130
crypto map FromAddison 20 set transform-set SiteToSiteVPN
crypto map FromAddison 30 match address 130
crypto map FromAddison 30 set peer 67.89.51.2
crypto map FromAddison 30 set transform-set SiteToSiteVPN
crypto map FromAddison 50 ipsec-isakmp dynamic UserVPNdynmap
crypto map FromAddison interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 1000
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 1000
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 54.32.240.130 type ipsec-l2l
tunnel-group 54.32.240.130 ipsec-attributes
pre-shared-key *
tunnel-group 67.89.51.2 type ipsec-l2l
tunnel-group 67.89.51.2 ipsec-attributes
pre-shared-key *
tunnel-group DPpixVPN type ipsec-ra
tunnel-group DPpixVPN general-attributes
address-pool DPvpnpool
default-group-policy DPpixVPN
tunnel-group DPpixVPN ipsec-attributes
pre-shared-key *
telnet 192.168.2.0 255.255.255.0 outside
telnet 192.168.3.0 255.255.255.0 outside
telnet 192.168.1.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
tftp-server inside 192.168.1.186 /filename.cfg
prompt hostname context
Cryptochecksum:03a7c898a76
: end
: Saved
:
PIX Version 7.2(2)
!
hostname Addison-PIX
domain-name cisco.com
enable password LxIayVUtjCiLuhnB encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 12.34.185.2 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.10.10.5 255.255.255.0
!
passwd dTAG2FyX4NQBI0Z2 encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.com
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 host 54.32.240.130
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 host 67.89.51.2
access-list 103 extended permit ip host 12.34.185.2 192.168.2.0 255.255.255.0
access-list 103 extended permit ip host 12.34.185.2 192.168.3.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list 103 extended permit ip host 192.168.1.4 host 67.89.51.2
access-list 120 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 120 extended permit ip 192.168.1.0 255.255.255.0 host 54.32.240.130
access-list 120 extended permit ip host 12.34.185.2 192.168.2.0 255.255.255.0
access-list 130 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 130 extended permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list 130 extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 130 extended permit ip host 192.168.1.4 host 67.89.51.2
access-list 101 extended permit tcp any host 12.34.185.3 eq www
access-list 101 extended permit tcp any host 12.34.185.3 eq https
access-list 101 extended permit tcp any host 12.34.185.3 eq smtp
access-list 101 extended permit tcp any host 12.34.185.10 eq www
access-list 101 extended permit tcp any host 12.34.185.11 eq www
access-list 101 extended permit tcp any host 12.34.185.12 eq www
access-list 101 extended permit tcp any host 12.34.185.12 eq https
access-list 101 extended permit tcp any host 12.34.185.12 eq ssh
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp host 67.89.51.3 host 12.34.185.3 eq 3268
access-list 101 extended permit tcp host 67.89.51.3 host 12.34.185.3 eq smtp
access-list 101 extended permit icmp any any unreachable
access-list 101 extended permit icmp any any time-exceeded
access-list UserVPNTunnel extended permit ip 192.168.1.0 255.255.255.0 any
access-list UserVPNTunnel extended deny ip any any
access-list 150 extended deny tcp any host 81.95.146.130
access-list 150 extended deny tcp any host 81.95.147.107
access-list 150 extended permit ip any any
pager lines 15
logging enable
mtu outside 1500
mtu inside 1500
ip local pool DPvpnpool 192.168.1.70-192.168.1.99
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/pdm
no asdm history enable
arp timeout 14400
global (outside) 1 12.34.185.20-12.34.185.253
global (outside) 1 12.34.185.254
nat (inside) 0 access-list 103
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) 12.34.185.3 192.168.1.3 netmask 255.255.255.255
static (inside,outside) 12.34.185.10 192.168.1.10 netmask 255.255.255.255
static (inside,outside) 12.34.185.11 192.168.1.12 netmask 255.255.255.255
static (inside,outside) 12.34.185.12 192.168.1.11 netmask 255.255.255.255
access-group 101 in interface outside
access-group 150 in interface inside
route outside 0.0.0.0 0.0.0.0 12.34.185.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server DPAuth protocol radius
aaa-server DPAuth host 192.168.1.4
timeout 5
key *
group-policy DPpixVPN internal
group-policy DPpixVPN attributes
wins-server value 192.168.1.4
dns-server value 192.168.1.4
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value UserVPNTunnel
username pgary password 8L4sdWR8aB6/9cG7 encrypted
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set SiteToSiteVPN esp-3des esp-md5-hmac
crypto ipsec transform-set UserVPNSet esp-3des esp-md5-hmac
crypto dynamic-map UserVPNdynmap 50 set transform-set UserVPNSet
crypto map FromAddison 20 match address 120
crypto map FromAddison 20 set peer 54.32.240.130
crypto map FromAddison 20 set transform-set SiteToSiteVPN
crypto map FromAddison 30 match address 130
crypto map FromAddison 30 set peer 67.89.51.2
crypto map FromAddison 30 set transform-set SiteToSiteVPN
crypto map FromAddison 50 ipsec-isakmp dynamic UserVPNdynmap
crypto map FromAddison interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 1000
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 1000
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 54.32.240.130 type ipsec-l2l
tunnel-group 54.32.240.130 ipsec-attributes
pre-shared-key *
tunnel-group 67.89.51.2 type ipsec-l2l
tunnel-group 67.89.51.2 ipsec-attributes
pre-shared-key *
tunnel-group DPpixVPN type ipsec-ra
tunnel-group DPpixVPN general-attributes
address-pool DPvpnpool
default-group-policy DPpixVPN
tunnel-group DPpixVPN ipsec-attributes
pre-shared-key *
telnet 192.168.2.0 255.255.255.0 outside
telnet 192.168.3.0 255.255.255.0 outside
telnet 192.168.1.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
tftp-server inside 192.168.1.186 /filename.cfg
prompt hostname context
Cryptochecksum:03a7c898a76
: end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.