Cisco PIX 506E Firewall PDM issue

Posted on 2013-01-22
Medium Priority
Last Modified: 2013-02-18
I am unable to access the PDM via the inside IP address.  I am able to access the PIX via the consol cable and term connect.  I have tried to connect directly to the PIX.  I have an older version of the PDM, and I also have an older version of Java.  I have always been able to connect in the past to this PIX, but now I cannot.
Question by:jbionic2000
  • 2

Expert Comment

ID: 38812920
can you provide "show version", the ip addressing config of the firewall, and advise the ip of the pc you run pdm from please?

can the pc ping the pix inside address? or is it coming through a vpn from the outside?

Author Comment

ID: 38831538
The version is 3.0.  The internal IP of the firewall is  The IP of the PC I am trying to access from is  The gateway of the the PC is the firewall address  I can ping the address of the firewall from inside and it is not coming from the any VPN.  I am using IE 6.0 and java 1.4.1.  I have seen the issue with the Java version being to new in the past using another PC to connect to the PDM.  This is completely different because at least then I would connect to the PDM it just wouldn't completely load.

Accepted Solution

pgolding00 earned 1600 total points
ID: 38833575
you indicated that this used to work on the same client that now does not work - so what changed?

check that the netmask on pc and pix are the same, but i assume this must be ok as you can ping the pix.

from show version, do you see PDM listed similar to below? but yours is showing ver 3.0?
pixfirewall#show version
Cisco Secure PIX Firewall Version 6.1(1)
PIX Device Manager Version 1.1(2)  
Licensed Features:
Failover:   Disabled
VPN-DES:    Enabled
VPN-3DES:   Disabled

also note the lines for vpn-des and 3des - what does yours show? one of them must be enabled.

in the config do you have something like-
http inside
 or whatever is appropriate for the interface name? you might have a subnet address and mask here - thats fine too. you should also see http server enabled in the config

is the pix clock correct - "sho clock" ? was it correct when first accessed by pdm? if you browse to the pix with https, then review the certificate details, verify that the from and to dates in the certificate are within the current date in the client and the pix. if not there is a process to resolve this here -

there is also a few other things to verify at that link. if none of that works, i would remove the pdm image from the firewall, zeroise the rsa keys, reboot it and the client, then reinstall the pdm image and re-generate the rsa keys.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question