Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco PIX 506E Firewall PDM issue

Posted on 2013-01-22
3
Medium Priority
?
778 Views
Last Modified: 2013-02-18
I am unable to access the PDM via the inside IP address.  I am able to access the PIX via the consol cable and term connect.  I have tried to connect directly to the PIX.  I have an older version of the PDM, and I also have an older version of Java.  I have always been able to connect in the past to this PIX, but now I cannot.
0
Comment
Question by:jbionic2000
  • 2
3 Comments
 
LVL 8

Expert Comment

by:pgolding00
ID: 38812920
can you provide "show version", the ip addressing config of the firewall, and advise the ip of the pc you run pdm from please?

can the pc ping the pix inside address? or is it coming through a vpn from the outside?
0
 

Author Comment

by:jbionic2000
ID: 38831538
The version is 3.0.  The internal IP of the firewall is 206.94.44.252.  The IP of the PC I am trying to access from is 206.94.44.10.  The gateway of the the PC is the firewall address 206.94.44.252.  I can ping the address of the firewall from inside and it is not coming from the any VPN.  I am using IE 6.0 and java 1.4.1.  I have seen the issue with the Java version being to new in the past using another PC to connect to the PDM.  This is completely different because at least then I would connect to the PDM it just wouldn't completely load.
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 1600 total points
ID: 38833575
you indicated that this used to work on the same client that now does not work - so what changed?

check that the netmask on pc and pix are the same, but i assume this must be ok as you can ping the pix.

from show version, do you see PDM listed similar to below? but yours is showing ver 3.0?
pixfirewall#show version
Cisco Secure PIX Firewall Version 6.1(1)
PIX Device Manager Version 1.1(2)  
...
Licensed Features:
Failover:   Disabled
VPN-DES:    Enabled
VPN-3DES:   Disabled

also note the lines for vpn-des and 3des - what does yours show? one of them must be enabled.

in the config do you have something like-
http 206.94.44.10 255.255.255.255 inside
 or whatever is appropriate for the interface name? you might have a subnet address and mask here - thats fine too. you should also see http server enabled in the config

is the pix clock correct - "sho clock" ? was it correct when first accessed by pdm? if you browse to the pix with https, then review the certificate details, verify that the from and to dates in the certificate are within the current date in the client and the pix. if not there is a process to resolve this here -
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ac1.shtml

there is also a few other things to verify at that link. if none of that works, i would remove the pdm image from the firewall, zeroise the rsa keys, reboot it and the client, then reinstall the pdm image and re-generate the rsa keys.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How does someone stay on the right and legal side of the hacking world?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question