Cisco PIX 501 GUI Setup

Posted on 2009-02-09
Last Modified: 2012-05-06
Hi. I'm trying to access the GUI side of my PIX 501. I have reset to factory defaults, and re-ran setup. I have PDM and have enabled it, but still can't get to it. I went to Cisco's site and below is the steps I've taken. Almost to the end of the steps, I get a few lines of text that I'm not sure what it means. I'll post after Cisco site directions. Read below:

Table 3-1 Setup Command Prompts  
 Step  Command  Purpose  
Step 1  
 Enable Password [<use current password>]:
 Enter an alphanumeric password, up to 16 characters in length, to protect the PIX Firewall privileged (access) mode. Record the password in accordance with your security policy. If you assign a password here, then it is used for authentication every time you launch PDM unless you configured your PIX Firewall to use another AAA server for authentication, in which case the AAA server provides the authentication.
Step 2  
 Clock (UTC)
Year [2001]:
Month [Aug]:
Day [27]:
Time [22:47:37]:
 Set the PIX Firewall clock to Universal Coordinated Time (UTC, also known as Greenwich Mean Time, or GMT). For example, if you are in the Pacific Daylight Savings time zone, set the clock 7 hours ahead of your local time to set the clock to UTC. Enter the year, month, day, and time. Enter the UTC time in 24-hour time as hour:minutes:seconds.
Step 3  
 Inside IP address:
 Specify the IP address of the PIX Firewall unit's inside interface. Ensure that this IP address is unique on the network and not used by any other computer or network device, such as a router.
Step 4  
 Inside network mask:
 Specify the network mask for the inside interface. An example mask is You can also specify a subnetted mask, for example: Do not use all 255s, such as This prevents traffic from passing on the interface.
Step 5  
 Host name:
 Specify up to 16 characters as a name for the PIX Firewall unit.
Step 6  
 Domain name:
 Specify the domain name for the PIX Firewall.
Step 7  
 IP address of host running PIX Device
 Specify the IP address of the workstation designated to run PDM.

This is the IP address of any workstation running supported web browser software, which you will use for accessing PDM over the network.

After you enter the IP address of the workstation running PDM, PIX Firewall displays the information you just entered.

The following is a sample display:

The following configuration will be used:
Enable Password: ciscopix
Clock (UTC): 14:22:00 Aug 28 2001
Inside IP address:
Inside network mask:
Host name: accounting_pix
Domain name:
IP address of host running PIX Device Manager:
Step 5 Enter n to edit the values, or enter y to save the information to the PIX Firewall Flash memory.

Use this configuration and write to flash? y
Or, enter y at the prompt to save the information to the PIX Firewall Flash memory.

Step 6 Click Save to save your settings.

Step 7 Click Exit.

Step 8 Click Yes to exit HyperTerminal.


The setup process generates an RSA key automatically. To generate an RSA key manually, follow these steps:


Step 1 Enter configuration mode:

pixfirewall# configure terminal
Step 2 Remove the existing RSA key, if applicable:

pixfirewall (config)# ca zeroize rsa
Step 3 Generate a new RSA key:

pixfirewall (config)# ca generate rsa key 512


Note It might take 30 or more seconds for the command prompt to return.


Step 4 Display the new RSA key:

pixfirewall (config)# show ca mypubkey rsa
Step 5 For access to PDM, you must specify a client that is permitted to access the PIX Firewall HTTP server and then enable the HTTP server. Use the following command to specify a client that is permitted to access the HTTP server:

pixfirewall (config)# http ip_address [netmask] [if_name]
"ip_addressThe host or network authorized to initiate an HTTP connection to the PIX Firewall.

"netmaskThe network mask for the HTTP IP address.

"if_nameThe interface name on which the host or network initiating the HTTP connection resides.

Step 6 Enable the HTTP server:

pixfirewall (config)# http server enable
Step 7 Save the RSA key:

pixfirewall (config)# ca save all
Step 8 Save the configuration:

pixfirewall (config)# write memory

Okay, where it says STEP 5, I enter in
http insdie and it says

Any ideas?
Help! ;)
Question by:dsmjeff
    LVL 9

    Expert Comment

    If you specify a SINGLE specific address such as - the correct subnet mask is

    If you want to open it up so that any pc on the subnet could access it you would use an ip address of and a subnet mask of


    Author Comment

    Thanks. I'll retry now.

    Author Comment

    Okay, reran setup and got the same error when I get to that spot. Execpt now it is
    LVL 9

    Expert Comment

    You receive these errors when you are running the manual RSA key setup?

    There is no need to do that because a key is automaticlly generated when you run setup for the 1st time.

    For the pix firewalls I've setup - the default generated RSA key is just fine and you can skip that step.

    Why did you run that? Have you tried to access the PDM? Was that successful? What happened?

    Author Comment

    I just went down the list from Cisco. It says to run that.
    So if I re-run the initial setup again, and then just go straight to enable http, I should be able to go to a browser on a client that is connected to the device and enter in (PIX IP)?
    LVL 9

    Expert Comment

    that is correct.

    Now, you will also want to make sure that you have the updated versions of the PIX OS and PDM installed on your PIX so that it will work with your PC.

    Older versions of the PDM will not work from IE7 and certain versions of Java.

    I would reccommend that you download and install PIX Version 6.3 and PDM version 3.04. You can get these from cisco with your smartnet support contract.

    Or use an older PC with the compatible version of IE and Java installed.

    Author Comment

    Okay. Got in just fine to the PIX PDM, but after login, I get this message:
    Your PIX has a version number of 6.3(5). This requires a newer version of PDM. Please upgrade your PDM image. How do I do this w/ out a support contract from Cisco?
    LVL 9

    Expert Comment

    you can't. You need to have a current support contract to have access to software updates from cisco.

    Author Comment

    Do you know how to buy one? Can I buy one for old equipment?
    LVL 9

    Accepted Solution

    Contact Cisco - they will point you in the right direction. Most likely they will put you in touch with a local reseller who will want to "test" the pix before they will sell you a warranty for it.

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Suggested Solutions

    How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
    This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now