?
Solved

Cannot connect to Cisco Pix due to a Certificate error.

Posted on 2009-05-19
9
Medium Priority
?
683 Views
Last Modified: 2012-06-27
When attempting to connect to our Cisco Pix device vie IE I get a "Certificate Error". I have had to obtain new certificates for our ADP software from Bank Of America so I am familiar with installing new certs but I am new to this position that I now hold and there is no one here to guide me threw this one.

I was wondering where I would get a new cert from. Would it be Cisco or am I just lost? Can someone please help me? If you need any additional information I will be more than happy to provide it.

Thank you in advanced
Michael
0
Comment
Question by:bvrmnky46
  • 5
  • 4
9 Comments
 
LVL 13

Expert Comment

by:3nerds
ID: 24422097
bvrmnky46,

Are you just attempting to administer this device? If so then the expired certificate will have no bearing for you. As you will be the only one connecting to it. I will warn you though the PVDM is a bad/flaky way to administer this device imho.

It doesn't need a certificate to function and it doesn't support SSL VPN so would you  be able to explain what you were doing when you ran into this error.

Regards,

3nerds
0
 

Author Comment

by:bvrmnky46
ID: 24423527
Actually I was attempting to connect so that I can reroute my incoming SMTP to another IP on our network. I have installed a new spam/virus filter.

I attempted to connect to it like so https://ip address

I get a "please wait" while connecting and nothing but that cert error is present.
0
 
LVL 13

Accepted Solution

by:
3nerds earned 2000 total points
ID: 24423676
Pix used an early gui called a PVDM it was unstable. It may not be loading simply because in your device it is not working.

I tried to stay away from the PVDM. The new ASDM is much nicer.

If you would like assistance with these changes via command line I would be glad to help.

You will need to get a tool like putty to connect to the device via ssh, you could even try to connect to the device via telnet as that may be open to it as well it depends on the config.

try this.

open a command prompt and type the following:
telnet <device IP>
and hit enter.

If it doesn't connect download putty and try to connect via that.

Once you are in the device do a show run and copy the output and paste it here. If you don't want to paste your whole config just past your lines in regard to STATIC.

MAKE SURE YOU XX OUT any USERNAMES, PASSWORDS OR IP ADDRESSES. I don't want you opening yourself up to any one messing with you and that info would let them right in.

Good Luck,

3nerds
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 

Author Comment

by:bvrmnky46
ID: 24423820
I did a telnet and got in but then I'm a bit confused by the "show run" what exactly do I do?

I'm sorry but obviously I am not familiars at all whit this unit or Cisco for that matter.

Thank you!
0
 
LVL 13

Expert Comment

by:3nerds
ID: 24423951
are you at a

>

or a

#

for a prompt?

If your at the >
type
>en
hit enter
it should prompt you for a password

if your at the #
type
#sh ru
hit enter

lots of code will show up on your screen.

Good Luck,

3nerds
0
 

Author Comment

by:bvrmnky46
ID: 24424061
I did the #sh ru and seen all the configurations. I need to make some changes and maybe this is far to much to ask. Let me know and I will continue.

Thank you so far by the way. You are way cool!!
0
 
LVL 13

Expert Comment

by:3nerds
ID: 24424109
I need to see the code you are seeing, to help further.

I don't know what the rules are for "going to far" per say are but if you want to post the code I will see what I can do.

If you want to start a new post let me know I can help you there as well.

Your call on that one.

In your config you should see some lines that start with the word "Static" to start out I specifically need those lines but the whole config may be necessary.

Good Luck,

3nerds

0
 
LVL 13

Expert Comment

by:3nerds
ID: 24435125
Just checking to see if you still need assistance?
0
 

Author Closing Comment

by:bvrmnky46
ID: 31582996
Thanks for your help. I have to stop here because I found our support information from Cisco.. lol, better for me!!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question