Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2008
  • Last Modified:

Cisco PIX 501 GUI Setup

Hi. I'm trying to access the GUI side of my PIX 501. I have reset to factory defaults, and re-ran setup. I have PDM and have enabled it, but still can't get to it. I went to Cisco's site and below is the steps I've taken. Almost to the end of the steps, I get a few lines of text that I'm not sure what it means. I'll post after Cisco site directions. Read below:

Table 3-1 Setup Command Prompts  
 Step  Command  Purpose  
Step 1  
 Enable Password [<use current password>]:
 Enter an alphanumeric password, up to 16 characters in length, to protect the PIX Firewall privileged (access) mode. Record the password in accordance with your security policy. If you assign a password here, then it is used for authentication every time you launch PDM unless you configured your PIX Firewall to use another AAA server for authentication, in which case the AAA server provides the authentication.
 
Step 2  
 Clock (UTC)
Year [2001]:
Month [Aug]:
Day [27]:
Time [22:47:37]:
 Set the PIX Firewall clock to Universal Coordinated Time (UTC, also known as Greenwich Mean Time, or GMT). For example, if you are in the Pacific Daylight Savings time zone, set the clock 7 hours ahead of your local time to set the clock to UTC. Enter the year, month, day, and time. Enter the UTC time in 24-hour time as hour:minutes:seconds.
 
Step 3  
 Inside IP address:
 Specify the IP address of the PIX Firewall unit's inside interface. Ensure that this IP address is unique on the network and not used by any other computer or network device, such as a router.
 
Step 4  
 Inside network mask:
 Specify the network mask for the inside interface. An example mask is 255.255.255.0. You can also specify a subnetted mask, for example: 255.255.255.224. Do not use all 255s, such as 255.255.255.255. This prevents traffic from passing on the interface.
 
Step 5  
 Host name:
 Specify up to 16 characters as a name for the PIX Firewall unit.
 
Step 6  
 Domain name:
 Specify the domain name for the PIX Firewall.
 
Step 7  
 IP address of host running PIX Device
Manager:
 Specify the IP address of the workstation designated to run PDM.

This is the IP address of any workstation running supported web browser software, which you will use for accessing PDM over the network.
 




After you enter the IP address of the workstation running PDM, PIX Firewall displays the information you just entered.

The following is a sample display:

The following configuration will be used:
Enable Password: ciscopix
Clock (UTC): 14:22:00 Aug 28 2001
Inside IP address: 192.168.1.1
Inside network mask: 255.255.255.0
Host name: accounting_pix
Domain name: example.com
IP address of host running PIX Device Manager: 192.168.1.2
Step 5 Enter n to edit the values, or enter y to save the information to the PIX Firewall Flash memory.

Use this configuration and write to flash? y
Or, enter y at the prompt to save the information to the PIX Firewall Flash memory.

Step 6 Click Save to save your settings.

Step 7 Click Exit.

Step 8 Click Yes to exit HyperTerminal.


--------------------------------------------------------------------------------

RSA Key
The setup process generates an RSA key automatically. To generate an RSA key manually, follow these steps:


--------------------------------------------------------------------------------

Step 1 Enter configuration mode:

pixfirewall# configure terminal
Step 2 Remove the existing RSA key, if applicable:

pixfirewall (config)# ca zeroize rsa
Step 3 Generate a new RSA key:

pixfirewall (config)# ca generate rsa key 512


--------------------------------------------------------------------------------

Note It might take 30 or more seconds for the command prompt to return.


--------------------------------------------------------------------------------

Step 4 Display the new RSA key:

pixfirewall (config)# show ca mypubkey rsa
Step 5 For access to PDM, you must specify a client that is permitted to access the PIX Firewall HTTP server and then enable the HTTP server. Use the following command to specify a client that is permitted to access the HTTP server:

pixfirewall (config)# http ip_address [netmask] [if_name]
"ip_addressThe host or network authorized to initiate an HTTP connection to the PIX Firewall.

"netmaskThe network mask for the HTTP IP address.

"if_nameThe interface name on which the host or network initiating the HTTP connection resides.

Step 6 Enable the HTTP server:

pixfirewall (config)# http server enable
Step 7 Save the RSA key:

pixfirewall (config)# ca save all
Step 8 Save the configuration:

pixfirewall (config)# write memory

**********************************
Okay, where it says STEP 5, I enter in
http 192.168.1.5 255.255.255.0 insdie and it says
ERROR - ENTRY FOR ADDRESS/MASK = 192.168.1.5/255.255.255.0 EXISTS

Any ideas?
Help! ;)
0
dsmjeff
Asked:
dsmjeff
  • 6
  • 5
1 Solution
 
acromentCommented:
If you specify a SINGLE specific address such as 192.168.1.5 - the correct subnet mask is 255.255.255.255

If you want to open it up so that any pc on the subnet could access it you would use an ip address of 192.168.1.0 and a subnet mask of 255.255.255.0

0
 
dsmjeffAuthor Commented:
Thanks. I'll retry now.
0
 
dsmjeffAuthor Commented:
Okay, reran setup and got the same error when I get to that spot. Execpt now it is
ERROR - ENTRY FOR ADDRESS/MASK = 192.168.1.0/255.255.255.0 EXISTS
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
acromentCommented:
You receive these errors when you are running the manual RSA key setup?

There is no need to do that because a key is automaticlly generated when you run setup for the 1st time.

For the pix firewalls I've setup - the default generated RSA key is just fine and you can skip that step.

Why did you run that? Have you tried to access the PDM? Was that successful? What happened?
0
 
dsmjeffAuthor Commented:
I just went down the list from Cisco. It says to run that.
So if I re-run the initial setup again, and then just go straight to enable http, I should be able to go to a browser on a client that is connected to the device and enter in https://192.168.1.3 (PIX IP)?
0
 
acromentCommented:
that is correct.

Now, you will also want to make sure that you have the updated versions of the PIX OS and PDM installed on your PIX so that it will work with your PC.

Older versions of the PDM will not work from IE7 and certain versions of Java.

I would reccommend that you download and install PIX Version 6.3 and PDM version 3.04. You can get these from cisco with your smartnet support contract.

Or use an older PC with the compatible version of IE and Java installed.
0
 
dsmjeffAuthor Commented:
Okay. Got in just fine to the PIX PDM, but after login, I get this message:
Your PIX has a version number of 6.3(5). This requires a newer version of PDM. Please upgrade your PDM image. How do I do this w/ out a support contract from Cisco?
0
 
acromentCommented:
you can't. You need to have a current support contract to have access to software updates from cisco.
0
 
dsmjeffAuthor Commented:
Do you know how to buy one? Can I buy one for old equipment?
0
 
acromentCommented:
Contact Cisco - they will point you in the right direction. Most likely they will put you in touch with a local reseller who will want to "test" the pix before they will sell you a warranty for it.
0
 
dsmjeffAuthor Commented:
Thanks!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now