We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Cisco PIX 501 GUI Setup

dsmjeff asked
Medium Priority
Last Modified: 2012-05-06
Hi. I'm trying to access the GUI side of my PIX 501. I have reset to factory defaults, and re-ran setup. I have PDM and have enabled it, but still can't get to it. I went to Cisco's site and below is the steps I've taken. Almost to the end of the steps, I get a few lines of text that I'm not sure what it means. I'll post after Cisco site directions. Read below:

Table 3-1 Setup Command Prompts  
 Step  Command  Purpose  
Step 1  
 Enable Password [<use current password>]:
 Enter an alphanumeric password, up to 16 characters in length, to protect the PIX Firewall privileged (access) mode. Record the password in accordance with your security policy. If you assign a password here, then it is used for authentication every time you launch PDM unless you configured your PIX Firewall to use another AAA server for authentication, in which case the AAA server provides the authentication.
Step 2  
 Clock (UTC)
Year [2001]:
Month [Aug]:
Day [27]:
Time [22:47:37]:
 Set the PIX Firewall clock to Universal Coordinated Time (UTC, also known as Greenwich Mean Time, or GMT). For example, if you are in the Pacific Daylight Savings time zone, set the clock 7 hours ahead of your local time to set the clock to UTC. Enter the year, month, day, and time. Enter the UTC time in 24-hour time as hour:minutes:seconds.
Step 3  
 Inside IP address:
 Specify the IP address of the PIX Firewall unit's inside interface. Ensure that this IP address is unique on the network and not used by any other computer or network device, such as a router.
Step 4  
 Inside network mask:
 Specify the network mask for the inside interface. An example mask is You can also specify a subnetted mask, for example: Do not use all 255s, such as This prevents traffic from passing on the interface.
Step 5  
 Host name:
 Specify up to 16 characters as a name for the PIX Firewall unit.
Step 6  
 Domain name:
 Specify the domain name for the PIX Firewall.
Step 7  
 IP address of host running PIX Device
 Specify the IP address of the workstation designated to run PDM.

This is the IP address of any workstation running supported web browser software, which you will use for accessing PDM over the network.

After you enter the IP address of the workstation running PDM, PIX Firewall displays the information you just entered.

The following is a sample display:

The following configuration will be used:
Enable Password: ciscopix
Clock (UTC): 14:22:00 Aug 28 2001
Inside IP address:
Inside network mask:
Host name: accounting_pix
Domain name: example.com
IP address of host running PIX Device Manager:
Step 5 Enter n to edit the values, or enter y to save the information to the PIX Firewall Flash memory.

Use this configuration and write to flash? y
Or, enter y at the prompt to save the information to the PIX Firewall Flash memory.

Step 6 Click Save to save your settings.

Step 7 Click Exit.

Step 8 Click Yes to exit HyperTerminal.


The setup process generates an RSA key automatically. To generate an RSA key manually, follow these steps:


Step 1 Enter configuration mode:

pixfirewall# configure terminal
Step 2 Remove the existing RSA key, if applicable:

pixfirewall (config)# ca zeroize rsa
Step 3 Generate a new RSA key:

pixfirewall (config)# ca generate rsa key 512


Note It might take 30 or more seconds for the command prompt to return.


Step 4 Display the new RSA key:

pixfirewall (config)# show ca mypubkey rsa
Step 5 For access to PDM, you must specify a client that is permitted to access the PIX Firewall HTTP server and then enable the HTTP server. Use the following command to specify a client that is permitted to access the HTTP server:

pixfirewall (config)# http ip_address [netmask] [if_name]
"ip_addressThe host or network authorized to initiate an HTTP connection to the PIX Firewall.

"netmaskThe network mask for the HTTP IP address.

"if_nameThe interface name on which the host or network initiating the HTTP connection resides.

Step 6 Enable the HTTP server:

pixfirewall (config)# http server enable
Step 7 Save the RSA key:

pixfirewall (config)# ca save all
Step 8 Save the configuration:

pixfirewall (config)# write memory

Okay, where it says STEP 5, I enter in
http insdie and it says

Any ideas?
Help! ;)
Watch Question

If you specify a SINGLE specific address such as - the correct subnet mask is

If you want to open it up so that any pc on the subnet could access it you would use an ip address of and a subnet mask of


Thanks. I'll retry now.


Okay, reran setup and got the same error when I get to that spot. Execpt now it is

You receive these errors when you are running the manual RSA key setup?

There is no need to do that because a key is automaticlly generated when you run setup for the 1st time.

For the pix firewalls I've setup - the default generated RSA key is just fine and you can skip that step.

Why did you run that? Have you tried to access the PDM? Was that successful? What happened?


I just went down the list from Cisco. It says to run that.
So if I re-run the initial setup again, and then just go straight to enable http, I should be able to go to a browser on a client that is connected to the device and enter in (PIX IP)?

that is correct.

Now, you will also want to make sure that you have the updated versions of the PIX OS and PDM installed on your PIX so that it will work with your PC.

Older versions of the PDM will not work from IE7 and certain versions of Java.

I would reccommend that you download and install PIX Version 6.3 and PDM version 3.04. You can get these from cisco with your smartnet support contract.

Or use an older PC with the compatible version of IE and Java installed.


Okay. Got in just fine to the PIX PDM, but after login, I get this message:
Your PIX has a version number of 6.3(5). This requires a newer version of PDM. Please upgrade your PDM image. How do I do this w/ out a support contract from Cisco?

you can't. You need to have a current support contract to have access to software updates from cisco.


Do you know how to buy one? Can I buy one for old equipment?
Contact Cisco - they will point you in the right direction. Most likely they will put you in touch with a local reseller who will want to "test" the pix before they will sell you a warranty for it.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.